Held to Ransom(ware)
September 15, 2021
There you are, going about your business, working away on your spreadsheets or your photos.
It's a productive day so far, you've gotten lots done!
Suddenly, a popup appears on your screen. This popup claims to have taken control of your files and is demanding money to return them to you!
Commiserations, you've just become one of the 304 million people who get infected with ransomware every year.
So how did we get here?
Well computer viruses and malicious programs in general first started appearing in the wild in the late 80s.
To start out with, they really represented nothing more than an annoyance. But as the popularity of personal computer ownership grew, so did the underground practice of writing and distributing viruses, often for simply the notoriety.
1992 saw arguably the first widespread destructive iteration; the Michelangelo virus would silently spread via any floppy disk inserted into an infected machine and upon its namesake's birthday of March 5th, rendered the host machine inoperative.
It didn't take long for people to realize they could monetize their hobby of writing these programs.
Electronic payments however were the catalyst to ransomware becoming what it is today.
Mailing payments and conventional bank transfers are quite easy to track, so they're not ideal if you're in the business of keeping your identity unknown.
Setting up an anonymous means of receiving payment online, especially with the dawn of cryptocurrency, is a much simpler prospect.
It's estimated that $350,000,000 was paid by ransomware victims last year, with the average payout being around $300,000.
By far and away the most popular transmission method for what has now become the greatest financial threat amongst malicious software is phishing emails.
These take the appearance of a vendor or service which you'd typically trust, but instead direct you to a website hosting the ransomware.
Often, people afflicted with this type of digital nasty won't know about it until a good time after the fact.
It's downloaded, installed and runs quietly in the background encrypting your data before it finally unveils itself to request payment. This payment, it claims, will yield the decryption key needed to regain access to your files.
As with most things, the best protection is prevention.
The absolute simplest way to avoid falling victim to these attacks is extra vigilance when dealing with your emails.
Large, multinational businesses don't typically make the spelling mistakes people who's first language isn't English do.
Are you expecting a package from Fedex or UPS?
If not, there's a good chance the tracking email you just received isn't legitimate.
Safer still is to head to a courier's official website and use the tracking features there, rather than blindly trusting links in an email. If in doubt, contact a technology professional - they will be able to spot anything sketchy at a glance.
Actually paying a ransomware attacker to get your files back is a deeply contentious topic in the security community.
The advice from the FBI and the majority of security firms is to not pay, as there are really no guarantees that your files will actually be returned to a usable state.
Worse, it could put you on a "known to pay up" list making you more susceptible to further attacks. Organizations do in some cases resort to payment however, if the value of the encrypted data vastly eclipses that of the ransom.
In any case, you're far better off avoiding getting caught in such a situation. Observe good practices, learn about the technology you're using every day and give yourself the best chance of keeping your data safe.
Richard Noble is the founder of Want For Tech, an IT company based in Glasgow.