You’ve likely seen a ransom note in the movies portrayed as a jumble of cut-out letters demanding a large sum of money. In real life, though, ransoms have been taking a more digital form. Today, hackers are using malware to hold computer files hostage through encryption and asking the owners to pay for their release. Recently, ransomware has targeted organizations like hospitals, police departments and even government agencies.
The damage of ransomware
In response to these attacks, the U.S. Departments of Justice and Homeland Security released letters revealing just how damaging ransomware has been nationwide. In its letter, the DOJ estimated that, since 2005, the Internet Crime Complaint Center has received 7,694 complaints of ransomware that total around $57 million.
Worldwide, these numbers are even more astonishing. According to a study by Cyber Threat Alliance, ransomware has racked up approximately $325 million across hundreds of thousands of victims all over the world.
With these figures, it’s clear that ransomware has been lucrative for hackers. Antivirus firm Bitdefender found that over 50 percent of U.S. ransomware victims pay the demanded amount to free up their encrypted files. According to the DOJ, the typical ransoms run between $200 to $10,000.
Who are the victims?
Victims of ransomware have ranged from individuals to organizations, but more often, hackers are looking for highly valuable opportunities. Earlier in 2016, Hollywood Presbyterian Medical Center in California paid a ransom of 40 bitcoins (or $17,000) to hackers who had tied up their files. In a statement on the incident, the President and CEO of the hospital, Allen Stefanek, wrote that this was the “quickest and most efficient way to restore our systems and administrative functions.”
In April 2015, the Tewksbury Police Department in Massachusetts also fell victim to a ransomware attack. In this case, the hackers asked for around $500. The first course of action for the police department was to try to unscramble the files with the help of specialists from other law enforcement agencies and private internet security firms. After five days with no success, the department had no choice but to pay the ransom.
How to protect yourself
Considering how sophisticated and effective ransomware has become, it seems daunting to try to fight against it. However, it’s not impossible. According to PCWorld, the mantra to follow is “back up, back up, back up.” This approach helps in the event that your computers are infected by ransomware. If you have a backup, you aren’t left without a choice like the Tewksbury police department or Hollywood Presbyterian Medical Center.
Brian Foster, the chief technology officer of network security firm Damballa, told PCWorld that backing up online is your best bet.
“I’m a big fan of online backups,” he said. “You should expect that, if you get hit by ransomware, you are not going to get the PC back.”
The next step in protection is making sure you don’t get hit by ransomware in the first place. Jens Monrad, systems engineer at FireEye, told Computer Weekly that the viruses are usually delivered by email, noting that they most often come as shipping notices from delivery companies. Ideally, you should be able to avoid clicking on any links in a suspicious email, but sometimes it’s hard to tell what you should be wary of – especially if it’s well disguised.
That’s why having a “layered approach,” as described by Computer Weekly, is the best approach. This means employing security tools like firewalls, web filters and anti-virus software to make sure your computer is using every defense possible against malware.
With the staggering numbers associated with ransomware, it’s more important than ever for consumers to be wary of their activity online and how it affects their personal information. Much like ransomware, other types of fraud are not so simple to sidestep. For these threats, consider investing in a service like Identity Guard, which can monitor your credit file and alert you to certain activity that may indicate fraud.