Occasionally, you’ll turn on the TV or scroll through social media and see a flashy headline about a ransomware attack taking down some big organization or business. But the ones we hear about are just a tiny fraction of the many such attacks being waged against people and businesses of all sizes every day.
Worldwide, there were more than 236 million ransomware attacks reported just in the first half of 2022. That’s more than 1 million ransom attacks every single day! No wonder ransomware tops the list as the #1 worry by more than 60% of I.T. and cybersecurity professionals.
So, while you may not see ransomware stories on the news every day, the problem is still far worse and more widespread than many of us realize.
Whether you’re a regular home internet surfer, a freelance worker, running a simple side hustle, or managing a business with a few employees, you can still be targeted. Even a single attack can have serious and permanent consequences for your personal and business finances.
But fret not! There are ways to protect yourself. Here’s a quick primer on what these vicious threats are and some tips and tricks to avoid such a prolonged and costly nightmare.
What is ransomware?
Ransomware, in short, is a kind of malicious software (malware) that blocks you from accessing your own data.
Ransomware first installs itself on your device. Shortly after, it will begin to encrypt your data. Encryption is a process where your data is turned into a form that is unusable by you and your device.
A hacker, or group of hackers, will contact you and insist that you can only get your data back by paying them a ransom. And if you’re thinking it’s a few hundred bucks, think again. The average ransom has reached nearly $250,000.
Of course, the hackers will promise that after you make a hefty payment, they’ll send you the software keys that can decrypt your data and make it usable again.
If you balk at paying, they may simply leave your data encrypted and useless forever. Or they may threaten to release your data onto the internet where anyone can access it.
What are the effects of ransomware?
Ransomware doesn’t discriminate between your important personal and business files.
If your personal files are attacked, you may lose access to everything from precious family photos to sensitive medical or tax records. And like we said earlier, there’s a chance those sensitive documents will find their way onto the internet where they can potentially be used against you.
For businesses, a ransomware attack can cause you to lose access to important financial and employment information. Even worse, ransomware can spread across computers, like a virus, encrypting more and more data as it worms its way through your business.
Consider how these two statistics would affect your business: The average cost of a ransomware attack for a business is nearly $2 Million dollars, and the average downtime is over 20 days.
Now think about your own business. Can you sit idle for three or more weeks – without revenue – while your computers and critical customer and employee data are inaccessible? Even if you make it through, and ultimately recover the data, your company’s reputation may suffer permanent damage to its image and erode public trust.
What if I am attacked by ransomware?
Contact the relevant authorities immediately. For some ransomware infections, there are tools that can help you decrypt your files without the aid of your hackers.
Paying a ransom, no matter how small or large, never guarantees that you will get the encryption key and regain access to your data. You might shell out big bucks only to watch the hackers disappear and your data remain useless.
Many payments will require technology that will leave you without any options for reversing the transaction. Often, hackers will require you to pay with cryptocurrencies like Bitcoin, making the transaction much harder to trace.
Being attacked isn’t a one-time event, either. Companies that are victimized by ransomware, and then pay, will almost certainly get hit again. A recent report stated that 80% of organizations that paid the ransom were hit a second time. And 68% said that the second attack happened in less than one month, with an even higher ransom demand.
Last, and most important, is that paying the ransom may be illegal. It’s tempting to do whatever it takes to recover your data, but there could be larger long-term implications in doing so.
Ok, so how do I defend myself?
There is no foolproof way to protect yourself against ransomware, but there are some good practices that will level up your overall security and make it harder for hackers to mess with your identity and data.
Good Backups: Make sure your files are backed up to a secure, offsite drive or cloud service. Attached drives, like a USB thumb drive, are just as susceptible to infections as the rest of your computer. Offsite services are not fully immune, either, but cloud storage services like Google Drive, Microsoft One Drive and Dropbox can help to put some distance between you and your most important files.
Stay Updated: Always keep your security software and other software up to date. Ransomware often exploits known vulnerabilities. So, make sure Microsoft Windows, Office and other applications have the latest patches and updates applied. Do the same for any tablets and cell phones.
Keep Your Activity Private: Be careful on public networks. If you are using public wi-fi at the coffee shop, or while you’re shopping at the mall, you may not be in a secure environment. Consider using a VPN client to protect yourself.
Don’t Know Them? Don’t Answer: Phishing emails remain one of the primary vectors of infections. A well-crafted phishing email tries to trick you into opening an attachment or clicking a link that will install malware – which may include ransomware - onto your computer.
If you don't know the author of the email, don’t click on any links in the email and don’t open any attachments. Only open email attachments from trusted sources. Know the signs of a typical phishing attack.
Use Secure Logins: Use strong passwords and multi-factor authentication. Avoid using a single password for multiple sites and services. Better yet, consider using a reputable password management software so you aren’t tempted to scribble your credentials on a Post-it note and hide it under the keyboard.
Share the Knowledge: Encourage everyone – employees, housemates, friends, family, everyone! - to follow these same safety practices. Even if you are alert and cautious, a slip by someone else could still take down your entire home or business.
Above all, stay vigilant
When it comes to the safety of your data, consistency is key. Applying good security hygiene every day will give you the best chances at avoiding the devastating aftermath of ransomware. The best way to deal with a ransomware attack? Prevent it from happening in the first place!
