You get an e-mail from a stranger with an attachment, why not open it? There is a USB-stick on your desk, why not just upload its content? Nothing interesting happens, until you restart your computer. Suddenly, you get a message. You need to pay up before you get your data back.
Simply put, ransomware encrypts your data, making it inaccessible for the user to see it. Effectively, it’s being kept ransom until the user pays the price. When he or she does, the system will unlock. Another form of ransomware is just exploiting your computer, so it keeps spamming you stuff on your screen. This will only stop once you pay the price.
What can you do against it? If the encryption being used is strong or the file that starts the spamming is deeply hidden in the operating system, really not that much. It’s all about preventing. For example, not opening files from unknown sources. But what if you work for a company that gets thousands of e-mails every day from unknown sources, sending you attachments?
Ransomware gets ‘more intelligent’ by the minute. There are already examples out there that wait for the moment to strike after encrypting your back-up system. This seems like a pretty intense security risk to me.
You probably want to avoid ransomware on your personal computer, but it’s not the greatest risk we’re talking about here. Imagine a hospital getting hit with ransomware. In March 2016, the Hollywood Presbyterian medical Centre in California was actually locked out of its EHR for a week. I think you can imagine the chaos that ensued.
The problem with ransomware is, that is made for the user to pay. So naturally the targets will be the systems that are the ones we really need. Like hospitals. After being hit, the price will be just high enough for it to look acceptable. For a hospital, there may be no other choice than to pay up as fast as possible.
Since ransomware can creep up your system in a about a billion ways, it’s really hard to prevent it. Will just making securer software or train people to be more safe with their tools be the solution? I guess only time will tell. What do you think?
sources used:
https://en.wikipedia.org/wiki/Ransomware
http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/
http://www.computerworld.com/article/3041433/mac-os-x/first-mac-ransomware-had-sights-on-encrypting-backups-too.html
https://tweakers.net/nieuws/116333/meer-dan-helft-nederlanders-heeft-nog-nooit-van-ransomware-gehoord.html
http://www.beckershospitalreview.com/healthcare-information-technology/hospitals-are-hit-with-88-of-all-ransomware-attacks.html