Breadcrumbs

UT4U Header Image

Page title

What is Ransomware?

Main page content

Ransomware is a special type of malware that is actively spreading across the Internet today, threatening to destroy user’s documents and other files. Malware is software – a computer program – used to perform malicious actions. While ransomware is just one of many different types of malware, it has become very common because it is so profitable for criminals. Once ransomware infects your computer, it encrypts certain files or your entire hard drive. You are then locked out of the whole system or cannot access your important files, such as your documents or photos. The malware then informs you that the only way you can decrypt your files and recover your system is to pay the cyber criminal a ransom (thus the name ransomware). Most often, the ransom must be paid in some form of digital currency, such as Bitcoin. Ransomware spreads like many other types of malware. The most common method involves emailing victims malicious emails, where cyber criminals trick you into opening an infected attachment or clicking on a link that takes you to the attacker’s website.

You can protect yourself from ransomware infections the same way you would against other types of malware: don’t get infected. Start by making sure that you have up-to-date anti-virus software from a trusted vendor. Such tools, sometimes called anti-malware software, are designed to detect and stop malware. However, anti-virus cannot block or remove all malicious programs. Cyber criminals are constantly innovating, developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways, it has become an arms race, with both sides attempting to outwit the other. Unfortunately, the bad guys are usually one step ahead, which is why you need to ensure you back up your files and employ these additional steps to protect yourself:

  • Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer known vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Therefore, make sure your operating systems, applications, and devices are enabled to automatically install updates.
  • On your home computers, use a standard account that has limited privileges rather than privileged accounts such as “Administrator” or “root.” This provides additional protection by preventing many types of malware from being able to install themselves.
  • Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency, is confusing, seems too good to be true, or has poor grammar, it could be an attack. Be suspicious, common sense is often your best defense.
  • Protect yourself from ransomware by remaining vigilant when opening email attachments or clicking on links, ensuring that you have updated anti-virus software, and confirming that your files are regularly backed up and can be restored.

For more information, read the SANS Securing the Human OUCH! Newsletter for August 2016 (http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201608_en.pdf)