What is ransomware?

Ransomware is a type of malicious software (or “malware”) that infects computers, then encrypts various files and demands a ransom to get them back. Even if you pay the money within the timeframe the criminals set, there’s no guarantee you’ll get your files back. Typical ransoms are at least $500, but some of them ask for much more (particularly if they hit a larger business that can’t function without immediate and reliable access to its data, such as a hospital.)

Ransomware can hit anyone, and these types of cyberattacks are common and successful. You’ve probably heard of some of the bigger, more damaging ones in the news, like WannaCry or NotPetya. The WannaCry ransomware attack alone is estimated to have caused $4 billion in losses to businesses around the world, while NotPetya cost organizations upwards of $1.2 billion. Part of what made these attacks so devastating was how quickly they spread. Even devices that weren’t connected to the internet, but were connected via local area network to other internet-connected machines, got infected.

In the last several years, we’ve also seen Ransomware-as-a-Service (RaaS) pop up. RaaS is when ransomware authors put together do-it-yourself kits that other criminals with less programming skill or malware know-how can use to launch their own attacks. That makes delivering ransomware even more widely accessible for the casual script kiddie (i.e. an unskilled person who uses automated tools written by black hat hackers to break into computer systems.)

Unfortunately, the best way to handle a ransomware infection is not to get one in the first place. While you can remove the infection, that still leaves your files encrypted, and there’s very little chance of anyone decrypting them without the unique decryption key. The only way to get those files back is to pay the ransom and hope the criminals hand over the key (and that the key works), or to remove the malware and restore your files from a clean backup. 

If you want to stay safe, we recommend using strong internet security software that can prevent brand new, never-before-seen malware and ransomware from infecting your computer; keep your computer programs and operating system up to date; practice good online hygiene like using strong passwords and changing them frequently; avoid visiting risky websites and downloading apps or files from unverified sources; and back up your data to a secure physical drive that you keep disconnected from your computer when not in use. You can also use a secure cloud backup for your files, but make sure it’s the kind that keeps a version history of your backups, otherwise, you might accidentally back up the encrypted files and overwrite the good ones. Learn more about how businesses and MSPs can prevent ransomware.

Read more about ransomware:

Find the right cybersecurity solution for you.