What is Ransomware?
Ransomware is a form of malicious software that, once it’s taken over your computer, denies you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment.
Users are shown instructions for how to pay to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin or other untraceable cryptocurrencies.
How Ransomware works.
There are a number of vectors ransomware can take to access a computer but the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.
There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files.
Once encrypted, the user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.
How to prevent Ransomware.
There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks:
1. Keep your operating system patched and up-to-date, to ensure you have fewer vulnerabilities to exploit.
2. Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
3. Install antivirus software, which detects malicious programs like ransomware as they arrive.
And, of course
4. Back up your files, frequently and automatically! It won’t stop a malware attack, but it can make the damage much less significant.