What is ransomware? And how to help prevent it
Authored by a Symantec employee
The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.
Ransomware is the online form of the bully’s game of keep-away. The bully could hold your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, right in front of you, but they’re encrypted now, making them unreadable. In 2017, the average ransom demand was US$522 — a high price to pay for getting your own property back.
Types of ransomware
Ransomware can come in many shapes and sizes. Some variants may be more harmful than others, but they all have one thing in common: a ransom. The five types of ransomware are:
- Crypto malware. This is a well-known form of ransomware and can cause a great deal of damage. One of the most familiar examples is the 2017 WannaCry ransomware attack, which targeted thousands of computers around the world and spread itself within corporate networks globally.
- Lockers. This kind of ransomware is known for infecting your operating system to completely lock you out of your computer, making it impossible to access any of your files or applications.
- Scareware. This is fake software that acts like an antivirus or a cleaning tool. Scareware often claims to have found issues on your computer, demanding money to resolve the issue. Some types of scareware lock your computer, while others flood your screen with annoying alerts and pop-up messages.
- Doxware. Commonly referred to as leakware, doxware threatens to publish your stolen information online if you don’t pay the ransom. As more people store sensitive files and personal photos on their computers, it’s understandable that many individuals panic and pay the ransom when their files have been hijacked.
- RaaS. Otherwise known as “Ransomware as a Service,” RaaS is a type of malware hosted anonymously by a hacker. These criminals handle everything from distributing the ransomware and collecting payments to managing decryptors — software that restores data access — in exchange for their cut of the ransom.
Ransomware remains a popular means of attack, and new ransomware families are discovered every year. Reported attacks in the U.S. dropped from 2,673 in 2016 to 1,783 in 2017. However, the threat of ransomware is still incredibly active on the internet, so you should take precautions to help avoid becoming a victim.
Dos and don’ts of ransomware
Ransomware is a profitable market for cybercriminals and can be difficult to stop. Prevention is the single most important aspect of protecting your personal data. To deter cybercriminals and help protect yourself from a ransomware attack, keep in mind these dos and don’ts:
- Do use security software. To help protect your data, install and use a trusted security suite that offers more than just antivirus features. Norton Security detects and helps protect against hidden threats to your identity and your devices, including your mobile phones.
- Do keep your security software up to date. New ransomware variants appear on a regular basis, so having up-to-date internet security software will help protect you against cyberattacks.
- Do update your operating system and other software. Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Don’t automatically open email attachments. Email is one of the main methods for delivering ransomware. Avoid opening emails and attachments from unfamiliar or untrusted sources.
- Do be wary of any email attachment that advises you to enable macros to view its content. Once enabled, macro malware can infect multiple files. Unless you are absolutely sure the email is genuine, from a trusted source, delete the email.
- Do back up important data to an external hard drive. Attackers can gain leverage over their victims by encrypting valuable files and making them inaccessible. If the victim has backup copies, the hacker no longer holds the upper hand. Backup files allow victims to restore their files once the infection has been cleaned up. Ensure that backups are appropriately protected or stored offline so that attackers can’t access them.
- Do use cloud services. This can help mitigate a ransomware infection, since many cloud services retain previous versions of files, allowing you to “roll back” to the unencrypted form.
- Don’t pay the ransom. You could be wondering, “But won’t I get my files back if I pay the ransom?” You might, but you might not. Sensing desperation, a cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.
Ransomware bullies make a living by preying on the innocent. With new ransomware variants popping up frequently, you want to do what you can to minimize your exposure. By following these simple dos and don’ts, you can help protect your computer data and personal information from ransomware.
86% of people say they may have experienced a phishing scam.
Email scams are flooding the Internet. Scammers have become crafty, spoofing people with legitimate-looking emails and websites from “real” organizations, like banks, credit-card companies and social media outlets. Don’t be lured in.
Put our security technologies through their paces and take a free trial for 30 days of Norton Security Premium – protection for up to 10 of your devices.
No Credit Card Required
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.