Authored by Nadia Kovacs, Symantec employee
Ransomware is a form of malware, or malicious software that is a lot more complicated that typical malware. Ransomware can present itself in a few ways, two forms described below:
- Locker ransomware encrypts the whole hard drive of the computer, essentially locking the user out of the entire system.
- Crypto ransomware will only encrypt specific, seemingly important files on the computer, such as word documents, PDFs and image files.
Ransomware does exactly what it sounds like – it presents users with an ultimatum: pay a fee to unlock and reclaim personal data, or don’t pay the fee and lose the data indefinitely.
Ransomware is able to automatically corrupt and delete files in the event that monetary compensation is not received, leaving most users with little time to resolve the problem through alternate means. However, just like malware, ransomware is an evolving threat that can become more sophisticated over short periods of time.
Ransomware infections are increasing
How is Ransomware Distributed?
Ransomware is generally delivered via phishing emails or through exploit kits. Phishing emails contain malicious attachments, which include the ransomware or sometimes provide links directing the user to a compromised webpage hosting the malware. Exploit kits are a malicious tool that hackers use to look for security holes in software that has not been updated. Once the security vulnerability has been found, the attacker can then deliver the ransomware to the computer.
How to protect yourself
The best protection against this threat is to be proactive in your own cyber defense. Since this particular malware is so complicated in nature, it is recommended that you use multiple layers of protection against this threat.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However, organizations should ensure that backups are appropriately protected or stored offline so that attackers can’t access or delete them.
- New ransomware variants appear on a regular basis. Always keep your security software up to date to help protect yourself against them. Norton can help protect you from ransomware and is always looking out for new variants. Having Norton on your devices is an important way to help prevent ransomware.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails, especially if they contain links and/or attachments.
- Be especially wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Using cloud services for backups could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.