What is ransomware (blackmail virus) and how do you protect yourself against it?

Vad är ransomware?
Author
Alva Ljungkvist
Moa Rana
Editor
Moa Rana

Table of Contents

In this article, we will explain what ransomware is and what you can do to protect yourself from a ransomware attack.

Ransomware is a type of malware that uses extortion to get the victim to pay a ransom to get their seized data back. 

Ransomware is frequently used by organized crime to carry out cyber attacks. During a ransomware attack, the malware enters data files and programs and proceeds to lock (encrypt) these files until a ransom is paid. That is why ransomware is sometimes called a “blackmail virus”.

How does ransomware work?

The hackers behind a ransomware attack wants you to believe that the only thing you can do to get rid of the ransomware virus is to pay the ransom.

For example, the virus can appear in an email from your bank, a colleague, or inside a resume sent to you with a picture of a person from a photo register. The email usually contains a link or file named “.pdf” for credibility.

The email containing the ransomware virus can have many different appearances, but the purpose is always to get you to click on the link or download the file to your computer. From there, the ransomware virus is activated.

It immediately starts seizing and encrypting your files, renaming them and moving them around until the computer can no longer find or recognize the files.

Ransomware attacks are advanced, and to decrypt a ransomware virus a decryption key is required. And of course, only the attacker has access to that specific decryption key.

Your entire computer would be affected by the ransomware virus, and your other devices connected to the affected device would also be compromised. For example, if you have an external hard drive connected to your computer, it will also be exposed to the ransomware virus.

During a ransomware virus attack you can expect a notification – such as a pop up window – to appear and cover all or part of the screen, containing a message that your files have been seized.

The message may claim that the only way for you to get your files back is by paying a sum of money, often Bitcoins, within a certain time frame – like 24 or 48 hours – otherwise your files will be lost forever.

47 MINUTES UNTIL YOUR FILES ARE LOST

What should I do if my device is exposed to ransomware?

You are now faced with a choice: to pay or not to pay the ransom. Experts on the subject, and the FBI, does not recommend that you pay the attackers. Because even if you choose to pay the ransom, there is no guarantee that you will actually get your files back. 

According to Acronis, only about 60% of those who pay the ransom get their files back and of those who pay, 73% will be targeted in another ransomware attack again in the future.

HOW MANY GET THEIR FILES BACK WHEN PAYING THE RANSOM

Some forms of ransomware have been outsmarted, but in most cases there is unfortunately nothing you can do to get rid of the virus.

Examples have shown that even if the ransom was paid and the files returned, the virus can leave malware behind. Parts of the ransomware virus may be left behind, which can cause the ransomware attack to recur. Spyware can also get left behind in your deceive, with the intention of stealing your sensitive data.

Knowing all this, most people would probably not pay the ransom. From a survey conducted by Trend Micro, we learn that 66% of the businesses that participated in the study would not pay the requested ransom for reasons of principle.

But, you never know how you will act under pressure. The text window that pops up on your screen during an attack often contains a countdown for the purpose of stressing you out. There may be valuable files at stake. As a result, 65% of individuals exposed to a ransomware attack end up actually paying the ransom.

What to do if you are affected by ransomware:

The first thing you should do if you suspect a ransomware attack is to turn off your computer. Force shutdown, unplug the cord, and turn off your Wi-Fi. Disconnect everything connected to the compromised device, such as external hard drives.

There are guides and programs online that you can use to help you, and some programs are free of charge. There are also services that, for a fee, can help you with these programs, get your data back, and decrypt the virus.

But as we said, there is unfortunately a very small chance that the attack can be neutralized without the decryption key from the attackers.

How can I prevent a ransomware attack?

Since there is not much you can do once you have been exposed to ransomware, the most important thing to do is that you protect yourself from being exposed in the first place. You prevent ransomware infections in the same way that you protect yourself against all kinds of malware.

Here’s how to prevent ransomware and other malicious software:

Backup your devices

BACKUP YOUR MOST IMPORTANT FILES

Backup your devices, preferably on both an external hard drive and in the cloud. Remember to disconnect your external hard drive so that its content is protected in the event of a virus. And double check your backups every now and then to make sure they work and are up to date.

When backing up to the cloud, it is important to remember to protect your login information. Use two-factor authentication.

Do not download files from suspicious emails

DO NOT OPEN FILES FROM SUSPICIOUS EMAILS

If something sounds a little too good to be true, it usually is. Also, do not download programs from unknown sites, or click on pop-up windows.

Get a strong antivirus program

Bitdefender is a well-known and award-winning antivirus program with many different features to suit all your different devices.

Be sure to update your devices

Update all operating systems, browsers, apps and programs. The updates include important security upgrades. Keeping your devices up to date can make a big difference in how high the risk is of you being affected by ransomware and other malware.

Who is behind ransomware attacks?

Viruses and other malware have been around for basically as long as computers, but ransomware attacks are quite unique.

The first record of a ransomware attack occurred as early as 1989. It was a series of ransomware attacks that targeted healthcare businesses in the United States. 

When files were transferred to floppy disks, a virus was sent to medical computer devices with a request to “renew their license” by sending $189 or $378 to a Panama mailbox. This was the first case of ransomware, and today ransomware attacks are one of our biggest IT threats.

At first, only specialized hackers could program new ransomware. Nowadays, hackers guide beginner cyber-criminals to perform the hacking and then share the profits. There is also something called “hostage program as a service”.

Ransomware attacks as a service

“Hostage programs as a service” are programs created by experienced hackers. These are sold for anything between $40 and up on The Dark Web. For those who see the potential to get a large ransom from the attack, there are advanced but easy-to-use RaaS programs for several hundred dollars.

Criminal organizations

Ransomware as a service is very attractive for organized crime. The criminals can, for a relatively small payment, buy a program that is easy to use even for organizations with less knowledge in technology and programming. The programs help to carry out new ransomware attacks which can generate a lot of money.

In addition to criminal organizations, some countries and states are behind some of the ransomware attacks.

Countries that are suspected of corruption and, for example, have had their aid from other countries withdrawn, use ransomware as a way to illegally collect payments, and to penalize the countries that have withdrawn aid or sanctioned the country in question.

Who can be affected by ransomware?

There are many different types of ransomware with different targets and victims. There are also some ransomware attackers that appear to be operating without a specific goal. 

Ransomware can be spread on its own, but it can also affect individuals or businesses as part of a larger cyber attack. Many targeted ransomware attacks affect those who are willing to pay a lot for their data files.

For example, the attackers often set their sights on universities. Universities use computer systems that are easy to infect with viruses, as they usually do not have the most advanced security systems, so the malicious software can spread easily.

But authorities, banks and the like are also hard hit by ransomware attacks. The attackers know that these institutions have the funds to pay a ransom. They are also willing to do it quickly as very important data can be at stake.

Most affected by ransomware attacks is the healthcare business, which falls victim to 45% of all ransomware attacks. Healthcare institutions need to get their files back quickly and are therefore often willing to pay the ransom as soon as possible. Therefore, ransomware accounts for 85% of all malware attacks that affect healthcare organizations.

How does ransomware spread to private devices?

For individuals, ransomware and other malware is most often spread via e-mail. But also through websites that might encourage you to download data files or programs, such as websites that publish pornography, pirated movies, files or programs. 

If it happens to you, you might be asked to make a payment, or a “fine” to the “cyber police”. Remember, this is a trick so that you do not report the incident yourself.

What are the most common types of ransomware?

Ransomware and other malware is constantly evolving. It adapts to how computers and antivirus programs advance and will always be a threat.

Most of the time, you need to somehow authorise the program in order for it to make changes to your computer. But this is not always the case. Petya is the name of a ransomware that does not even need your permission to make changes to your data.

Wannacry is a type of ransomware that is often aimed at individual victims. You do not even have to open a file or download any program in order to get infected by the virus, it can be enough to have an older version of Windows software to get attacked.

Then we have viruses like Gandcrab that targeted high profile businesses with lots of important data, that were willing to pay larger ransoms to get their data back.

A current threat is a malware called Sodinokibi. It is believed to be created by the same people who created Gandcrab, as they work similarly with the same goal. The attacks are planned, well thought out and demand a large ransom payment. If the ransom is not paid, they threaten to release sensitive information to the public.

How much would a ransomware attack cost you?

How much an attack would cost depends on the type of ransomware you are affected by, but also if you are affected as an individual or as a business.

The attackers demand a larger sum from large corporations. Because in this case, very important and sensitive information can be at risk. In addition, businesses can lose money on the many working hours that are lost while their IT technology is down.

Ransomware that affects private individuals could demand a payment from $100 and up, while ransoms that affect large corporations could be in the millions.

NotPetya is a ransomware that attacked the Danish container shipping company Maersk, which caused Maersk to lose around $250 million. All due to the fact that their IT systems were down for 10 days while they had to reinstall all IT infrastructure.

During the summer of 2020, the American company Garmin was affected by WastedLocker. A ransomware that did not hold any information hostage but made their websites, customer service and user applications unusable. It is believed that Garmin paid the ransom of $10 million.

In addition to the financial loss of lost working hours and the cost of the ransom, the businesses affected need to invest in better security systems for the future. They also lose significant trust from their customers.

Summary

Ransomware is a virus that infiltrates files and programs and locks them in until a ransom is paid. To decrypt a ransomware attack, you need a key that only the attacker has access to. Therefore, even if you pay, it is unlikely that you will get your lost files back.

If you are affected, there is not much you can do. Whether you choose to pay the ransom or not is up to you.

There are many different types of ransomware that affect both individuals, organizations and businesses. If you are affected, it can cost you a lot, so here are some things that will protect you from ransomware attacks:

  • Backup your devices
  • Do not download files from emails that seem suspicious
  • Get a proper antivirus program
  • Be sure to update your devices
Author
Alva Ljungkvist
Author for Comprd. Mother with passion for technology and a desire to write about my passion.
Moa Rana
Editor
Moa Rana
Mats Maatson
Researcher
Mats Maatson

Leave a Reply

Your email address will not be published.