What is Ransomware?
Ransomware is a type of malware (malicious software) that takes away your device access and holds it hostage. Often, the hacker responsible will "ransom" device access back to you for a sum of money. There's nothing keeping the hacker from keeping your money and never giving your device access back, though.
A Note About Ransomware Spam Emails
A common email spam tactic is to impersonate ransomware.
Many users receive emails claiming that their device has been hacked. The email may claim various things, like they have access to your files or that they have been spying on you through your webcam.
However, most often this is not the case. If hackers had full access to your device, they would likely use the methods below to try to extort money from you.
You should still do a sweep of your device to make sure the threat is false, but it is unlikely that a hacker with full access to your system would send you an email instead of directly taking control of your device.
To learn more about spam emails, read our Email Spam: How to Identify It and Protect Yourself article.
How Do You Get Ransomware?
Ransomware can enter your device when you interact with infected files or websites. A common way to accidentally download ransomware is to open a spam email's infected attachment. For some ransomware, all it takes is for someone to open the attachment, then it begins the process of infecting your device.
We recommend taking extra care with spam emails. Read our Email Spam: How to Identify It and Protect Yourself article for more information about how to deal with email spam.
There are a few types of ransomware that you can encounter. We go over three of the most common types below:
Encryption ransomware is what many think of when they hear, "ransomware." This common type of ransomware is the most devastating. It will take the files on the infected computer and encrypt them, making them almost impossible to open.
Encryption essentially translates the files into a secret code. To get them back, you need an encryption key to translate the files back to their original (readable) form. Encryption is often used to protect files from prying eyes, like SSL certificates do for website connections. In the case of protective encryption, the encryption key is held by the party that is allowed to decrypt the data. However, ransomware uses encryption to effectively steal your files from you, with the only key being held by the hacker.
For a more thorough look at how ransomware uses encryption, check out this resource by Infosec.
Encryption ransomware can be devastating. Unfortunately, once it takes hold of your computer, it is likely your files are gone. While you could pay the hacker, it's just as likely that they would take your money and give you nothing. If the hacker has used an older encryption method, you can find the encryption key online, but more often it's a lost cause. You can read more about the low chances of decrypting ransomware here in this Kaspersky resource.
The best way to stop ransomware encryption is to protect yourself from the start. Don't open suspicious spam mail (more on how to do that here) and try not to visit sketchy websites.
Screen lockers are another form of ransomware, but they do not encrypt your files. Instead, they effectively lock you out from your computer. It usually happens when your device starts up. A screen may appear that you cannot click away from, keeping you from accessing the rest of your device. This screen usually relays a message to you with the hackers terms, though sometimes they try to use ploys to get you to pay them money (for example, pretending to be the FBI).
Normally, the screen will provide instructions so that you can pay a sum of money to unlock your device. However, even paying the fee may not result in the removal of the screen locker.
Example: You boot up your computer, but instead of your normal home screen, you see a window that you can't click out of. In fact, your entire computer seems to be frozen on this screen. This screen has the FBI's logo on it and says, "This the FBI. We've detected illegal activity and have locked your computer. Pay a fine or $500 or risk jail time."
The example above is alarming, but hackers know they can use tactics like this to trick people out of their money. Legitimate government organizations will use the proper, legal protocols to deal with illegal activities, not a screen locker.
Scareware is included in this list because, while it does not actually take away your device access, it claims it does.
When most people think of ransomware, they usually envision screen lockers or encryptors. However, instead of actually taking over your device, scareware relies on scaring you into thinking you have ransomware when you actually do not.
Scareware normally appears as a pop up. It may impersonate a popular antivirus software or trusted organization. Many scareware pop ups will tell you that your device is infected and present you with a software to remove it. All you have to do is download it. However, the ransomware doesn't exist and the software they're promoting either doesn't do anything or installs malware or adware onto your computer (for example, encryption ransomware).
Example: You're using your computer, when suddenly a pop up appears. The pop up says that your computer has been infected by ransomware! Not to worry, though, all you need to do is buy this special software and it will clean the ransomware from your computer. The pop up has a link to the special software that will magically rid your computer of the ransomware.
It's important to remember that legitimate security software will not attempt to contact you this way, unless it is already installed on your device. Even then, it's important to be careful when clicking pop ups to install new software.
Here are a few things that might indicate you have scareware:
- You cannot access legitimate antivirus websites
- The pop ups are oddly formatted or look strange
- The pop ups are trying to get you to upgrade to a paid plan (legitimate antivirus does do this, but it's very important to make sure it's the antivirus and NOT scareware)
- The pop ups are telling you false information/ reporting false problems
- Your computer has been running slower than normal