Over the years, bad guys on the Internet have launched all sorts of threats. Viruses, malware, spyware and other nasty programs have been designed to steal data, use infected machines for malicious purposes, and engage in criminal and antisocial behavior.
The latest threat is the most dangerous yet. The concept behind ransomware is simple: infect a computer and encrypt all of the user’s files so they are unusable. Then, force the victim to pay a ransom to decrypt the files so they are usable again. The payment is required in bitcoins, a digital and untraceable form of currency.
How Ransomware Strikes
Ransomware infects computers when a malicious program is run. This can happen in several different ways. You might receive an email with a bogus attachment. You can browse to a malicious website designed to install the ransomware when you visit the page. It can also happen by installing a bad application from an app store or website.
Once the ransomware application is installed, it quickly and silently encrypts the files on your hard drive. Once all of the files are encrypted, a scary-looking browser windows pops up with the bad news, your files are gone unless you pay to get them back.
Especially Dangerous To Businesses
Most PCs on office and corporate networks are connected to servers where files are shared via mapped drives. Ransomware is designed to find these network shares, so not only are files on a single PC attacked, but all of the files being shared on the network. There are reports of large institutions, like hospital and government agencies, losing decades worth of data.
Is It Really That Bad?
Yes. When ransomware encrypts files, they are usually impossible to recover. However, there are hundreds of variants of malware flooding the Internet, and some are more sophisticated than others. There are some forms of ransomware that can be resolved by computer professionals with tools published by security firms. Other types of ransomware have had their encryption keys recovered by law enforcement, and have recovery tools publicly available. All of this is highly technical, and usually requires professional IT help.
What To Do
If ransomware strikes, the first thing you should do is remove your computer from the Internet and shut it down. Then contact a computer professional to see what options might exist for recovering ing your data. If your business is attacked, it can be worth it to contact local law enforcement to see what resources might exist in your area.
What Not To Do
Do not pay the ransom. Remember that ransomware is a criminal act. There is no guarantee that paying the ransom will result in recovery of your data. While the thought of losing your data is frightening, you run even greater risks by trying to follow the ransom instructions. If this becomes the only option for possibly recovering lost data, work with law enforcement to see what your options are.
Preventing A Ransomware Attack
In part two of this blog, I’ll discuss ways to prevent being infected by ransomware and what you should do to help minimize the damage should an attack occur. The more you’re prepared ahead of time, the less likely you’ll suffer a tragic data loss.