Ransomware is an ongoing scourge, with the nasty malware impacting users and large-scale organizations alike. We’ve seen AMD and Intel suffer from data leak in an active Gigabyte ransomware attack, Microsoft dealing with a massive email hack, and Cyberpunk 2077 developers CD Projekt Red under fire with a nasty security breach — and that’s just in 2021.
As Check Point Research (CPR) has discovered, the surge of ransomware attacks kicked off in the third quarter of 2020, with a 50% increase in daily average attacks compared to the first half of that year. Have these attacks subsided? Not a chance. In fact, ransomware skyrocketed to 93% in 2021, and attacks — like Foxconn production being disrupted — continue to this day. Yikes.
The intrusive software can be seen as the worst form of malware, as sometimes, all it takes is a simple phishing email to have your files, documents, and PC locked down, only to be set free if users comply with ridiculous ransom demands. The good news is there are a few ways to evade any dire data hostage situation.
What is ransomware?
Ransomware is extortion software used by hackers to deny access to files on a victim’s device, encrypting user data and demanding a ransom payment in order to gain access to them. These attackers often threaten users with leaking the data they’ve locked down, and, in some cases, even let a little slip to the public to let victims know they mean business.
Think of it as someone changing the lock to your home and holding the only keys to get it open again. If a ransom is paid off, hackers will release the decryption key for users to gain access to their files again. These threat actors may not even have big plans to use this data in any way, but once they receive payment, they’ve won.
Other forms of ransomware have attackers effectively stealing data (a.k.a data theft), giving them full reign to leak this data online. What’s worse, users may not know what data has been stolen, allowing hackers to manipulate what data they are threatening to leak and enforcing fear, all to make sure they get the cash they demanded.
As an example, during the CD PROJEKT Group data breach, the company claimed it had "reason to believe" the illegally stolen data from the security breach is not only being shared on the web, but also may be manipulated or tampered with. The company couldn’t confirm the contents of the data, leaving the team to guess what was stolen and to who it would be sent out to.
Ransomware preys on people’s fear of privacy, and despite large-scale companies refusing to give in to demands, this stops operations on a wide scale. In serious cases, ransomware has prevented hospitals from functioning, showcasing the severity of what one malicious malware attack can do.
How ransomware works
Unfortunately, like most malware, ransomware can easily infect a device if users aren’t careful. A dodgy website or ill-received email containing a suspicious link can lead to threat actors deploying malware to lock your files and asking for payment.
This is one of the simplest methods of distributing ransomware. Emails with malicious links can take victims to a seemingly trustworthy website with download links or attachments containing the malware downloader.
As CPR notes, another way is through Remote Desktop Protocol (RDP) services. This can be trickier for the hacker as they’ll need a user's login credentials in order to execute the malware. But this can be done through brute force attacks if the user has a weak password, or by using other methods to learn their credentials. From here. Threat actors can remotely access a computer and download the malware themselves.
This is where data gets encrypted. While hackers may have full access to the contents of a device, the main goal is to get the most money they can from the attack, leading to a high-value ransom payment. Since many devices have given the rightful owners of a device the ability to encrypt files, it’s a simple procedure for attackers to do.
Once done, the attacker will ask for payment. This can be done through various different methods, whether it’s changing the desktop background with a message from the hacker or a text file found on the device. Ransom is usually paid through cryptocurrency. If paid, the attacker will then send a copy of the encryption key to the user, allowing them to access their files. Of course, it’s never a good idea to give in to demands, but it can put users and organizations into a very difficult position.
How to avoid ransomware
Whether it be adware, spyware, or stalkerware, the best way to avoid ransomware is to keep a keen eye on any suspicious emails, links, or files you’ve been sent. Of course, this can be tricky itself, as threat actors will go above and beyond to mimic otherwise trustworthy companies or websites. Fortunately, the tech industry has deployed a number of counter-measures.
As cybersecurity companies will tell you, keeping your devices up to date when a software update rolls out and making sure the right security patches are downloaded is a good way to keep all kinds of malware (ransomware included) at bay. Particularly when these updates are classed as critical. We know. Windows may have a lot of updates in any given week, but they are deployed for a reason.
In companies, CPR recommends adding strong firewall safeguards, performing routine audits, and ensuring that users only have access to data that they need to do their jobs. However, one of the best ways to ensure your device is virus- and malware-free is by using one of the best antivirus apps around.
What’s more, for both Windows 10 and Windows 11 PCs, there’s a ransomware protection feature that lets users protect their files, folders, and data on their device from threats and "unauthorized changes" by unfriendly apps.
As part of Windows Defender, the "Controlled folder access" feature is handy to switch on to protect your laptop from any type of malicious hack. However, Microsoft has it turned off by default for a reason.
Controlled folder access restricts any other application from accessing or changing files. While certain apps are automatically listed as friendly, from using File Explorer to Microsoft Office programs or Adobe Photoshop, others such as Steam won't be able to function properly, as they won't be able to access certain files.
That said, there's an option for users to allow select PC games and programs to work while the ransomware protection is turned on.
Ransomware tools are forever evolving, so make sure to keep your system up to date and stay well away from unfamiliar emails, apps, or messages that could be hiding a nasty piece of malware that aims to take money out of your pocket.