){kind=icon}
How do ransomware attacks work?
Ransomware encrypts all the files on your device so that you can’t access them without a decryption key. It can also lock your device completely. Because of this, these different types of ransomware are referred to as crypto-ransomware and locker ransomware. After infecting your files or device with ransomware, criminals demand a ransom of typically $300 to $500 in Bitcoin per device. The ransom is paid in exchange for the ransomware decryption key that returns the files or the device — or at least that is what the criminals tell their victims.
How can ransomware infect my device?
Computer viruses, what different ransomware and trojan types are, have to be downloaded manually by accident or automatically by another malware. Ransomware can be downloaded from email attachments, compromised or malicious websites and ads, or unsafe Wi‑Fi networks. Phishing is one common method of sneaking ransomware into a victim’s device. Other malware can also download ransomware without you knowing.
Can ransomware infect my mobile phone?
Yes. Mobile ransomware exists for both iOS and Android devices. What’s worse, it’s a growing threat because of the huge amount of people using smart devices. On top of that, so-called smishing attacks are a common way for criminals to infect mobile devices. Fortunately, there are mobile antivirus apps that help you to protect your Android or iOS device.
Can I remove a ransomware infection?
Ransomware removal can be tricky and sometimes even impossible after it’s on your device. That’s why ransomware protection starts with trustworthy antivirus software that prevents ransomware from infecting your device. You can also prepare by taking regular backups so if you get attacked, you can restore from backups.
How can I get my encrypted files back?
Paying the ransom does not guarantee that you will get your files back. You can check if there is a decryption tool for the ransomware you’ve been attacked with. You can check from help forums like Bleeping Computer for help with many different types of ransomware.
Should I pay the ransom?
In case you have become a victim of a ransomware attack, paying the ransom can feel like the easiest solution to getting back your encrypted files or control over your locked device. However, you cannot be certain that the criminals behind the ransomware attack are going to do as they say once the ransom is paid. On top of that, paying the ransom encourages criminals to seek more targets who are willing to pay the ransom and comply with the criminals’ demands.
Paying the ransom is also a way of financing the criminals and enabling them to aim higher in their criminal exploits. However, large companies have been found to be very willing to comply with the ransomware attackers’ demands and end up paying the ransom. For these organizations and companies, the costs and inconvenience of not being able to operate are too high, so they rather pay the ransom.
Why do ransomware attackers want bitcoin?
Payment in the cryptocurrency bitcoin is a common way to ask for the ransom in a ransomware attack. Other cryptocurrencies may be used as well. But why is that? Why do ransomware attackers demand payment using cryptocurrency? The primary reason for this is that payments in bitcoin and other cryptocurrencies cannot be easily traced, offering anonymity to the criminals.
What is ransomware-as-a-service (RaaS)?
In addition to crypto-ransomware that encrypts your files and locker ransomware that locks the devices it infects, there is one more form of ransomware to consider: ransomware-as-a-service, or RaaS for short. With RaaS, cyber criminals are able to offer their services to those who do not have the required technical skills to develop ransomware programs of their own. In a setup like this, the entity providing the ransomware program is referred to as a RaaS operator. The person, or persons, paying for the operator’s service is called the RaaS affiliate.
What are some recent ransomware examples?
Unfortunately, the number of ransomware attacks and different kinds of ransomware has been increasing. The most widespread and impactful ones often make their way into national and global news as well. Here are some examples of recent ransomware attacks.
WannaCry: Ransomware attack on the NHS
One notable ransomware attack that took place in the UK in 2017 was the WannaCry ransomware attack on the National Health Service (NHS). The estimated costs to NHS were 92 million pounds after the attack caused 19,000 appointments to be canceled. Unfortunately, the NHS was hardly the only large organization to be affected by the WannaCry ransomware: the global costs of WannaCry have been estimated at 4 billion dollars.
The WannaCry ransomware encrypted data on the computers it infected. The ransomware attackers then demanded to be paid in bitcoin if the victim wanted their data to be returned. As the example of WannaCry shows, ransomware attacks often target large organizations, such as healthcare services, or sizeable companies.
Other well-known ransomware attacks
CryptoLocker
Ryuk
Petya and NotPetya
Bad Rabbit
Locky
GoldenEye
5 simple anti-ransomware tips
Make sure you’re running an effective internet security program on all your devices.
Take regular backups of your data. Store them offline so they can’t get infected.
Keep your software and operating systems up to date. Enable automatic updates to always have them updated.
Be skeptical of email links and attachments. Type links into your browser rather than clicking from the email. Be extra careful with attachments requesting you to enable or allow something — macros, editing, content, etc.
Disable commonly exploited browser plugins such as Flash Player and Silverlight when you’re not using them. You can do this through your web browser under the plugin settings.
