Perhaps you’ve seen a story about ransomware that got some mainstream attention in recent weeks. The FBI sent out an urgent warning to say that the agency had received a number of complaints from people about being locked out of their computers after receiving a message from the FBI regarding illegal activities. The messages were caused by a virus known as Reveton ransomware. As the FBI’s warning explained:
Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.
In the message received by the infected users, a payment was needed in order to unlock the computer. The FBI reported that a number of people were scared enough to pay the fee, which is exactly what the bad guys want. That’s how they make money on the virus.
Ransomware is pretty much as its name sounds. The malware gets on your computer and holds your information hostage until you pay a ransom. As the McAfee report described it:
The malware encrypts data or the entire computer and then, using anonymous payment methods, demands money to restore it. The cybercriminal need not find a processor for credit card payments.
Ransomware isn’t new. But as the McAfee report pointed out, the techniques have been improved and ransomware is more dangerous than ever. It renders machines unusable, kills data and, if on a network, it encrypts all of the data the user has access to.
As much as we’d like to think that savvy computer users are wise to scams that come across in email, not everybody using a computer knows much about basic security practices. And even savvy users get fooled at times. If you see an email threatening you because child pornography was found coming from your computer, would you react first or search for the signs of a scam? (Well, I know everyone reading this would definitely look for the scam first, but can you count on your coworkers and employees to do the same?)
McAfee provided a few tips on how to protect your data from ransomware. One is obvious: Don’t click on links in email without verifying it first. But the other should be obvious and isn’t always: Back up your data regularly. This goes for network and personal computers. It is important to remember that ransomware takes over your data. No backup means that data could be gone forever.