Ransomware. Even the name sounds scary.
When you get down to it, ransomware is one of the nastiest attacks a hacker can wage. They target some of our most important and precious things—our files, our photos, and our information stored on our devices. Think about suddenly losing access to all of them and being forced to pay a ransom to get access back. Worse yet, paying the ransom is no guarantee the hacker will return them.
That’s what a ransomware attack does. Broadly speaking, it’s a type of malware that infects a network or a device and then typically encrypts the files, data, and apps stored on it, digitally scrambling them so the proper owners can’t access them. Only a digital key can unlock them—one that the hacker holds.
Nasty for sure, yet you can take several steps that can greatly reduce the risk of it happening to you. Our recently published Ransomware Security Guide breaks them down for you, and in this blog we’ll look at a few reasons why ransomware protection is so vital.
How bad is ransomware, really?
The short answer is pretty bad—to the tune of billions of dollars stolen from victims each year. Ransomware targets people and their families just as explained above. Yet it also targets large organizations, governments, and even companies that run critical stretches of energy infrastructure and the food supply chain. Accordingly, the ransom amounts for these victims climb into the millions of dollars.
A few recent cases of large-scale ransomware attacks include:
- JBS Foods, May 2021 – Organized ransomware attackers targeted JBS’s North American and Australian meat processing plants, which disrupted the distribution of food to supermarkets and restaurants. Fearing further disruption, the company paid more than $11 million worth of Bitcoin to the hacking group responsible.
- Colonial Pipeline, May 2021 – In an attack that made major headlines, a ransomware attack shut down 5,500 miles of pipeline along the east coast of the U.S. Hackers compromised the network with an older password found on the dark web, letting the hackers inject their malware into Colonial’s systems. The pipeline operator said they paid nearly $4.5 million to the hackers responsible, some of which was recovered by U.S. law enforcement.
- Kaseya, July 2021 – As many as 1,500 companies had their data encrypted by a ransomware attack that followed an initial ransomware attack on Kaseya, a company that provides IT solutions to other companies. Once the ransomware infiltrated Kaseya’s systems, it quickly spread to Kaseya’s customers. Rather than pay the ransom, Kaseya’ co-operated with U.S. federal law enforcement and soon obtained a decryption key that could restore any data encrypted in the attack.
Who’s behind such attacks? Given the scope and scale of them, it’s often organized hacking groups. Put simply, these are big heists. It demands expertise to pull them off, not to mention further expertise to transfer large sums of cryptocurrency in ways that cover the hackers’ tracks.
As for ransomware attacks on people and their families, the individual dollar amounts of an attack are far lower, typically in the hundreds of dollars. Again, the culprits behind them may be large hacking groups that cast a wider net for individual victims, where hundreds of successful attacks at hundreds of dollars each quickly add up. One example: a hacker group that posed as a government agency and as a major retailer, which mailed out thousands of USB drives infected with malware.
Other ransomware hackers who target people and families are far less sophisticated. Small-time hackers and hacking groups can find the tools they need to conduct such attacks by shopping on the dark web, where ransomware is available for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, near-amateur hackers can grab a ready-to-deploy attack right off the shelf.
Taken together, hackers will level a ransomware attack at practically anyone or any organization—making it everyone’s concern.
How does ransomware end up on computers and phones?
Hackers have several ways of getting ransomware onto one of your devices. Like any other type of malware, it can infect your device via a phishing link or a bogus attachment. It can also end up there by downloading apps from questionable app stores, with a stolen or hacked password, or through an outdated device or network router with poor security measures in place. And as mentioned above, infected storage devices provide another avenue.
Social engineering attacks enter the mix as well, where the hacker poses as someone the victim knows and gets the victim to either download malware or provide the hacker access to an otherwise password-protected device, app, or network.
And yes, ransomware can end up on smartphones as well.
Smartphone ransomware can encrypt files, photos, and the like on a smartphone, just as it can on computers and networks. Yet other forms of mobile ransomware don’t have to encrypt data to make the phone unusable. The “Lockerpin” ransomware that has struck some Android devices in the past would change the PIN number that locked the phone. Other forms of lock screen ransomware would simply paste a warning over the home screen with a “pay up, or else” message.
Still, ransomware isn’t as prevalent on smartphones as it is on computers, and there are several reasons why. For the most part, smartphone ransomware relies on people downloading malicious apps from app stores. Both Google Play and Apple’s App Store both do their part to keep their virtual shelves free of malware-laden apps with a thorough submission process, as reported by Google and Apple.
Yet, bad actors find ways to sneak malware into the stores. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they’ll embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
Further, Android allows users to download apps from third-party app stores that may or may not have a thorough app submission process in place, which can make them more susceptible to hosting malicious apps. Moreover, some third-party app stores are actually fronts for organized cybercrime gangs, built specifically to distribute malware.
Basic steps to protect yourself from a ransomware attack.
First, back up your data and files.
The people behind these attacks play on one of your greatest fears—that those important and precious things on your device might be gone forever. Yet with a backup, you have little to fear. You can simply restore any data and files that may have come under attack. Consider using a reputable cloud storage service that you protect with a strong, unique password. Similarly, you can back up your data locally on an external drive that you keep disconnected from your network and stored in a secure location. So while a backup won’t prevent an attack, it can most certainly minimize any threat or damage from one.
Be careful of what you click.
Ransomware attackers use phishing emails, bogus direct messages in social media, and texts to help install malware on your device. Many of these messages can look quite legitimate, like they’re coming from a brand you know, a financial institution, or even the government. The links embedded in those messages will take you to some form of malicious website where you’re prompted to download a phony file or form—which is actually malware. Similarly, some phishing emails will simply send malware to the recipient in the form of a malicious attachment that masquerades as a legitimate document like an invoice, spreadsheet, or shipping notice.
Use online protection software.
This provides your first line of defense. Online protection software includes several features that can stop a ransomware attack before it takes root:
- Safe surfing features that warn you of malicious downloads, attachments, and websites.
- Strong antivirus that spots and neutralizes the latest malware threats with the latest antivirus technologies.
- Vulnerability scanners that help keep your device and its apps up to date with the latest security measures.
- A firewall that helps prevent intruders from accessing the devices on your network—and the files on them.
Yet more ways you can prevent ransomware attacks.
That list is just for starters. Our Ransomware Security Guide goes even deeper on the topic.
It gets into the details of what ransomware looks like and how it works, followed by the straightforward things you can do to prevent it, along with the steps to take if the unfortunate ends up happening to you or someone you know.
Ransomware is one of the nastiest attacks going, because it targets our files, photos, and information, things we don’t know where we’d be without. Yet it’s good to know you can indeed lower your risk with a few relatively steps. Once you have them in place, chances are a good feeling will come over you, the one that comes with knowing you’ve protected what’s precious and important to you.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.