What is ransomware and how can you protect yourself?
Ransomware is a term for malicious software that blocks users’ access to individual files or an entire system. A payment is expected in order for access to be restored. There is, however, no way to guarantee that you will once again be able to access your data or system.
What is ransomware?¶
Ransomware is an extremely dangerous type of malware. In the name itself is the word ransom, which refers to the fact that ransom, or a sum of money, is demanded when this type of attack occurs. In this ransom scenario, however, the “hostages” are files or, in some cases, an entire operating system.
Cybercriminals introduce a special type of malicious software to a computer that encrypts and blocks access to certain areas of the system. If your system has been attacked and you try to access your files, you’ll receive a demand for a ransom payment. This payment serves as the basis for the release of your files. Once you receive a demand like this, you have two options. You can either pay the ransom or you can try to remove the ransomware from your system.
Ransomware is extremely dangerous for businesses and individuals. Such attacks can result in sensitive data becoming encrypted or worse destroyed. Since only the attackers have access to the affected areas of the system, attempts at rescuing the files could result in data loss. Despite the risks associated with trying to rescue data, you should never comply with the demands of the attackers. Paying the ransom in no way guarantees the safety of your files or your system. Even after a payment is made, files can still be damaged or distributed to other parties. Additionally, paying a sum of money can also make you susceptible to subsequent attacks, as it communicates to cybercriminals that you are willing to pay should you become the target of such an attack. There are fortunately various measure you can take in order to protect yourself against ransomware attacks and attacks that use spyware or scareware.
How to recognize ransomware attacks¶
While there are different types of ransomware, most types can be identified rather quickly. Ultimately, it’s in the attacker’s interest to inform you of the situation in a swift manner so that you can comply with their monetary demands as soon as possible. Once an attack starts, you’ll usually receive a threatening message soon after, informing you that the attack is taking place. Such messages commonly state that valuable files have been encrypted and that in order to regain access to them, you’ll need to pay a specified sum of money. Often times, a countdown timer will be displayed, indicating how much time you have to pay the ransom. In most cases, Bitcoin is used as the payment method.
When such an attack occurs, your system’s functionality will be extremely limited. The major exception being your ability to access a Bitcoin marketplace of the attacker’s choosing. Sometimes you may still be able to view affected files, but you won’t be able to make any changes to them. If large portions of your system have been affected, you could even be blocked from your own desktop. In most cases, you will only be able to carry out the payment transaction that is being demanded by the attacker(s). Once you carry out the payment, access to the files will be restored – or at least that’s what is promised. Sometimes, you can recognize files that have been targeted based on a change to the file name or extension. If your system is running slower than usual or it crashes multiple times, this can also be a sign of an attack.
How to protect yourself against ransomware attacks¶
With ransomware constantly evolving, there is no guaranteed way to protect yourself against such an attack. Nevertheless, there are various measures you can take to reduce the risk of files or your system being infected or damaged. Taking the following precautions can help you to protect your system:
- Regularly back up your system: Conduct regular backups or use a security system that automatically creates backups for you. This way, it’s much easier to access older file versions if you become the target of a ransomware attack.
- Scan your system: With antivirus software, you can scan your network and system and identify ransomware and other types of malware early on. Early detection can often reduce the amount of potential damage that malware is able to cause and also makes it possible to remove malware.
- Exercise caution: Only open files from people or addresses that you know. Keep an eye out for suspicious attachments in emails and always make sure to check the file extensions of email attachments. Be cautious when using external storage devices from others on your computer. You should know where the storage device came from and trust the person who is giving it to you.
Get comprehensive protection for your computer with MyDefender from IONOS. MyDefender carries out automatic scans of your system and regular backups in addition to a number of other useful security features. Find the right plan for your security needs.
What are some examples of ransomware attacks?¶
Unfortunately, as security systems evolve, so does ransomware. Over the years, there have been a number of ransomware attacks, some of which you may already be familiar with. Below are some examples that have made headlines:
- WannaCry: The ransomware WannaCry took advantage of a security gap in Windows in 2017, attacking more than 230,000 computers in over 150 countries. Despite the fact that a publicly available patch had already been developed by Microsoft at the time, older systems remained vulnerable. Numerous government offices, hospitals and corporations were targeted in this ransomware attack and damages worldwide amounted to $4 billion.
- Ryuk: Approximately one year later the ransomware Ryuk appeared, primarily targeting high-profile organizations and entities in the U.S. Similar to WannaCry, the malware also targeted Windows systems. In the span of just a few months, ransom payments were made in the high six-figure range. Afterward, the software was further developed and continued to be used for some years.
- Colonial Pipeline attack: In May 2021, a ransomware attack against Colonial Pipeline, the largest refined products pipeline in the United States, was carried out. While Colonial Pipeline paid a ransom amounting to $4.5 million, the Department of Justice was able to recover approximately $2.2 million. The attack, however, also shined a light on the repercussions such an attack can have on society at large. The theft of nearly 100 gigabytes of data halted operations of the pipeline, resulting in gas shortages along the East Coast.