The first malicious computer programs, just called worms or viruses, pre-date the internet by a decade. Their function was to disable a computer and not much else. With the internet connecting the globe starting in the ’90s, the bad guys began to use malware, the newer all-inclusive term, to steal data, including identity credentials and financial records.
This kind of theft, though, still required the crook to establish accounts in your name, then use that to steal money with an uncertain likelihood of a payoff. Bank controls or simple vigilance often prevented the thief from making use of the data. In an effort to monetize malware more efficiently, the bad guys eliminated the middle-man. The method we now know as ransomware is the result.
Ransomware, if you fall victim to it, immediately encrypts (locks) all the files on your computer and demands payment (usually in cryptocurrency) for the key to decrypt (unlock) your files. It can befall you in a number of ways.
The first is the malicious link in an email message. This usually has a warning of some kind – your bank account has unknown transactions, your email account will be closed per your request – that scare you into supplying a login ID and password. Once the bad guys have those credentials, they drop a program on your computer, which then locks up all the files, and displays a screen with payment info. When you hear about a company or municipality that has fallen victim to ransomware, this is almost always how it happened. An employee falls for a bogus email, and the program then not only encrypts the files on their hard disk, but on any computer or network server they are connected to.
The second method is to exploit a vulnerability in the operating system or applications you run. We’re all aware of the regular updates that all electronic devices get. These are meant to plug holes that would allow crooks to take over your computer, even without a login ID and password. The bad guys search for computers that haven’t done these updates, use them to install malware, then lock the files and demand payment.
Two ways to avoid ransomware may already have occurred to you. First, if an email message urgently wants you to log in to an account, DON’T. Banks, credit card companies, and your employer or school won’t ask you out of the blue to do this. If you get such a request, call or email the sender or institution using an address or number you have for them. Don’t reply to the message or call the number the scammer sent.
And if you do get hit with ransomware, and your files are locked, what should you do? If you have a backup (and you should), you can restore from that. Don’t have a backup? Use a search engine on another computer (such as the public ones at the library) to see if a decryptor has been made available. Several organizations have created these for use by ransomware victims.
Think before you respond to online entreaties. As always with computing in the 21st century, a little paranoia can save you lots of headaches.