Ransomware attacks draw headlines when they take down major operations: hospitals, cities and most recently, a US fuel pipeline. Not only do cybercriminals scam businesses demanding large sums of money or they'll wreak havoc on their computer systems, this week's gas shortages showed how it can also have broader impacts.
But ransomware against individuals — specifically, anyone who uses the internet — can also be very damaging. Hackers can lock computers and threaten to delete or expose sensitive information and photos in exchange for money.
The concept predates the widespread adoption of the internet. In the late 1980s, the inventor of ransomware attacked the attendees of the World Health Organization's international AIDS conference with infected floppy disks, asking for $189 to decrypt files on their computers. Nearly three decades later, the US Justice Department recently said 2020 was "the worst year to date for ransomware attacks." Security experts believe attacks against both corporations and individuals will only continue to grow because they're easy enough to execute and people are paying.
Here's what to do if you've fallen victim and how to protect yourself.
How it happens
Criminal organizations behind ransomware attacks don't care if the victim is an individual or a business — they just want to get paid. Ransomware is often obtained through social engineering — an act of someone stealing personal data by using information gleaned from their social media account — phishing emails or getting someone to click on a link on a website. It's especially prevalent on pornography and pirate websites that promise free viewing. Ransomware kits are also sold on the dark web, a part of the internet not detected by search engines where cybercriminals often sell and buy illicit materials.
Older computers running operating systems that are no longer supported by the manufacturer, such as Microsoft's Windows 7, and don't offer security updates are more susceptible, as well.
Once the ransomware has been clicked, a hacker can gain access to that computer and demand a ransom to relinquish control. Because the system locks as soon as it's infected, it's not possible to negotiate with the criminal. Many times, hackers will urge people to pay with cryptocurrency, such as bitcoin, which can be received anonymously and is harder to trace.
The biggest motivating factor behind these incidents is money, and sometimes a criminal will use fear tactics, such as threatening to publicly expose sensitive photos, to entice people to pay. "When criminals attack individual users, they often ask for small amounts of money, as they know most individuals can't or won't pay thousands of dollars to get their data back," said Randall Magiera, cybersecurity expert and professor of information technology at Tulane University.
What to do if you've fallen victim
The FBI's general guidance is that victims should not pay a ransom. "The FBI does not support paying a ransom in response to a ransomware attack," according to the FBI website. "Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity."
If a hacker gets a credit card number and goes on a shopping spree, a bank can often reverse the charges, but the use of cryptocurrency makes funds nearly impossible to get back. Some common malware infections can be reversed with existing cybersecurity tools but many cannot.
"Ransomware groups evolve their tactics generally when they see that cybersecurity tools can counter them," said Michela Menting, research director at ABI Research. Some security researchers have tools to decrypt ransomware, but they're not always reliable because many ransomware versions exist.
People who are hit with ransomware should treat their computer as though it's compromised even after it's been unlocked. "This is because you do not know what changes the ransomware made to the system when it was infected," Magiera said.
He suggested erasing the computer's hard drive and reinstalling the entire operating system rather than selecting the option that restores files.
Even though it's hard to track down the criminals and prosecute them, anyone targeted should report the crime to police officials, according to Menting. "The greater the number of incidents reported, the more visibility this provides to law enforcement, which eventually leads to bigger budget allocation for fighting it," she said.
People can do a few things to protect themselves from ransomware, starting with being mindful about what they're clicking on in email and on websites. Individuals should also consider backing up important files, so even if they fall victim to ransomware their files wouldn't be lost.
Menting said because some ransomware groups threaten to publish the data online to either shame or reveal personally identifiable information, people can use basic tools to encrypt sensitive files, so that even "if a ransomware gang gets hold of it and publishes it, they cannot read it."
People can also invest in an antivirus program to monitor for and filter out malicious software.
"Cybersecurity solutions can help to weed out some of the more generic and common attacks, but individuals need to be prepared in case some are not caught by the filters," Menting said. "No security solution is 100% effective. A combination of tools and techniques will provide the best safeguards."
text by Samantha Murphy Kelly, CNN Business