Imagine this: You open an e-mail that seems to come from Google, prompting you to click a link to reset your password. But when you click, a mysterious .exe file downloads and launches. Slowly, all the files on your desktop turn into white paper icons, and the names of all your files turn into scrambled nonsense.
What is happening here? Unfortunately, you've probably fallen victim to a ransomware attack.
The threat defined
Ransomware, as defined by Trend Micro, is "a type of malware that prevents or limits users from accessing their system . . . unless a ransom is paid." Although the term may be new to you, ransomware attacks happen every day. In fact, according to Kaspersky Lab's Securelist, 2.3 million Internet users encountered ransomware between April 2015 and March 2016, and Armada Cloud reports that the volume of attacks grew by 13 percent between August and October 2016.
In the event that a ransomware attack happens to you, it's likely that something much like the scenario mentioned above will unfold. Here's an example of what you might see on your computer screen:
So, do you pay the ransom or simply wait for the countdown to end? Before deciding, you might try searching online for a free tool that can decrypt your files. But keep in mind that the chances of success are extremely slim. Even if a solution to a previous type of ransomware is available, attackers learn from their mistakes and have likely used a more advanced form of the scheme on you.
You might also consider calling law enforcement. Unfortunately, there's very little that the FBI, for example, can do to resolve an individual ransomware incident. But reporting the crime can help put it on the authorities' radar, so they can work on a solution for future cases.
Most of the time, it all comes down to two choices: either you pay the ransomware fee or you don't.
You pay. One bitcoin equals $778 (at the time of this writing), so paying the ransom may be worth it to you, depending on what those files contain. You hit the Next button and follow the instructions to pay your attacker. What happens now?
You don't pay. Maybe you think the attacker is bluffing. (Hint: If you can't access your files, the attacker isn't bluffing.) Or maybe you've decided that the price tag for your data is too high.
The best strategy: be prepared!
In the end, it's your decision. It all depends on how much you think your data is worth, as well as how much you trust that the attackers will stick to their end of the bargain. To give you some insight into the choices others are making, a recent Symantec report found that only 3 percent of victims pay the ransom.
Fortunately, there are three relatively simple precautions you can take to prevent such a costly scenario.
1) Back up your data regularly. Let's say that you back up your files every Sunday night. If you receive a ransomware threat on—worst-case scenario—a Sunday afternoon, you'll lose only a week's worth of data. If you would like to start backing up your files, you'll have to take the time to devise your own schedule and method. When establishing a backup plan, remember to keep these two things in mind:
2) Be wary of phishing. Approximately 91 percent of cyber attacks start as phishing scams, according to Wired. When checking e-mail, remember to:
3) Update your systems ASAP. Attackers know the vulnerabilities of yesterday's technology. The longer you avoid regular updates, the more time attackers have to exploit those vulnerabilities.
Most of us haven't experienced ransomware, but as the number of attacks increases, so does the probability of becoming a victim. If the day comes when it does happen to you, will you have a plan for handling the situation?