Ransomware is a profitable business for cybercriminals. In 2017 alone, ransomware attacks cost the world $5bn, both in terms of ransoms paid and the time and money victims spent recouping their losses. In this article, we’re going to take a look at some of the groups and organizations that are most at risk from a ransomware attack and share five ways in which you can protect your data from hackers.
Before we get into that, however, let’s take a quick look at what ransomware is and how it works.
What is Ransomware?
Ransomware is a type of malware that encrypts a victim’s computer or device data, holding files hostage until a payment is made. Attackers demand a ransom in exchange for a decryption key which can be used to unlock an infected device. The ransom amount will vary depending upon the scale of the attack. It could be anything from $700 – $1,000,000 in Bitcoin.
Who are the Targets of Ransomware Attacks?
Not all ransomware attacks are targeted. This type of malware can spread automatically, infecting computers and other devices indiscriminately. However, because of its ability to encrypt and lock you out of your hard drive, this form of attack is often used by cybercriminals to target groups and organizations who can (and are more likely to) pay bigger ransoms to retrieve their data.
The four main target groups of ransomware attacks are:
1. Organizations that have smaller security teams, e.g. universities.
Universities are seen as a prime target, because in addition to having less security than other organizations, a lot of file sharing takes place across their networks.
2. Agencies and institutions that can and will pay quickly.
Government agencies, banks, and hospitals all fall into this category. These institutions need constant and immediate access to their files, they are perceived as being more likely to pay the attackers’ ransom.
3. Firms that hold sensitive data, e.g. law firms.
Ransomware attackers may also threaten to leak data if their targets do not pay up. In this case, they are counting on the fact that law firms would rather avoid scandal or controversy than pay the ransom.
4. Companies trading on the Western market.
Cybercriminals are motivated by financial gain, which means targeting large, wealthy corporations. Corporate giants in the UK, USA, and Canada are most at risk, as they are richer and rely more on the use of personal computers.
Even if your business does not fall into any of these categories, it’s important to safeguard yourself against ransomware attacks. Keep reading to find out how you can prevent them (and what to do if your device gets infected).
How to Prevent Ransomware Attacks
There are a number of steps you can take to help protect your devices against ransomware attacks. It’s good practice to:
- Always back up your files. If you back up your data on an external device, you should still be able to access it, even if the files on your computer have been encrypted.
- Install reliable antimalware software. Antimalware software detects and defends your device against malicious programs like ransomware as they attempt to penetrate its systems.
- Keep your systems up to date. Make sure you’re running the latest operating system on your device and download and install any patches as soon as they’re released. This helps protect your device against ransomware and other attacks by reducing the number of potential vulnerabilities in your security software.
- Be careful what you click on. Don’t open email attachments or weblinks from unknown senders and be careful when you’re browsing online; you don’t want to fall victim to malicious files, websites, or ads.
- Use a Virtual Private Network (VPN). Surfing the web on public WiFi networks leaves you vulnerable to attack. Download a trustworthy VPN to help keep your data private online.
How to Remove Ransomware
Of course, updating your OS and installing antimalware software on your computer doesn’t make you immune to a cyberattack. It could happen to anyone. If your device gets infected with ransomware, you have two choices: to pay or not to pay. Law enforcement agencies urge companies who are targeted in ransomware attacks not to pay up, but is there any way of getting your data back without sending the money?
The answer depends on what type of ransomware you are dealing with. But you might be able to remove file encryption ransomware from your device by following these four steps:
- Remove the infected device from your network to stop the malware from spreading. Some types of ransomware can be spread to other machines, but by taking the initial target offline, you remove and/or limit its access to other systems.
- Use your antimalware software to scan your computer for malicious files, then remove them. You may find this step more challenging if you are the victim of screen-locking ransomware.
- Check for decryptors. Unfortunately, removing the ransomware from your device will not restore your files. By this point, they are already encrypted and unreadable, unless you have the decryption key. If you do not pay the ransom, the hackers will not give you the key (even if you do pay up, there’s no guarantee), but you may be able to find a free decryptor on the No More Ransom Project.
- Alternatively, if you have backed up your data on an external hard drive, you can reset your device and restore your files from there.
Luckily, the number of ransomware attacks being launched is declining. In the first quarter of 2017, they accounted for 60% of malware payloads, but by 2020, that number had dropped to 5%. However, it’s still important to be aware of the risk and take steps to secure your device. New kinds of payload malware are taking the place of ransomware, and the preventative measures outlined in this article can help protect your computer against multiple forms of cyberattack.
