Your guide to ransomware: threats, prevention, and recovery

When it comes to cybersecurity, it may feel like an impossible task to keep on top of all the different cyberthreats that exist. You probably know a lot about some of the more common threats like computer viruses and phishing emails, but what about ransomware?

Ransomware is a type of malware that takes control of files or systems and holds them hostage while demanding you pay a ransom. Ransomware attacks are not new, but they have been a prominent and increasing threat since the mid-2000s. Both individuals and businesses are at risk of being attacked by ransomware.

This guide will cover the basics of what ransomware is and how you can protect yourself and your business from it.

Types of ransomware

Ransomware comes in several different forms. Before we can discuss prevention, it’s important to understand what these threats are and how they work.

The following are the four main categories of ransomware you might encounter:

• Crypto malware. Crypto malware works by encrypting your files using advanced encryption methods and then demanding a ransom in exchange for a decryption key. One of the most well-known examples of this is the WannaCry ransomware attack.
• Doxware. Also sometimes called Leakware. Doxware works by threatening to publish your stolen information online unless a ransom is paid.
• Lockers. A kind of malware that works by locking the user out of their computer entirely and demanding payment to restore access.
• Scareware. This is the term used when pop-ups and other alerts try to trick you into downloading unnecessary and potentially malicious software.

Preventing an attack

Preventing ransomware should part of any comprehensive cybersecurity plan. Consider the following tips to make sure your data is being kept safe:

• Use security software. To help protect your data, use a trusted security suite. Better yet, let your managed IT services provider do it for you.
• Update everything. New ransomware variants are cropping up constantly. It is essential that you keep your security software, operating system, and other software up-to-date. Us the auto-update feature to make things easier!
• Be wary of email attachments. Email is the primary method that malware is delivered. Think twice before opening email attachments. Is it an email from a stranger? An email from someone you don’t hear from that often? Does the content of the email sound out of character? All good reasons not to open the attachment.
• Backup your files. Attackers gain leverage by making valuable files inaccessible. Backup any important files to an external drive or to the cloud, and do so regularly, taking away attackers’ leverage.

You may also want to consult the professionals to make sure you have the best cybersecurity possible.

Recovering from an attack

Ransomware can be difficult to stop because infections can come from so many places. So what should you do if you are targeted?

• Do not pay the ransom. The attackers may request payment in many different forms. Paying the ransom is no guarantee that you will get your files back. In fact, the majority of those who pay the ransom do not get their files back. Even if a decryption key is provided, there is no guarantee that key will work on your computer. Paying the ransom may even set you up as a repeat target.
• Isolate the affected system. Disconnect the infected computer from the network to prevent other systems from becoming infected. Do not attempt to backup any files, as doing so risks spreading the ransomware.
• Identify the malware. Looking at the list above, what type of ransomware are you dealing with? If it’s Scareware you can just close the browser and you should be fine. If it is one of the other three options, knowing the type will help you with the next step.
• Search the web. There may already be information and tutorials online to help you remove the ransomware. Be specific in your search to try to pinpoint the type of attack you are experiencing.
• Contact your managed IT service provider. If you are lucky enough to work with a managed IT service provider, they should be your first call as soon as ransomware is suspected.
• Consider cyber insurance. Designed specifically to cover you in the event of a data breach, if you don’t already have a policy, it might be time to consider cyber insurance.