Ransomware keeps appearing in headlines; attacking hospitals, banks, school districts, state and local governments, law enforcement agencies, as well as businesses of all sizes.

Holy moly. This isn’t good.

It’s reaching an epidemic level. The number of people targeted by ransomware is staggering: in the U.S. alone, 4.1% of the population (13.1 million). Back in 2016, cybercriminals collected $209 million in just the first 3 months from ransomware!

What is ransomware?

So what is it? What is this software wreaking havoc all over the globe?

Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with great harm, usually by denying you access to your data. The attacker demands a ransom from the victim, then promises — though not always telling the truth of course — to restore access to the data upon payment. Users are then shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals typically in Bitcoin.

Ransomware has come to be viewed as an epidemic, expanding to more attacks from PCs to mobile devices and IoT. It is typically delivered through phishing emails, drive-by downloads or malvertising.

There are a few types of ransomware

  • Crypto Ransomware
  • Locker/Lock-Screen Ransomware
  • Rogue Security Software: Fake AVs

Crypto Ransomware are variants that encrypt data on an infected host, and demand ransom in exchange for decrypting it. This is currently the most common ransomware type in the wild. Locker/Lock-Screen Ransomware are variants that deny access to the infected host and extort the victim for money in exchange for “releasing” it. Such variants are particularly popular among mobile ransomware. And finally, Rogue Security Software: Fake AVs are programs that “warn” the user against malware, which has already allegedly infected the host and can only be removed by purchasing the malicious “security software.”

There are several different ways attackers choose the organizations they target with ransomware. Sometimes it’s a matter of opportunity: for instance, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.

On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet — and these organizations may be uniquely sensitive to leakware attacks.

But don’t feel like you’re safe if you don’t fit these categories: some ransomware spreads automatically and indiscriminately across the internet.

Defensive steps to prevent ransomware infection

There are a number of defensive steps you can take to prevent ransomware infection:

  • Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
  • Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
  • Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
  • And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.

Good luck out there.