What is ransomware?

an illustration of a laptop with the words caution on it

Ransomware is a type of malware software designed to lock access to a computer system or to its files. The computer user cannot regain control of their system or data until payment is made to the attacker. A key driver behind ransomware attacks for a cybercriminal is financial gain.

The FBI Internet Crime Complaint Center report for 2018 showed $2.7 billion in financial losses due to Internet-enabled theft, fraud, and exploitation.  The report shows ransomware accounted for $3.6 million in victim losses with a total victim count of 1,493. However, it does not include lost business, wages, equipment, or third-party remediation service fees. A number of victims do not report any loss to the FBI and opt to pay the ransom to regain access of their data.

In 2017, Montgomery County was targeted by a ransomware attack demanding payment to retrieve access to county data. The city of Leeds, Alabama was targeted with a similar attack in first quarter of 2018. Most recently the ransomware attack on Baltimore will cost the city a projected $18.2 million to restore its systems. Cybercriminals target government entities, corporations, small businesses, and individuals.

Ransomware being a derivative of malware, user-initiated action is the main path of infection such as clicking a link or downloading an attachment from an email or website. Refer to the article What is Malware on OIT’s Cybersecurity website for background information on malware.

We have gathered a list of things you can do to lower your risk of being a victim of a ransomware attack. Preventative steps are at the top of the list you can initiate to protect your data.

  • Install and use security software from a trusted company to protect data on your computer systems.
  • Regularly update all software installed on a computer system with the most up-to-date software patches.
  • Do not install third-party software from unauthorized or suspicious sources.
  • Regularly backup data to an external hard drive or cloud storage services to ensure you have a copy of important files that can be used to restore system functionally if needed.
  • Do not click links or open attachments in email from unknown senders. See article Recognizing a Phishing Email on OIT’s cybersecurity website.

It is recommended that if you are a victim of ransomware, do not pay the ransom. Payment will not guarantee cybercriminal will restore access to your computer system or files. Paying may have the unwanted effect of marking you for future ransomware attacks. Also, by paying cybercriminals you are indirectly funding their operation for future ransomware attacks individuals or organizations.

If you do not have a system restoration plan now would be a good time to create one. This could be as simple or complex as you make it. The plan should cover these basic items:

  • Instructions for reinstalling operating system and software
  • Copy of operating system
  • Copy of installed software
  • Copy of network settings
  • Copy of all data files

Bookmark Alabama Cybersecurity website to stay informed on the latest issues and useful tips to stay safe online.