What Is Ransomware?
You've seen detective shows or movies where the bad guys kidnap a wife or child and then demand a huge sum of money, or ransom, from the family for the loved-one's safe return.
A form of that crime has found its way online, and today it affects businesses, cities and ordinary people just like you.
It's called ransomware. That term is the combination of the word ransom and the "ware" in software. True ransomware is an infection in your computer put there by a hacker or online thief. It's a special form of malware, intended to scare some money out of its victim.
You need to know about ransomware because it is a real threat and it's not going away soon. But there are also ways to avoid it, and you need to know that as well.
(By the way, there's also "fake" ransomware, which is essentially a bogus threat meant to scare you into paying anyway, and you need to know about that as well. But whether you ever come across real ransomware or not, either is enough to scare you right into falling for the trap of underground criminals.)
What just happened?
It would happen like this: You go on your computer, perhaps open your browser and/or visit a website, and a message pops up saying that if you don't cough up some money in a day or two, some or all of the files on your computer are going to be deleted...or at least made totally inaccessible to you.
Here's what the CryptoLocker ransomware message and threat would looks like:
Imagine seeing that message one morning...it would be such a shock. And there would be no way to know whether it's true or not...and because ransomware blackmail does exist, it can feel very scary.
Maybe that's why so many people—and we're talking about smart people who aren't easily duped—would rather pay up than run the risk of losing data on their computer. It might surprise you, but there are actual instances where police departments and city agencies have paid the crooks' ransom demands rather than run the risk of losing the data that might be in jeopardy.
And this may sound odd, but the crooks seem to price their crimes just right, because most of the time the ransom seems to be a reasonable amount, as opposed to outrageous. It might be $50-600, instead of thousands of dollars. By paying up, the victim is ensured that their data wasn't lost.
Unfortunately, they also helped the online thieves obtain ill-gotten money...and even more incentive to blackmail other innocent victims.
New crook on the online block.
Ransomware is simply a new twist on and version of good old-fashioned online hijinks by hackers and thieves. It's a combination of malware and trickery, with a dose of serious blackmail tossed in.
It hasn't been around too long, first appearing (according to most sources) toward the end of 2013, when the ransomware CryptoLocker hit the Internet with a bang. It was a new wrinkle, well beyond phishing scams and credit card scams, which security professionals had been battling. Not long after CryptoLocker came Cryptowall, TeslaCrypt and others.
But now that it's here, it has taken root on the dark side of Internet activity. That's why it's important for you to know about it.
A backup plan.
What's at the heart of ransomware? It's the belief on the crooks' part that the data they're threatening to delete is your only copy of it.
If that's the case and they can delete it, you have a tough decision to make—pay up, or risk losing it if the crooks are serious. (Note: It is possible that their threat is an empty one. These are online thieves, and there are some who simply pretend to be holding your data hostage.)
However, if you back up your data often (which means you have another copy elsewhere of the data that was stolen—on a different server, different drive or the cloud), you would feel confident about not giving in to those demands.
Finally, you could simply be very careful when you go online and not give the bad guys an entry and foothold into your computer. By avoiding risky websites, not clicking on risky links and not opening any emails you think are suspicious, you could prevent the malware from ever entering your computer.
That's called prevention. And that's a much better word than payout.
We suggest using an off-site backup service like Carbonite.