Ransomware Q&A: What To Know As Attacks Keep Coming

Nasty, lazy cybercriminals have found one of the best ways ever to free you from your money — ransomware. For them, it’s like pennies from heaven. They can spread ransomware with very little effort and then sit back and watch the money roll in from victims who want their data back.

This post is a follow-up to our ransomware posts in July and March — the attacks are getting worse, not better. Read on, device users! You need to know the answers to these nine questions:

1. Why are there so many attacks right now?
Because it’s so profitable and easy for scammers. They just buy or rent ransomware on the dark web using stolen credit cards they also bought on the dark web. They use someone else’s infected computer to spread the ransomware and when the good guys figure out how to stop the strain, the bad guys just create a variant that can get past security sensors. There’s a new variant every day — sometimes multiple strains every day. It’s hard for the good guys to keep up!

New call-to-action

2. How do I know if I have it?
You’ll get a big, bold, full-screen notice telling you your device has been infected. Most ransomware encrypts files so you’ll get the notice when you try to open an encrypted file. But some ransomware locks you out of your device — you can get that notice at any time. If your company’s IT department is monitoring your business network, they may be able to spot the ransomware early. They’ll inform you ASAP.

3. How did I get it?
Probably through email — it’s the most common method of infection. You could have also visited a website that had the code embedded or an app like Flash, Java or Microsoft Office was compromised. Ransomware is often distributed to those places via botnets, unsecured wireless networks or unsecured routers. There’s also a possibility that it got on your device through a smart home device like a security camera or wireless thermostat. The Internet of Things network has fewer safeguards than other networks. Even your smart TV, Roku or XBox could be the culprit.

4. What types of files are usually encrypted?
Usually ransomware infects files that have been used most recently because they’re the ones most likely to be opened again soon. These files tend to be the ones that are most important to you, too. But other times the ransomware is designed to spread throughout your system and/or onto your business network rather than encrypt immediately. This kind of ransomware can do even more damage because it spreads to other computers and works behind the scenes.

5. How much money will they want?
That depends on how much they think they can get out of you. Scammers often have no idea who will get caught in their ransomware nets so the amount isn’t set until they get an email from you. Little fish get little ransoms. Bigger fish get bigger ransoms. It ranges from a few dollars to many thousands.

If you’re targeted specifically, the demand will probably be higher. For example, organizations that have valuable information and also might be underfunded for IT (like hospitals and schools) are prime targets.

Other times, users of a specific app or platform are targeted. Last month more than half of all Microsoft Office 365 users were hit.

While paying up isn’t a good idea no matter how much the ransom, keep in mind that the fee is negotiable. Something is better than nothing for them! However, you don’t know if they’ll keep their work and give you the decryption key or hit you again later because now they know you’ll pay. Some companies have been infected multiple times. It’s much cheaper to have good controls and offsite backups than to pay! Only pay if it’s the last resort.

6. What’s the decryption process like?
Each file has been encrypted individually so you will need to select all of the encrypted files and enter the decryption key. Then your computer will get to work. How long it takes depends on how many files the malware encrypted — you might not have caught the problem right away so the malware could have been encrypting files for days. Catching it quickly minimizes the damage.

7. How do I get the ransomware off of my computer?
If it’s a home PC, use the anti-malware app specific to the strain you were infected with and see the Microsoft Malware Protection Center for more information. If it’s a work PC, your IT department or IT partner will remove the infected computer from the network and clean off the infection so it stops encrypting. They’ll probably also rebuild your device instead to make sure they’ve removed any hard-to-detect remnants.

Macs get infected a lot less often — there are only a couple of strains known to infect Macs. See this post from Macworld for instructions.

8. Will the ransomware epidemic stop?
Once criminals stop making money from it. Law enforcement isn’t equipped to investigate or prosecute this type of crime. Eventually it will end up being like spam that gets caught in filters. But we’re not there yet!

9. What can I do to keep it from happening to me?
For personal computers, back up often, have good firewalls, keep everything up to date and don’t open weird emails or attachments you weren’t expecting. While using your work computer, limit personal email and third-party, non-work-related chat apps.

Last month the U.S. Dept. of Health and Human Services published new guidelines for dealing with ransomware because there’s been a 300% increase in ransomware attacks since last year. There are now 4,000 ransomware attacks daily. Ouch!

That number is way too high to ignore and Leapfrog is confident businesses that don’t take steps to protect against ransomware will eventually be attacked. There’s just too much of the malware out there. We recommend businesses take a holistic approach that includes leveraging unified threat management and conducting proactive security scans. Leapfrog’s solution to spot anomalies on your network before they do too much damage is very effective. Let us know if your company does not have this capability or wants more information about protecting against ransomware.

You may also be interested in: