Let’s say you come home from work one day and log on to your computer, but you can’t open any of your files. No matter what you do or how hard you try, you simply can’t retrieve them. Regrettably, you realize that you’ve never backed up your important information, such as photographs, documents, music, videos, and contacts, and now it might be gone forever. Or maybe you did try to back it up recently but, for whatever reason, it didn’t work. What if you’d been writing a thesis paper for months to complete your graduate degree? What if you were an author who had already written 80 percent of your next novel? What if you were a bookkeeper? A lawyer? A doctor? How much would you be willing to pay to get your clients’ files back, instead of losing them forever? Would you pay $200? Or maybe $500? Or even $1,000? (1) What if you found yourself in this quandary and were suddenly presented with a solution and opportunity to get all of your stuff back? It sounds like a great business decision—especially for the bad guys who are holding your information hostage.
Encryption has been a wonderful thing in the digital world. It was designed to keep our computers safe, so, as long as your information was encrypted, any would-be thieves who found your laptop (or stole it) wouldn’t be able to gain access. Unless your password is extremely weak, such as jordan2005 or password123, a bad guy would probably have a difficult time accessing your files. As a result, cybercriminals figured out a way to subvert the value of encryption and use it against you to make money. Hackers created what we now call ransomware; you may have heard of some recent examples, such as the Cryptolocker virus, Crypto Wall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton. (2) Ransomware is a type of malware that targets both human and technical weaknesses in an effort to block users from accessing important data and/or systems—until the victim pays a ransom in exchange for a decryption key that unlocks the captive files and/or system.
Here’s how ransomware works: You log in to your computer and can’t access any of the information. After you figure out that you can’t remove a nasty virus to open your files, you’ll find a note in your system that says something like, “Hi, my name is Boris Badenov. If you don’t pay me $500 in bitcoin in the next twenty-four hours, you’ll never get your information back.” (3) You, like most people, may not even know that bitcoin is untraceable virtual electronic currency. Because Boris is so nice, he has presented you with a low-cost solution that will allow you to retrieve your files. It’s like he’s giving you a magic wand to make the nightmare go away, right?
How did you get ransomware on your computer? (4) You most likely received a spear-phished email with a link, and when you clicked the link you were taken to a website where the malicious payload was installed. There’s a good chance there was a vulnerability in one of your software programs, and either you didn’t patch the program or the crooks discovered it before the vendor did. Once a malicious payload is installed on your computer, it locates all of your important files—documents, photos, videos, databases, and music. The ransomware is designed to encrypt all of that information and lock you out; some variations of ransomware even impact your operating system and prevent the computer from starting. The encryption is sophisticated and usually unbreakable; a super computer at a university isn’t even powerful enough to defeat it. Ransomware can be especially damaging to your computer at work, which is probably connected to a network. If the network is poorly configured, the infection can spread through an entire organization.
