If you’re one of the thousands of computer users who now get hit by ransomware every day, there can be no greater frustration than seeing your desktop image change from its usual serene outdoor scene to a ransom note.
“ATTENTION!” The note reads in a typical case. “All your files were encrypted by CryLocker!” But “cry not,” the note might go on to urge, as all of the documents, photos, videos, and other files on your computer are easily decrypted. That is, as long as you are willing to pay the Bitcoin equivalent of $500 for the decryption key. And the price goes up if you hesitate more than a few days.
Ransomware is not only on the rise, but it’s proliferating quickly, and it’s mutating. New variants with new capabilities have emerged, making this major threat more dangerous than ever. And with the same encryption used by cybercrooks as major banks, cracking the code to release your files is often all but impossible. Fortunately there is one sure method for recovering encrypted files that doesn’t require paying a ransom. That method is backup.
An Increasing Toll
According to the U.S. government, some 4,000 ransomware attacks are carried out every single day, a 300% increase from just last year, and the number is still rising. That’s because ransomware has emerged as one of the most profitable businesses for cybercriminals, complete with affiliate distribution networks allowing even technically unsophisticated criminals to get in on the action.
The attacks are especially devastating given that even paying a ransom is no guarantee that files will be decrypted, says an interagency ransomware security brief released recently by the U.S. Department of Justice. Paying a ransom, the brief says, “only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.”
Multiple Variants, Same M.O.
Ransomware infections are increasing in their variants as well as their frequency. New ransomware types appear at a rapid clip, and old ones are continually upgraded, just as in the regular software business. In fact, ransomware as an industry has taken on many of the trappings of its legitimate counterpart. There’s even an increasing focus on “customer” service geared toward helping victims make their payments quickly and efficiently. How ransomware works, however, remains similar across all variations.
First, a user’s computer is infected. This can occur when a user clicks on a link in an email designed to look legitimate. Cybercrooks may send emails to potential victims claiming to be from a major credit card rewards program and inviting them to view details in an attached file. Opening the file infects the victim’s computer.