October 9, 2019
The email looked so authentic! It appeared to come from someone you know, and it even quoted previous emails from that person – real conversations you’ve actually had.
So, you opened it, clicked on a link and downloaded the attachment.
Suddenly, you cannot access any of the files on your computer. A message appears on-screen, demanding payment in the form of cryptocurrency if you ever want to see your precious data again.
It has happened to you. You are the victim of ransomware, and you are far from alone – every 14 seconds there is a new victim.
Ransomware – malicious software that encrypts files on victims’ computers – first emerged in Eastern Europe nearly a decade ago. Today, it is among the most common cyberattacks globally, used mainly by profit-seeking criminals.
The best option is to protect against ransomware with secure backups.”Paul Eisler
Attackers often target organizations where being offline is not an option, such as government offices, hospitals, and financial institutions. Small businesses and individuals can also fall victim.
Criminals typically demand cryptocurrencies that are difficult for law enforcement to trace. The average ransom demand is about $13,000. Demands against large corporations targeted by the most sophisticated hackers can average more than $285,000.
Consider what happened when ransomware hit the government of Atlanta last year. Atlanta’s police officers were forced to write reports by hand, the court was unable to validate warrants, and the city stopped taking employment applications. Just imagine the harm of ransomware in a hospital setting, where people’s lives may literally depend on effective cybersecurity.
The most important piece of advice for protecting yourself: backups, backups, and more backups. Once ransomware infects your computer or device, there is no guarantee of recovery. Even if you pay the ransom, the criminals may simply demand more money or delete your data.
Keep in mind: because ransomware can target the backup data on an infected system, you need to store the backups elsewhere, in a secure location.
If you are thinking about removing the ransomware without paying the ransom, it is best to have an expert help you. Even if you succeed, removing the ransomware before an expert sees it can make digital forensics more challenging.
As for the question of whether to try negotiating with criminals, the choice is yours, but the federal government does not encourage paying ransomware demands. When criminals succeed at making a profit, bad incentives are created, and future victims pay the price.
The best option is to protect against ransomware with secure backups. That way, even if you are the victim of a ransomware attack, you can avoid significant expense to yourself (or your organization) and avoid imposing externalities on society at large.
For advice on how to protect yourself, visit the CISA resource page on ransomware and Security Tip (ST19-001) Protecting Against Ransomware.