Suddenly, ransomware has begun to feel like a digital pandemic, crippling one critical business after another. Last month, it was a pipeline delivering gasoline to the Southeast.
But what is ransomware, why is it so devastating, and what can be done about it?
Ransomware, a type of toxic computer software, enables a criminal to hold a company’s data as a digital hostage. Once smuggled onto a network, ransomware finds vital information, then encrypts it so that the data can no longer be accessed without a digital key held by the attacker.
Victims of these attacks are notified that if they want the key, they must pay, usually in the form of a hard-to-trace cryptocurrency like Bitcoin. Refusing to pay means the victim’s data could be lost forever — a death sentence for businesses that haven’t made secure backups of critical files.
When the ransom is paid, the criminals usually keep their word and provide the unlocking key. It’s good business: If they don’t provide the key, the next victim will be less likely to pay.
Still, these are hardly honorable people. In some cases, the ransomware attackers steal a company’s most sensitive information for their own use, or install “back doors” to the network to ensure they can get in again, whenever they choose.
How the infections spread
There are known bugs in many popular software programs that enable hackers to install illicit code without the user’s knowledge. There are repair patches for many such bugs, but businesses and individuals often fail to install them, leaving their machines vulnerable.
People can also be tricked into installing ransomware by opening an infected file attached to an e-mail message or by visiting an infected Internet site.
The work-from-home culture spawned by the pandemic has been a bonanza for cybercriminals, because home computers are often less secure than those in the office. Attackers can exploit these unprotected home machines to get inside corporate networks.
For years, ransomware attacks were largely random. Infected code was sent out casually, like spam e-mails, infecting personal and business computers alike.
While this still happens, ransomware gangs have become much more selective in recent years, deliberately targeting businesses and government agencies with the ability to pay large sums, and a desperate need to get their critical data back.
Last month, the Scripps Health hospital chain in San Diego was hit by a ransomware attack that forced it to shut down most of its computer network. The attack may have been carried out by the same hackers who crippled the entire computer system for Ireland’s national health service.
And in April, vehicle inspections in Massachusetts and seven other states were halted when a ransomware attack closed down the Wisconsin company that runs the inspection network.
When a company gets hit
It’s hard to predict whether a company you depend on might be the next to get hit. Though attackers appear to have recently been targeting critical businesses and government agencies, there is a huge category of organizations that meet that description.
Companies often communicate about the effects of such attacks as they unfold, and they will usually investigate to try to determine the scope of what happened..
But if you do business with a company victimized by ransomware, you can never be completely certain that your own data weren’t compromised. It’s a good idea to at least change your password if you continue doing business with that company.
Defense in depth
As with all computer malware, there’s no perfect defense against ransomware. But you can tilt the odds in your favor.
Install all the latest security updates for your computer’s operating system and for your software applications, including browsers. Never install software from an untrusted source, no matter how cool it looks. Run an up-to-date anti-malware program, such as Norton LifeLock, BitDefender, or McAfee.
Most important, regularly back up all your critical data, and make sure that backup isn’t connected to your computer.
For instance, back up files to an external drive, then disconnect that drive so it can’t get infected. Individuals and businesses can also opt for cloud-based backup services.
There are also consumer offerings like Dropbox and Carbonite, while businesses can choose services offered by companies like Amazon, Microsoft and Google. If the most important files are safely backed up, there’s no point in paying a ransom.