Some mainstream antivirus companies and malware researchers have published encryption keys for several strains of ransomware. Experts can determine the type of infection and see if an associated unlocker is available. (Photo: rawf8/Shutterstock)Barely a week goes by without ransomware making the headlines. With COVID-19 accelerating a hyper-connected world, ransomware attacks will become even more disastrous. For instance, the unfortunate death of a patient at a hospital in Germany was linked to a ransomware attack that disrupted emergency care.
What is ransomware and how does it work?
Ransomware is a form of computer malware used by cybercriminals to encrypt digital assets. They then threaten the victim to erase it or release it in the public domain unless a ransom has been paid. Phishing is probably the most common method of delivering ransomware although savvy criminals are also known to use a combination of social engineering techniques to fraud victims.
Once the malware is deployed and the victim’s data is encrypted, attackers display some sort of a screen with instructions on how to unlock files. Most ransomware strains use RSA 2048, an extremely strong encryption. There is no guarantee, however, that hackers will unlock your files after receiving payment.
Paying the ransom invariably involves the use of cryptocurrency (like Bitcoin) as it does not have any physical representation and is stored in anonymous digital wallets. Once the payment is made, scammers provide decryption software that starts the arduous process of decrypting the files.
Ransomware attacks are growing in volume and severity
Ransomware attacks have not only grown in volume this year but also in severity. Research suggests that the average ransom demand has soared by 100% in the first half of 2020 and then climbed another 47% in the second half of the year.
While the average cost of a ransomware attack in 2020 equates to a staggering $4.44 million, ransomware accounts for almost 41% of all cyber insurance claims in the first half of 2020.
Dealing with a ransomware infection
Prevention is always better than a cure. Having said that, ransomware has become pretty common these days and even infects companies that are running up-to-date endpoint protection software. Ransomware surpassed payment card thefts this year and became the most common cyberattack vector.
If you have been attacked by ransomware recently, make sure you follow these 5 steps to regain control of your machine.
- Start by figuring out what it is: If your system has been attacked by ransomware, you will start getting messages while opening files that your file is corrupted or that it has a wrong extension. You will also see instructions on your screen on how to make the ransom (to unlock these files) along with a countdown or deadline to make the payment.
- Disconnect the machine: Immediately disconnect the machine from any network and disable WiFi and Bluetooth. Unplug any storage devices such as USB…
Read more:5 steps to recovering from a ransomware attack | PropertyCasualty360
