Back to Basics: What You Need to Know About Ransomware
With ransomware threats increasingly finding their way into conversations about phishing and other security attacks, it’s important to understand what exactly the threat is and how cybercriminals are deploying ransomware to steal money from unsuspecting consumers.
Let’s take a fresh look at this threat, what you should know about it and how can you protect yourself.
What is ransomware?
Essentially, ransomware is a type of malicious software that cybercriminals use to extort money from their victims. Ransomware can be deployed in a number of different ways, but once a victim has been infected with ransomware, cybercriminals are able to block them from accessing their files or computer.
The adversaries then demand a ransom from the victim in exchange for a promise to unlock those files. If you don’t pay, you risk losing your data indefinitely, but unfortunately even if you do pay, there’s really no guarantee you’ll get access to your data back.
Cybercriminals are always honing their skills and tactics in the interest of maximizing profits. They’re often of the mindset that if they can be smarter about their attacks, they can reduce the volume, while still maintaining or increasing the amount of their success. This strategy allows them to be more profitable, and it might even give them the added benefit of flying under the radar and out of reach of law enforcement and researchers.
One deployment of ransomware that we often see cybercriminals leverage is through phishing emails. With this tactic, consumers may be tricked into opening infected documents and then unknowingly, they install ransomware on their machine. In a typical scenario, the ransomware will run on your machine and begin to encrypt user-generated content, like video files, photos, and Office documents, as well as some other application formats like CAD files, and so on. Once the encryption has kicked off, you’ll get a ransom note on your desktop, and a browser window will open with a ransom note including monetary demands.
The encryption mechanism itself can vary by campaign. But, the tried and true method relies on encrypting each file locally with a unique key. All those keys are then encrypted with a public key generated on the criminal’s server, and they keep a private decryption key that you don’t get access to until you pay the ransom. Ransoms are typically paid in some sort of cryptocurrency, commonly Bitcoin, and tend to cost anywhere from $300-$600.
Further, the Dark Web is encouraging these ransomware-fueled phishing attacks. Information like email addresses are sold on the Dark Web, which increases consumers’ chances of being attacked. A cybercriminal that wants to launch a ransomware campaign via a phishing attack can give it more legitimacy by buying personal details off the Dark Web. Consumers are much more likely to open emails and click links when they contain accurate personal information.
As we’ve discussed, cybercriminals are incredibly opportunistic and profit-driven. For them, it’s not just about breaching corporations – it’s about monetizing as much of the landscape as possible. That means that if infecting consumers with ransomware enables them to increase their profits, consumers will definitely be targets. The more consumers know about these threats, the better they’ll be prepared to fend them off.
For a consumer who’s been infected with ransomware, the worst case might be that even after paying the ransom, they still don’t get the key back, and remain unable to access all their files. That would mean their entire life’s worth of personal data is gone, from photos to videos to songs to income tax returns.
Another scenario involves credential theft, where a cybercriminal steals a consumer’s user account names and passwords. This is especially damaging if you use the same passwords everywhere, since they can then log in from one account to another.
For example, let’s say cybercriminals have access to your Gmail account, which is used as the recovery account for your banking account. They can then lock you out of your banking account by resetting your password through the Gmail account. On top of that, they now have access to steal all of your money.
Regardless of the type of computer consumers are using, the chances of being targeted with these threats remains the same. We’ve seen the same kinds of campaigns against Mac users as we’ve seen against Windows users. In fact, Mac users may fall for these attacks even harder, because of this misconception that Macs are invulnerable.
What should consumers do to protect against ransomware?
Always be on guard for ransomware attacks, and follow the doctrine of “trust, but verify.” If you get an email from an institution you do business with, call them up instead of clicking on any links. That way, you can verify whether the email is real without the potential risk of infecting ransomware.
Here are some other tips to keep in mind:
- Don’t enter passwords into login pages that show up after you click on a link in an email. Bookmark the official login pages of your favorite sites, or type the URLs into your browser from memory.
- Always create unique passwords for each personal account you need to login to and make sure to change them regularly
- Enable 2-factor authentication when it’s available
- Avoid opening attachments in emails from recipients you don’t know
- Don’t enable macros in document attachments received via email
- If in doubt, don’t give out your personal data
- Back up regularly and keep a recent backup copy off-site
- Secure your computer with advanced real-time security protection
To protect your friends and family against ransomware, try Sophos Home Premium for Windows and Mac.