Leaning About Ransomware: Digital Extortion

It is estimated that more than 1 billion dollars will be paid out annually in ransomware attacks. The average cost for businesses to recover from such attacks is around 84 thousand dollars! Those are big numbers and from a criminal’s perspective, this is an enticing business to get into. In case you’re not already familiar with ransomware - continue reading. Hopefully, your first introduction to ransomware won’t be after all of your data is encrypted.

What is this ransomware thing?

BLUF: Ransomware is bad and very expensive. Ransomware is a form of malicious software (malware) that encrypts all of your data after gaining access to your systems. The attacker will then hold this data for ransom until a specified amount of money is paid. Paying the ransom does not always guarantee you will get your data back. In fact, many criminals will turn around and sell your data for profit - regardless if you paid the ransom or not. Or, the attacker may demand more money until you refuse to pay.

How does this happen?

BLUF: Phishing emails = catching a virus.

Imagine - you are sifting through email when you come across this headline, “Cat plays the ukulele”. You think to yourself - heck yeah, I have to open that email! So you click on the malicious attachment - what happens next is totally not a cat playing the ukulele! The common flow of events is as follows:

Your system is infected by a phishing email, malicious attachment, or infected download.

The ransomware then encrypts all of your data - thus, locking you out of your computers, blocking your network access, and making your files unrecoverable.

Lastly, the attackers demand payment to decrypt your system. They will often threaten to destroy the decryption key or release your data if not paid.

From an attacker’s perspective, this is a very simple and lucrative business model. Step one: send malicious cat pictures. Step two: encrypt data. Step 3: profit.

Okay, so only other people get ransomware, right?

Nope - You and pretty much anyone who uses an Internet-connected device are at risk of ransomware. In my next article, I will detail some strategies for avoiding this pesky problem. Stay tuned!