Steve Weisman is a lawyer, college professor, author and one of the country’s leading experts in cybersecurity, identity theft and scams. See Steve’s other Con Watch articles.
In the wake of the recent massive worldwide WannaCry ransomware attack that hit more than 200,000 computers in 150 countries, much attention has been focused on this particular cyberthreat. However, ransomware has been a major international problem for more than two years.
According to the FBI, cybercriminals extorted more than $209 million in ransomware payments in just the first three months of 2016. Security company Kaspersky Lab indicated that 2016 was indeed a breakout year for ransomware, with 62 new ransomware families emerging, along with 44,287 ransomware modifications of previously known strains. In its annual report, security company SonicWall found that the number of ransomware attacks in 2016 increased from 3.8 million in 2015 to 638 million in 2016.
What Is Ransomware?
Ransomware is a type of malware that, when downloaded to your computer, locks and encrypts your files. Once this occurs, your computer screen will display a warning that indicates that unless you pay a ransom, generally in the form of bitcoin, your data will be destroyed.
Regardless of how sophisticated the ransomware is, it first has to be downloaded on to the computers of its targeted victims to be effective.
In the recent case of the WannaCry ransomware, the malware was spread through phishing emails that lured unsuspecting victims into clicking on links and downloading the ransomware to their computers.
Ransomware has also been spread through malvertising, which are advertisements on legitimate websites that have been infected with ransomware. Clicking on the advertisement is enough to download the ransomware. Some websites have even been infected with ransomware so that merely visiting to the website — even without clicking on anything — can download the ransomware onto your computer.
Ransomware has increased in popularity as a cybercrime because of the ease with which it can be done. Unlike hackers who steal credit card numbers and then rush to use the cards to purchase goods that they can then sell and convert to cash, ransomware is simpler and easier. The cybercriminal attacks the computer of the intended victim and obtains a bitcoin ransom in a matter of days.
Ransomware criminals do not even have to be computer geniuses. According to Troels Oerting, a member of Interpol’s Global Cybercrime Expert Group, there are only about a hundred cybercriminal masterminds in the world today. These computer geniuses create ransomware and then sell it to less sophisticated cybercriminals on the Dark Web. According to the security company Check Point Software Technologies, the criminals who created the Cerber strain of ransomware would lease its use to other digital ne’er-do-wells in return for 40 percent of the ransoms collected.
Small- to medium-sized businesses have been particularly attractive for ransomware attacks. According to Kaspersky Lab, 42 percent of small to medium sized businesses were targeted by ransomware attacks in 2016, and, quite disturbingly, 20 percent of those that paid the demanded ransom never got their data back.
Ransomware attacks, however, are not just a problem for businesses and institutions, but for individual people as well.
Protecting Your Computer from Ransomware
1. Be suspicious. Ransomware is only effective if it gets downloaded to your computer. As illustrated by the recent WannaCry ransomware attack, people unwittingly clicking on bad links in emails is the most common way malware finds its way onto computers. A good rule to follow is to never click on any link or download any attachment until you have absolutely confirmed that it is legitimate.
2. Install security software. Because so many ransomware attacks come by way of phishing emails, you should install security software that screens your email for phishing emails. These analytic software programs are not perfect, but they are quite helpful. Here is a list of some of the most popular products.
3. Install security updates promptly. It is critical to not only install security software but keep it and all of your software updated with the latest security patches. In March, Microsoft issued a security patch for the WannaCry ransomware program, but many people failed to update their software with the patch. It is important to remember, however, that even the most up-to-date security software will always be at least a month behind the latest malware attacks.
4. Don’t use unsupported operating systems. In the UK and other places, many of the victims of the WannaCry ransomware attack were still using the Windows XP operating system, which Microsoft stopped supporting with security updates in 2015. It is important not to use outdated programs that present security vulnerabilities.
5. Back up your data daily. Despite your best efforts, you can still become a victim of a ransomware attack. Make sure you back up all of your data daily, preferably in at least two different locations, such as to the cloud and onto a portable hard drive.
6. Try decryption tools. If all else fails, you may consider going to the website nomoreransom.org, which was created in 2016 through the joint efforts of international law enforcement agencies and private security companies. This website provides free decryption tools that have proven to be effective against many, but not all, strains of malware.