In this article:
Ransomware is a type of malicious software (malware) that often encrypts your files or locks you out of your machine. The ransomer will then ask you to pay a ransom, often using a cryptocurrency and sometimes within a specific time frame, if you want to get access to your files or computer.
Many cybercriminals use targeted ransomware attacks to infect businesses and government agencies that can afford large ransoms. An Experian study with the Ponemon Institute found that 47% of responding organizations experienced a ransomware attack in 2021, and the average ransom paid was over $550,000.
While individuals might not be targeted as often, or have as much to lose, it's still important to be aware of ransomware. You may come into the crosshairs of an untargeted attack, and a few safety measures could help protect you.
How Ransomware Works
There are several types of ransomware and malware, and each works a little differently. Here are some of the common variations:
- Encryptors: Encryptor ransomware may be the most well-known, in part because it's what was used during high-profile attacks, such as the ransomware attack on the Colonial Pipeline in 2021. This type of ransomware may encrypt files and delete backups to hold your information hostage, and some ransomware will try to spread and lock up a company's entire network.
- Lockers: Locker ransomware locks you out of your device rather than encrypting your files. Your entire screen may be taken over by the ransomware's message, which will also pop up if you restart your computer.
- Leakware: Leakware or doxware might look for sensitive or personal information and threaten to leak or sell it online if the victim doesn't pay a ransom.
- Scareware: Scareware uses a bluff and tries to extort money from victims by playing on their fears. You may see a popup that your computer is infected or that a government organization has detected illegal activity on your machine, and a prompt to pay a fee to resolve the issue.
Criminals don't need to be programmers to use ransomware—there are companies that develop and sell ransomware-as-a-service (RaaS). Criminals can find these subscription services on the dark web and pay a fee or a portion of the ransoms they collect to use the software. Similar to other types of subscriptions, there may be reviews, customer support and licensing agreements that go with a RaaS membership.
Ransomware attacks have also evolved over the years, and double-extortion encryption attacks are now common. Ransomware victims might not want to pay if they can restore their files or systems from a backup. But in a double-extortion attack, the criminals encrypt the victim's files and also threaten to release sensitive files unless the ransom is paid.
How to Protect Yourself and Avoid Ransomware Attacks
Most individuals won't be targeted—there's more money to be made targeting large corporations, municipalities and government agencies. But you still want to protect yourself from ransomware that's widely spread in the hope of unintentionally finding a victim.
You can take several steps to avoid getting ransomware:
- Don't open attachments in emails from unknown senders.
- Don't click on links in emails, which may bring you to a site that's different from the URL that appears in the email. You can type in the URL if you want to visit the site.
- Install the latest updates and security patches for your operating system and other programs.
- Use and regularly update antivirus software.
You can also regularly back up your files in case your computer gets hit. You may be able to use a cloud-based backup. Or, you could back up files to an external hard drive. But make sure you don't plug the external hard drive into your machine until you're certain that the ransomware has been wiped.
What to Do If You're Targeted by Ransomware
If you're hit by ransomware, you may be tempted to pay, especially if the attackers are asking for a relatively small amount. But No More Ransom, a site and service supported by law enforcement agencies from around the world, advises victims not to pay a ransom, in part because it may encourage criminals to continue ransomware attacks. But also, there's no guarantee that paying the ransom will actually result in you getting access to your files.
Consider some of the alternative steps you could take:
- Isolate the device. You may want to quickly disconnect your computer from your home network to keep the infection from spreading. You could unplug an Ethernet cable, put the device into airplane mode or turn off the Wi-Fi. You can also power down the device if you're not able to disconnect it.
- Report the attack. You can also report the attack to the FBI's Internet Crime Complaint Center (IC3), which may be able to offer some assistance.
- Try the Crypto Sheriff. The No More Ransom site also has a free Crypto Sheriff tool, which may be able to identify and decrypt your files for free.
- Revert to a backup. If you have backups and are comfortable with the process, you may want to wipe your computer's hard drive, reinstall the operating system and use the backup to restore your machine.
- Hire professional help. You could also try reaching out to a tech support service provider to ask for advice and help. They may be able to assess your device to tell you if it's actually encrypted or locked (or there was just scareware), and to help you through the recovery process.
Fortunately, it may be easier for individuals to recover from a ransomware attack than organizations that have a large network of computers with troves of confidential data. But it can still be a scary, time-consuming and potentially expensive process. As is often the case, prevention is the best approach.
Keep Your Information Safe
Basic cybersecurity hygiene can help protect you from ransomware and other types of cyberattacks. But your personal information could also be leaked through a data breach or other type of attack. Look into services that offer dark web monitoring and credit monitoring, which can warn you if your personal information is found online and if someone is trying to fraudulently open new credit accounts. Some services, such as Experian IdentityWorksSM, also come with identity theft insurance and dedicated fraud resolution support.