Ransomware is a kind of malware that can keep you from accessing your files—or even destroy your files—unless you pay. In a ransomware attack, you open a file or click on a link and suddenly your computer freezes up. A message appears on the screen saying that your files have been encrypted and you will have to pay a ransom to get the key. This scenario has become more common on the computers of both individuals and businesses.
In one widely-reported case, a California hospital paid a ransom of $17,000 in Bitcoin to regain access to their files. According to Allen Stefanek, Chief Executive of Hollywood Presbyterian Medical Center, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.” The hospital says that hospital records and patient care were not compromised.
Past attacks have largely been confined to single computers; however, the Federal Bureau of Investigation says that entire networks may now become infected. A FBI Flash Memo says that, “In a new scheme, cyber criminals attempt to infect whole networks with ransomware and use persistent access to locate and delete network backups.” The alert goes on to say, “The threat of ransomware continues to grow due to the relative availability of necessary tools, as well as the potential for extorting large sums of money”
The FBI recommends the following steps to avoid ransomware attacks and to protect your data in the event of an attack:
- Make regular system back-ups and store the back-ups offline. Ransomware will encrypt any drive that is visible to the computer, rendering the back-ups useless.
- Filter out e-mails with .exe attachments and set your computer to show hidden file extensions. Ransomware is often delivered as a file with more than one file extension such as example.pdf.exe. Victims may not see the .exe and assume that the file is safe.
- Always keep your antivirus software up to date.
- Install updates and patches to your operating system and web browser as they are released.
- Use unique, strong passwords.
- Use a pop-up blocker.
- Only download software—especially free software—from sites you know and trust (malware can come in downloadable games, file-sharing programs, and customized toolbars).
- Don’t open attachments in unsolicited e-mails, even if they appear to come from people you know. The sending email address may be spoofed, or the account may have been hacked. Never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close the email and navigate directly to the website you wish to visit.
- When on the Internet, your mobile phone is subject to the same dangers as your computer, so use the same precautions on your phone.