What Is Ransomware?

Ransomware is a type of harmful software (malware) where the threat actor takes control of your system and forces you to pay a ransom to regain access to your system.

Imagine your computer is like a private, secure vault where you keep all your personal and important belongings—photos, documents, and precious memories. Now, think of a ransomware attack as a virtual thief who breaks into the vault, locks it up, and demands that you pay a ransom to get the key and reaccess your belongings.

In this scenario:

• The Vault. Your computer or device where you store all your files is like a secure vault.
• The Thief. The sneaky threat actor who manages to break into your vault.
• The Lock. The thief uses a digital lock (ransomware) to encrypt all your files, making them unreadable and inaccessible to you.
• The Ransom. The thief then leaves a message on your screen, saying they’ll give you the digital key (decryption key) to unlock your files, but only if you pay them a certain amount of money.
• The Dilemma. Now, you’re faced with a tough choice. Do you pay the ransom and hope the thief keeps their word, or do you lose access to your precious files forever?

Just like in a real-life hostage or blackmail situation, ransomware is an attempt to extort money by taking something valuable hostage. It’s a digital version of a criminal locking up your possessions and demanding payment for their release.

1. Scareware

Scareware displays fake warning messages or pop-ups claiming your computer has a virus or issue. This type of ransomware tricks users into paying for unnecessary and often nonexistent services or software to fix the fabricated problem.

Example: Imagine you’re surfing the internet, and suddenly, a pop-up appears claiming your computer is infected with a severe virus. Like a shark in the water, it warns that your personal data is at risk and provides a phone number to call for immediate help. If you call, they might ask for payment to fix a problem that doesn’t even exist.

2. Lock Screen Ransomware

Lock screen ransomware restricts you from accessing your device by locking the screen. Victims of these types of ransomware attacks will see a full-screen message or image that demands payment to unlock the screen and regain access to the system.

Example: You turn on your computer and find that you can’t access anything. Instead, a message on the screen says that you’ve violated a term or policy, and your computer is now locked. To unlock it, you’re instructed to pay a fine or fee immediately.

3. Encryption Ransomware

This type of ransomware attack encrypts the files on your device, making them inaccessible and unreadable. The threat actors then demand payment for the decryption key, which is needed to unlock and recover the files.

Example: You receive an email with an attachment that seems harmless. After opening it, you realize all your important files are now encrypted. A message pops up demanding payment in exchange for the decryption key, without which you can’t access your valuable files.

4. Doxware/Leakware

In addition to encrypting files, doxware, also known as leakware, threatens to release sensitive information unless the ransom is paid. Typically, this information includes personal files, confidential business data, or even compromising images.

Example: Your computer screen is taken over by a menacing message—not only are your files encrypted and inaccessible, but the message informs you that your personal messages, private snapshots, and special moments will be exposed to the public unless you pay a ransom. The threat is not just about losing access to your data but the potential humiliation and distress that could come from having your private life exposed.

5. Mobile Ransomware

Targeting mobile devices, this type of ransomware typically affects smartphones and tablets. It can lock the device or encrypt files, similar to other forms of ransomware.

Example: You download a seemingly innocent app on your smartphone, only to find that it has taken control of your device. Your screen is locked, and a message appears demanding payment to unlock it. You can’t access your contacts, messages, or any other information until you pay the ransom.

6. RaaS (Ransomware as a Service)

Ransomware as a Service is a model where cybercriminals rent or purchase ransomware from others, often through the dark web—this allows less technically skilled individuals to launch ransomware attacks.

Example: A less tech-savvy individual purchases ransomware as a service on the dark web. They follow simple instructions to customize and launch the attack without deep technical knowledge. The individual’s motivation might be financial or information gain, and they can deploy the ransomware against their chosen targets.

Ransomware attacks are extremely unpredictable. Hackers can attack at any time by way of phishing attacks, zero-day cyberattacks, password hacking, or another type of cyberattack.

Remember that with ransomware attacks, the party responsible for the attack is looking to get a quick payday. For that reason, businesses are typically at a greater risk than individuals for ransomware attacks. Hackers know that businesses will be tempted to make a fast payment to save their reputation, regain access to data, and limit downtime. In particular, small and medium-sized businesses with limited IT resources, visually outdated websites, and out-of-date security features should be increasingly cautious of ransomware threats.

Ransomware attacks are tricky—anyone can fall victim to a ransomware attack with the slightest accidental click, such as opening the wrong email or accidentally typing the wrong URL address. While the threat will always exist for your network-connected devices, including mobile devices, workstations, and servers, you can protect your system and minimize data loss if your system gets hacked.

• Stay informed. Education is your best defense when it comes to cyberattacks. Knowing how to safely use equipment and recognize potential threats is critical to preventing a ransomware attack. Security Awareness Training helps organizations stay informed of cybersecurity best practices.
• Employ a cybersecurity solution. High Touch recommends a multilayered cybersecurity strategy comprised of firewalls, endpoint protection, email security, education, and data backup to help protect your organization.
• Know your threat level. A cybersecurity risk assessment can help you understand where your cybersecurity gaps are and how to patch them.
• Update, update, update. Don’t ignore application, operating system, or firewall updates. Often, these updates include critical code patches that prevent hackers from accessing previously identified vulnerabilities.
• Click carefully. If a link, email, or attachment looks suspicious, don’t click on it. Hover the pointer over links to ensure the URL matches the text. Don’t open emails from unknown senders; be especially suspicious of all email attachments you receive. Frequently, ransomware attacks are executable (.exe) files disguised as a more common file format. Click here to learn more about email security.
• Update and maintain your backups. If you fall victim to a ransomware attack, you want to ensure you can still access your data and minimize downtime. We recommend maintaining off-site and on-site backups. Likewise, test your backup solutions regularly to ensure your data is stored and updated as intended.

In the unfortunate event that your system falls victim to a ransomware attack, it is crucial to refrain from paying the ransom. Complying with the attacker’s demands is not guaranteed to restore system access.

Instead, immediately contact your IT Director, managed services provider, or designated cybersecurity point of contact. Ransomware attacks often involve surreptitious background activities, potentially leading to the unauthorized extraction of additional sensitive information. Engaging with a cybersecurity professional is essential as they possess the expertise to detect the intrusion, eliminate the ransomware, and facilitate the restoration of compromised files.

It is imperative to note that without a comprehensive cybersecurity strategy in place, the potential loss of vital and irreplaceable data looms large. A proactive approach to cybersecurity, involving robust protective measures and regular system audits, is crucial for preventing ransomware attacks, minimizing impact, and ensuring the swift recovery of valuable assets in the face of such threats.

High Touch provides full-scale, secure technology solutions, including Managed Services, Cybersecurity, Data Backup and Recovery, and Remote IT Management.

Take the first step in securing your business by engaging in a cybersecurity risk assessment. Contact us today, and let us be your partner in helping safeguard your business from the ever-evolving threats of ransomware.