Cisco: Ransomware – What it is, how to avoid it and what to do if it gets you

Ransomware has been all over the news since 2015. You’d think we would all know how to deal with it and the fad would be dying by now.  Well, that’s what I would think.  It turns out that ransomware generates a lot of cash for criminals, an estimated $1 billion in 2016.  It also has a low cost structure (so, very profitable) and the victim directly sends the perpetrator money.

What is ransomware?

In short, ransomware is malware that prevents you from accessing data on your PC.  This either by encrypting as much of your personal data on your PC as it can find or by locking your screen.  Then it issues a demand for ransom to you – give the bad guys money and they will let you access your data.  Most commonly, ransomware infects your PC when you click a link in an infected e-mail. For more details, let’s go to the experts.  The Cisco 2016 Midyear Cybersecurity Report and a detailed study from Talos give a good analysis of ransomware and trends and directions we can expect from crimeware operators pushing ransomware.   For a nice infographic summary of the problem, check here.  Cyber security specialists should read it, although I suggest everyone have a look at the executive summary at the least.

A Ponemon survey of companies who were affected by malware includes cautionary facts for those who might be thinking they will just pay the ransom and go on.  Most of the companies who paid, paid over $1,000 per PC to recover their data.  But only 55% of the companies that paid the ransom received the decryption keys to get their data back.  The cheapest ways out of a ransomware attack are: try hard to avoid the social engineering tricks (don’t let it happen) and keep backups of data you value. Please don’t pay the ransom.

How does it spread?

Speaking broadly, the most common method of spreading ransomware is by social engineering.  Social engineering works by tricking you into infecting your own computer by falling for a trick the malware author tries to play on.  This is usually by e-mail, but it could be a malicious ad on a web page or a malicious web page.  The trick is usually some enticement to click on an attachment or a link to a document, picture or video.  Microsoft Office files, PDFs and multimedia files can all be the carriers for the ransomware program.  Once you click, the ransomware finds your files on the computer and encrypts them.  Then it demands a ransom if you want them back.

Read the entire article here, Ransomware – What it is, how to avoid it and what to do if it gets you

Via the fine folks at Cisco Systems.