Ransomware is a type of malware that locks access to a computer and its drives. Many forms of ransomware take complete control of the computer system, encrypt all of the files, and deny access to the system and any files until a ransom is paid. If the ransom is not paid by the stated deadline, many ransomware programs will continue to raise the ransom. And, unfortunately, many ransomware programs require payment to be made in currencies such as bitcoin, making it very difficult to locate the wrongdoer or recover the funds.
In late June, the FBI issued an advisory regarding ransomware programs, particularly CryptoWall and its variants. Based on FBI reports, at least 992 ransomware incidents occurred between April 2014 and June 2015, costing victims a combined $18 million. The financial impact to each victim typically varied between $200 and $10,000.
The most sophisticated ransomware programs will spread beyond the initially targeted device to as many networked systems and servers as it can. Encrypting files as it goes, ransomware programs typically infiltrate systems when a user unknowingly installs or enables the ransomware program. Much like other viruses and malware programs, ransomware programs are typically placed as attachments to emails.
While the goal of most viruses and malware is to obtain information from systems, the goal of ransomware is to stop the user from accessing information on these systems. The programs charge users a premium to use their own systems. And, because the ransomware programs can encrypt files at a high-level bitrate, companies often find it more cost-effective and efficient to pay the ransom than to take actions against the ransomware in an effort to defeat it and/or prosecute the wrongdoers who originated it.
Because no protection system can keep up with the breakneck speed at which ransomware programs develop, strong proactive policies are critical to protecting any company. An education policy to keep system users up to date helps strengthen the first line of defense. Critically, frequent and thorough backups—isolated from the potentially infected networked systems—allow companies to continue to access information and even recreate affected systems if they choose not to pay the ransom.
With the growing prevalence of ransomware, information security programs should include appropriate protections and planning to avoid potentially disastrous effects, such as massive system downtime and business losses, if ransomware finds its way in. Otherwise, you may find yourself locked out of your systems and having to decide whether to pay the ransom as it continues to increase.