What is Ransomware? Understanding and Preventing Attacks

Unfortunately, in the age of the Internet, cybercrime continues to be on the rise. Hackers attack vulnerable Internet users in order to gain access to their information, take control of their technology, or sometimes, manipulate them for monetary gain. One of the ways hackers attack most often is through a type of malware called ransomware. In this article, you'll learn what ransomware attacks are, how they work, and how to prevent ransomware from damaging your files or computer.

What is ransomware?

Ransomware, as the name implies, is a form of malicious software that uses encryption to hold a victim’s information hostage until a ransom payment is paid. A user will open an email with a broken link or accidentally download a file from a suspicious website and find themselves victim to ransomware.

The program encrypts files, restricting access to their own data or applications. It uses the promise of decrypting those important files to demand payment to the cybercriminal who’s behind the malware. They essentially hold your information at ransom, demanding payment in return for the encryption key in order to release the files.

Like other forms of malware, ransomware spreads by design, so it can completely take down a corporation or network by freezing critical information or systems. It’s also damaging to individuals who are at risk of having their information exposed. Ransomware attacks are debilitating, whether the victim is just one person or a big company.

How ransomware works

Ransomware is based on a kind of cryptography called asymmetric encryption. A pair of keys generated specifically for the attack encrypts and decrypts the stolen files. The ransomware drops onto a computer or system and infects it, locating and encrypting critical files. The cybercriminal sets a deadline—typically a day or two—and the victim has to pay to decrypt the files before they’re permanently gone.

Once the victim has paid the ransom, the decryption keys to “unlock” the files are available for use. That is, assuming the hacker holds up their end of the deal and actually does release the files after payment.

Ransomware is a serious cyber threat that preys on unprotected systems. While it’s possible to regain access to files that have been stolen or encrypted through this type of malware, good offense makes the best defense. Focus on ransomware prevention; protect your computer before you are victim to a ransomware attack rather than trying to pick up the pieces after the fact.

How does my computer get ransomware?

There are many different types of ransomware, which can make it more difficult to determine where exactly the ransomware came from. Email campaigns are a commonly-used method of distribution. Users open their emails and accidentally download malicious ransomware, which stays on the user’s system until the hackers collect the information for ransom. Similarly, users can download ransomware variants from suspicious sites or the dark web without realizing the risks.

Unfortunately, different forms of ransomware infections have become more common in recent years thanks to the rise of things like ransomware-as-a-service (RAAS). Ransomware-as-a-service allows malware developers to sell the damaging technology they’ve created to customers who take on the brunt of the risk involved with launching a ransomware attack.

Best ways to prevent ransomware attacks

As we mentioned above, the best way to keep your files safe is to prevent ransomware attacks before they even happen. This means taking proactive steps like the following towards keeping your computer secure:

  • Get antivirus software. Using a strong and up-to-date antivirus protection program, like Norton, or another kind of security software helps protect against all kinds of malware.
  • Have a data backup and recovery plan in place for all important files, information, and programs. If you’ve got backups of the files you really need, it will matter far less if a hacker is able to encrypt one copy. The data backup shouldn’t rely on a network, as networks are often affected by ransomware attacks. Regardless, make sure that you test the recovery plan regularly to check that it’s ready to go when needed.
  • Don’t open any suspicious emails or email attachments from people you don’t know. This is a popular way for cybercriminals to get their malware on the victim’s computer. Phishing emails employ the same strategy; the user downloads an attachment and accidentally downloads malware as well. Take caution with links received in text messages as well.
  • Don't visit websites that lack the locked padlock symbol in the address bar. This shows that a website is at least somewhat legitimate; sketchy sites are another popular way for hackers to send out ransomware. Screen files on any site before agreeing to download.
  • Restrict users’ abilities to install and run software applications. It helps prevent ransomware from spreading between devices and network traffic.

These steps help protect your computer against ransomware and malware in general. Even if you believe ransomware will never reach you, it's better to be safe than sorry with these preventative steps.

Preventing ransomware on a network-wide scale through individuals

The Institute for Security and Technology, in their 2022 Blueprint for Ransomware Defense, outlines an action plan that focuses on ransomware prevention through team and company structure. In larger companies that are especially vulnerable to systemic attacks, follow these steps to limit the chances of losing important business data in a company-wide ransomware attack.

  • Follow the principle of least privilege. Users should only be given privileges, or access to files, that they need to complete a task. The fewer user accounts that have access to important documents, the lesser the risk of those files being compromised in an attack.
  • Have a company-wide action plan in place before an incident occurs. This includes what to do in regards to locking accounts, backing up files, and remediation post-attack. Having a plan before anything happens will allow your company to respond most effectively after an incident.
  • Establish and maintain a data recovery process. Assign a team to work on and maintain a plan for both protecting and recovering data in case of an incident. Keep in mind that any sensitive data backups should be kept on a separate system or network; any backups on the same network also run the risk of encryption after an attack.
  • Train employees in the workforce to recognize social engineering attacks and security incidents. Network-wide attacks can stop with an individual. Train all employees and contractors on what to look for regarding potential social engineering attacks or ransomware incidents. This reduces the chances of an employee unknowingly downloading malicious software or a virus.

What if I become a victim?

Unfortunately, even for the cautious, ransomware attacks can happen. If you find your information or computer system taken hostage by cybercriminals, knowing what to do—and what not to do— makes all the difference.

What to do during ransomware attacks

  1. Isolate the attacked device. This especially matters if your device is part of a network or larger system, like at the office. Ransomware can spread and affect all the devices on a network if given the chance. Make sure you disconnect the infected device from the shared network and Internet as soon as possible to minimize the spread.
  2. Determine where the ransomware came from. Check the alerts for your anti-malware programs. You may have missed a notification that can give you more information. Review your email carefully too; you may have downloaded a malicious link from an email without realizing it.
  3. Identify the type of ransomware you’re dealing with. Figuring out the exact kind of ransomware that you have on your device can be difficult, but it helps when attempting to recover the information. Sites like No More Ransom help you free the data that’s being held for ransom.
    They also help identify the sort of malware that you’re dealing with. Identify how the ransomware you have behaves and you’ll be able to monitor the state of your device, plus other operating systems that may be at risk for infection.
  4. File a report with the police or other authorities. If you are a victim of ransomware, you are a victim of a crime. Ransomware is illegal; report it to the correct authorities. The police may also have resources at their disposal that you don’t, which can help locate the cybercriminal or hacker who started the attack. That can lead to a successful decryption of the stolen information.

What not to do during ransomware attacks

  1. Pay the ransom immediately. While there’s a chance that doing so could get you the key to unlock the files, as promised, there’s also a decent chance that it won’t work that way. If a hacker is dealing with someone who they know isn’t tech-savvy, they may rely on the fact that the victim won’t bother contacting law enforcement agencies or trying to decrypt the files themselves.
    Hackers seek vulnerabilities in victims; if they believe they do not need to return the files to obtain ransom, they won't. Instead, contact the police or law enforcement to properly report the crime. They'll help figure out a way to securely return your information.
  2. Assume that the attack won’t spread or is a one-time incident. One of the biggest mistakes you can make with a ransomware attack is trying to simply ignore the issue. This applies even if the locked or encrypted files aren't essential. Ransomware can spread and infect more files and other devices on the same network. Paying the hacker off immediately isn’t the right answer, but neither is ignoring the situation entirely.
  3. Try to back up other files on an infected computer. Backing up your files and having a secure recovery system in place is an important preventative measure. However, you don’t want to try and back up files after the ransomware attack has happened. Unfortunately, if you’re in the middle of dealing with ransomware, it’s too late to back up the file that’s been taken. You’ll only risk multiplying the ransomware or spreading it to other devices. This emphasizes the importance having a backup system in place before you encounter malware on your network.