Ransomware has been around since 2005. Basically it is malware (malicious software) that prevents you from accessing your computer or data until you pay a ransom.
In some cases, attackers pose as Government authorities, telling online users that they have broken the law, and demanding they pay a fine or be arrested. Ransomware attackers target not only desktops and laptops but also smartphones, often through dodgy apps.
A nice little earner
In many instances the amount of ransom money demanded is relatively small, and people or organisations may just choose to pay it to attempt to get their data unlocked. However with many people paying a small ransom, it can soon add up to a tidy sum for attackers! Cyber security company Symantec estimates that ransomware operators have managed to make at least $5 million a year from attacks.
According to some sources, ransomware became more widely used once online payments became more popular. Operators are smart though – they often demand payments in Bitcoin, which is harder to track, and allows them to remain anonymous.
One of the more successful examples was Cryptolocker. The malware targeted computers running Microsoft Windows, using a ‘trojan’ (a virus program), typically through email attachments. Fortunately, a weakness in the program allowed security companies to develop software to counteract it.
Other examples include TelsaCrypt, which targeted online gamers, and Cryptowall which scambles files and file-names before demanding payment for a fake antivirus program. One of the latest is WannaCry, which was able to hack hundreds of thousands of computers in a single day in 2017.
Cyber risk management
Any online user is at risk of ransomware attacks, including charities, worship centres, and other non-profit organisations. Attackers are often able to exploit security weaknesses within a system. Cyber security companies work quickly to develop software to beat ransomware, but there is no guarantee of keeping up with all the latest developments. This means it’s vital to take steps to protect yourself from such attacks in the first place. A few tips include:
- Practice good cyber security: this may include computer access restrictions, the use of passwords, and avoiding unsecured sites – particularly when making online payments. For more tips see our previous article.
- Regular backups: you should always keep a second copy of important data. This should be done to an external hard drive or other device and / or to the cloud.
- Protective software: install a virus scan program from a reputable cyber security company and keep it updated and current. It’s also important to run regular scans of your system.
- Practice online vigilance: for example, avoid opening email attachments from unfamiliar sources, or responding to official-looking emails asking for financial information such as credit card details.
Practising good risk management is as important for your data as it is for physical property, and is well worth the effort. A hacking event can lead to financial loss, distress and major disruption. For more tips on cyber protection check our our other cyber security articles.
Written by Tess OliverTags: asset protection, data, risk management, security