While opening emails or browsing the web, users face an increasingly dangerous type of cyber-attack: ransomware. That's when hackers encrypt your information and hold it hostage until you pay a ransom.
Ransomware isn't new but these kind of attacks are becoming more aggressive and more popular. A new report predicts that ransomware attacks will continue to spread in 2016.
Some victims have no other choice but to pay thousands of dollars to get their files back. It happened to a Massachusetts police department, an Oregon church, South Carolina schools and, in February, Hollywood Presbyterian Medical Center, which shelled out $17,000 after hackers shut down the hospital. Two more California hospitals were just attacked in the same way. And those are just the cases we know about.
With aging anti-virus software and law enforcement agencies that often lack the technological prowess to defeat hackers, the best thing you can do is educate yourself.
1. What is a ransomware attack?
A ransomware attack begins by encrypting all of the files on a machine — or an entire network — and deleting the originals and backups.
2. How does it start?
Attacks can come via an email attachment or by browsing on an infected website. “Unless you get the encryption key from the criminals, you will not be able to access your data anymore,” says Dmitri Alperovitch, chief technology officer of the cybersecurity firm CrowdStrike.
3. How common is it?
More common than you think. “This is actually happening very routinely, most organizations just don’t come clean with the public about the fact that they’re paying ransom to get their data back,” says Alperovitch.
4. Who has the highest risk?
According to a 2016 report from the Institute for Critical Infrastructure Technology, criminals target those most likely to pay. Aside from individual users that means hospitals, religious organizations, small law enforcement agencies and schools.
5. Your bad habits are stinking up your system
James Scott, co-founder of the Institute for Critical Infrastructure Technology, says “lackadaisical cyber hygiene” makes users vulnerable to ransomware attacks. He urges companies and organizations to invest in “security-centric” systems. “You can’t really stop a breach from happening, but you can detect and respond,” Scott said. “It really comes down to bringing in an information security team outside of your IT guy.” He recommends having policies put in place by security experts who can train staff to avoid clicking on faulty links and suspicious emails.
6. Old defenses won't keep your laptop safe
“A lot of the legacy technologies that you might use like antivirus, will actually not stop this threat because it changes. Every single file you get is essentially unique so you really need to look at next generation security technologies that can run on your system,” Alperovitch says. Next generation security comes in many forms. Scott recommends a layered approach: white-list firewalls, intrusion-detection and prevention systems, User Behavioral Analytic systems are a good start.
7. These criminals aren’t lone wolves
It’s easy to imagine a single hacker getting rich from his or her basement, while designing rasomware to plague the masses. In reality these attacks are being carried out by organized criminal networks, many of which operate out of Eastern Europe and Russia. “This is big business for them,” Alperovitch said. “They’re becoming very, very effective at this.” Alperovitch has seen some organizations’ information held for upward of $100,000.
8. There's not much law enforcement can do
Since many of the organizations spreading ransomware are based in foreign countries, U.S. law enforcement have trouble bringing them to justice. “A lot of times, law enforcement is actually aware of who these people are, but they can’t bring them to justice because they’re in a country, like Russia, that won’t extradite them,” Alperovitch says. Bitcoin exchanges are also completely anonymous, which makes tracing these transactions nearly impossible.
James Scott, Co-founder and Senior Fellow at the Institute for Critical Infrastructure Technology, a cyber security think tank that published “The ICIT Ransomware Report: 2016 Will Be the Year Ransomware Holds America Hostage”
Dmitri Alperovitch, co-founder and chief technology officer of the cybersecurity firm CrowdStrike and former Vice President of Threat Research at the security software company McAfee