What would you do if you came home to find yourself locked out of your house? Not that you’d forgotten your keys at work, but rather that someone came along, changed every lock and demanded you pay them to get back in.
The idea of a criminal doing such a thing in the real world is definitely crazy, but this kind of attack works perfectly in a digital environment.
It’s called ransomware, and it works like this: A cybercriminal finds a way to introduce malware to your computer, generally by tricking you to download it. Then, this malware encrypts every scrap of data on your computer, which means you can’t access it. Finally, the hacker demands money from you in exchange for decrypting your information.
Basically, this cyberattack turns you into a hostage negotiator for your data.
It’s simple, easy for a novice hacker, and it’s absolutely terrifying for businesses and consumers alike.
According to some estimates, ransomware’s cost to the global economy could reach up to $5 billion in 2017. Exact numbers are hard to measure because few businesses and individuals report this kind of crime, but it’s clear that ransomware is a major economic threat.
The reason for this is simple: These days, data is life. An IBM study found that while half of survey respondents initially stated they wouldn’t pay a ransom for their data, 54% say they would if it involved their financial information. What’s more, 55% of parents would do so to save images of their family.
The idea that a criminal has a say in whether you can see photos from your daughter’s first birthday is clearly terrifying. However, the real problem is who can initiate a ransomware attack. According to a report from The Hacker News, one Russian cybercriminal sold ransomware toolkits on the dark web for as low as $175.
This black market industry has been dubbed ransomware-as-a-service, and the authors who write this malware can make around $163,000 per year. While the amount of money these criminals make should scare you, what’s really frightening here is that ransomware-as-a-service allows amateurs with no real computer skills to act as hackers.
The issue with this is that the cybercriminal holding your data hostage might not even know how to decrypt it. Even if he did, there’s really no incentive to do so after being paid.
This is why the FBI states that you should never pay a ransomware attacker. At the least you’re encouraging the hacker to do it again and there isn’t a guarantee that you’ll get your data back. If you are hit, contact the authorities immediately and let them handle it.
That may seem like a slow solution — and it is. That’s why the FBI recommends that you take steps to avoid such an attack in the first place.
What To Do
A good place to start is by updating all of your software, as out-of-date tech often has security holes that hackers like to exploit. You should also be wary of any emails containing links. Gmail and other email services allow you to check where the link is going to take you by hovering your mouse over it.
Finally, and most importantly, always follow the 3–2–1 Backup Rule. This states that every important piece of data should have three copies on two different mediums, like one in the cloud and another on an external hard drive. Finally, one of these copies should be kept physically separated from your main computer. This can also be accomplished with a cloud storage option.
Hackers know how important your data is to you, and the only way to take that power away from them is to prepare. Following these steps can save you a huge headache and a lot of money down the road.