What is ransomware?
The short answer is; any piece of malicious software that gets on your system, keeps you from accessing your data, and then demands payment to give it back to you.
Ransomware gets mentioned a lot lately. Whether we’re talking about recent hacks, or just stuff you should watch out for online. However, a lot of people don't know how often it's actually occurring. For context, in 2016 there were 4,000 daily ransomware attacks. That's up more than 300% from 2015, so this is a growing trend.
With volume like that we’re not dealing with lone hackers. This is a business. When you get affected by ransomware, they've got support lines, complete with customer services reps to help you unencrypt your data after you pay the ransom. Millions of people out there are making millions of dollars a year off of this. They know what they're doing, and you should really know how to handle it.
Most common way to get infected by ransomware is email.
There are other ways (torrenting files, sketchy websites, etc.) but email is the culprit in most cases.
Typically, an email arrives in your inbox. Sometimes it's from a stranger, sometimes it's from somebody you know but, either way, it comes with an attachment. The attachment will be something enticing, maybe an invoice, maybe a quote document, maybe a notification from Google or Microsoft. Regardless, the goal is to get you to click on it.
Once you’ve clicked, the malware establishes communication with a command-and-control server. For example, CryptoLocker, which started the modern ransomware craze, relies on a domain generation algorithm and hops between new servers routinely to avoid detection.
Once the server connection is established, CryptoLocker generates a pair of encryption keys — one public, one private — using the huge RSA-2048 bit encryption algorithm and military-grade 256-bit AES encryption.
So once you've got it, it's tough, if not impossible, to get rid of it. After encryption is complete, the cybercriminals usually demand Bitcoin or some form of payment for the key to unencrypt infected files. Ransomware works quickly and quietly in the background before it unveils itself to users asking for ransom.
It’s often easier to just pay up than it is to fight the system. Hospitals, major city libraries, companies all around North America, are paying these ransoms on a daily basis, because they've been infected they need that data.
The only good way to prevent yourself from being a victim of ransomware is to be proactive about it. There's a lot of fantastic tips but the most common is educating your users on basic security. For the more advanced options, check out The Smarter SMB's Guide to Ransomware, which lays all of this out in a lot more detail.