Imagine this: You open an e-mail on your work computer that seems to come from Google, prompting you to click a link to reset your password. But when you click, a mysterious .exe file downloads and launches. Slowly, all the files on your desktop turn into white paper icons, and the names of all your files turn into scrambled nonsense. What is happening here? Unfortunately, you’ve probably fallen victim to a ransomware attack.
At this point you might be asking, "What is ransomware, and what can I do about it?"
The Threat Defined
Ransomware, as defined by Trend Micro, is “a type of malware that prevents or limits users from accessing their system . . . unless a ransom is paid.” Although the term may be new to you, ransomware attacks actually happen every day. In fact, according to Kaspersky Lab’s Securelist, 2.3 million Internet users encountered ransomware between April 2015 and March 2016, and Intel Security reports that the volume of attacks grew by an astounding 169 percent in 2015 compared with 2014.
In the event that a ransomware attack happens to you, it’s likely that something much like the scenario mentioned above will unfold. To help you visualize, though, Figure 1 provides an example of what you might see on your computer screen:
So, do you pay the ransom or simply wait for the countdown to end? Before deciding, you might consider taking the following steps.
Research solutions. By searching online, you could stumble across a free tool that can decrypt your files. But keep in mind that the chances of success are extremely slim. Even if a solution to a previous type of ransomware is available, attackers learn from their mistakes and would likely have used a more advanced form of the scheme on you.
Call law enforcement. You might get lucky, but don’t count on it. There’s very little that the FBI, for example, can do to resolve an individual ransomware incident. But reporting the crime can help put it on the authorities’ radar, so they can work on a solution for future cases.
Now, it all comes down to two choices: either you pay the ransomware fee or you don’t.
Choice 1: You Pay
You calculate that one bitcoin is $671 (at the time of this writing), which isn’t so much if it means saving your practice and all your clients’ financial plans. You hit the Next button and follow the instructions to pay your attacker. What happens now?
Outcome 1: You get your files back. Time to celebrate? Not so fast. From the cyber criminal’s perspective, he or she just found a paying customer. Now you’re a prime target for another ransomware attack.
Outcome 2: You don’t get your files back. Remember: you have no leverage. No one is forcing the criminals to hold up their end of the deal. Even if the attackers are “honorable,” you can never be sure that the ransomware will keep your files intact. So if this is your outcome, you’ve lost all your data and $671.
Choice 2: You Don’t Pay
Maybe you think the attacker is bluffing. (Hint: If you can’t access your files, the attacker isn’t bluffing.) Or maybe you’ve decided that the price tag for your data is too high.
Outcome 1: You’re granted a time extension . . . and a price change. Some attackers penalize you for waiting up to their deadline and then not paying. They give you a second chance but increase the ransom. Others realize that you won’t take the bait, so they cut you a deal in an attempt to take what they can get. If so, you’ll be back to deciding between Choice 1 and Choice 2.
Outcome 2: You don’t get your files back. On the bright side, you didn’t contribute to one of the worst cyber threats we’re facing today. Plus, those attackers won’t see you as a receptive victim. It’s only common sense to leave you alone in the future.
The Optimal Choice
In the end, it’s your decision. It all depends on how much you think your data is worth, as well as how much you trust that the attackers will stick to their end of the bargain. To give you some insight into the choices others are making, a recent Symantec report finds that only 3 percent of victims pay the ransom. The rest opt for Choice 2.
Fortunately, there are three relatively simple precautions you can take to prevent such a costly scenario.
1) Back up your data regularly. Let’s say that you back up your files every Sunday. If you receive a ransomware threat on—worst-case scenario—a Saturday, you’ll lose only six days’ worth of data. If you would like to start backing up your files, you’ll have to take the time to devise your own schedule and method. When establishing a backup plan, remember to keep these two things in mind:
- Regularly test your backups. You’d be surprised how many firms wait until an attack before they restore a backup for the first time, only to find that it doesn’t work!
- Store your backups in a secure location separate from your main computer. If backup media is connected to your system during an attack, your backup data could be targeted as well.
2) Keep all eyes peeled for phishing. Approximately 91 percent of cyber attacks start as phishing scams, according to Wired. When checking e-mail, remember to:
- Hover over all links to verify that they’re safe
- Avoid clicking links whenever possible by typing URLs directly in your browser
- Delete any suspicious e-mails (If you’re in doubt, just delete them.)
Best practice is to keep your whole business aware of phishing attempts. No matter what technical controls are in place, if only one user on your system falls victim to a new type of phishing attack, your whole firm may have to deal with the consequences.
3) Update your systems ASAP. Attackers know the vulnerabilities of yesterday’s technology. The longer you avoid regular updates, the more time attackers have to exploit those vulnerabilities.
Will You Be Ready?
Most of us have a normalcy bias. We rationalize, “Because this disaster has never happened to me, it will never happen to me.” It’s easy to think this when most of us haven’t fallen victim to ransomware. But, as attacks are on the rise, the probability of being a victim is only increasing. If the day comes when it does happen to you, will you have a plan in mind for handling the situation?
Have you ever fallen victim to a ransomware attack? Do you regularly back up your data? Please share your thoughts with us below.