Are You Being Targeted by a Ransomware Attack?
When cybercriminals launched a ransomware attack against Andrew Ferguson’s small boutique liquor store, he was surprised. Attackers froze several weeks of Ferguson’s business data and asked for only $500 to restore it [*].
While stories of million-dollar ransomware attacks on major companies and government agencies populate the news, they are only part of the problem. Ransomware gangs use automated tools to target individuals and small businesses that can’t afford to deploy enterprise-quality security systems.
In 2022, the FBI received 2385 reports of ransomware with victims losing $34 million in total [*].
Even worse, victims of ransomware attacks are 80% more likely to suffer a second attack later [*].
In this guide, we’ll explain how ransomware attacks happen, the common vulnerabilities that could make you an attractive target, and what you can do to prevent a ransomware attack.
What Is a Ransomware Attack? How Does It Happen?
Ransomware is a type of malware that encrypts victims’ data, preventing them from accessing it. To break the encryption, victims must pay for a separate decryption software.
Ransomware has been around for more than a decade; but it exploded in popularity after 2017, when the global WannaCry ransomware attack infected more than 200,000 devices. There is now a sophisticated ransomware industry that provides automated solutions and even customer support to ransomware attackers.
Here is a step-by-step explanation of how a typical ransomware attack happens:
- Hackers send phishing emails or texts with infected links. Scammers design these messages to look like they come from legitimate organizations in order to create a sense of urgency that prompts you to click on a link without verifying the message.
- If you click on the link, your device gets infected with ransomware. Hackers use known vulnerabilities to gain access to your data — such as through Microsoft’s remote desktop protocol (RDP) [*]. Infections can also occur from malicious email attachments or “drive-by-downloads” on infected websites. Modern ransomware executables work on their own and can spread from device to device once gaining access to a network.
- Next, the ransomware begins encrypting your files. This process isn’t immediate and may take hours, days, or even weeks. Eventually, the ransomware will encrypt critical files that prevent your device from working altogether.
- Then, hackers demand payment. Once your device is locked, it will display a message urging you to contact the hacker and pay the ransom. The ransomware industry often uses cryptocurrencies like Bitcoin to facilitate transactions between attackers and victims.
- If you pay, hackers might return your data. Ransomware operators promise to decrypt victims’ data after payment, but they’re under no obligation to do so. If hackers find embarrassing or sensitive information and photos, they may continue to target you with extortion messages. They may even leave vulnerabilities in your system to target you again later.
How Hackers Target You With Ransomware: 7 Vulnerabilities
In most cases, for a ransomware attack to work, hackers must trick their victims into downloading malware. Here are seven common ways that ransomware hackers can target you:
Your personal data has been exposed on the Dark Web
If you’ve entrusted your data to an organization that suffered a data breach, hackers can use that information to target you with personalized phishing attacks containing malicious attachments. Use a free Dark Web scanner to see if your personal data is at risk.
You accidentally downloaded a virus on a torrent website
Peer-to-peer torrent websites allow people to download “cracked” software and games without paying for them. Hackers may hide ransomware among these titles and distribute them to large numbers of people.
Using outdated software or operating systems
Software developers patch known security issues with each new update. For example, using an obsolete version of Microsoft Windows on your device can put you at serious risk of being attacked.
Old devices or unsupported browsers
Older devices may not support the latest security software. These devices are excluded from new security patches, which exposes them to new risks. Out-of-date web browsers that don’t receive ongoing maintenance and support are also at risk.
You don’t have a backup system in place
Ransomware attacks can’t succeed if you can simply restore your system from a backup. If you have access to backups made before the attack took place, you can mitigate the risks of most ransomware attacks.
Your personal information is publicly available online
Hackers can use your career information, social media posts, and more when designing phishing content. They may even use harmless content against you — like vacation pictures you’ve posted — to impersonate a company such as the airline you flew with, for example, as a ploy to get you to click on malicious links or attachments.
A lack of antivirus threat protection
Security vendors constantly update their antivirus programs with information about the latest ransomware variants. Reputable, high-quality vendors gather this data more frequently than generic alternatives, which allows them to disable ransomware once it arrives on your device.
How To Protect Yourself (and Your Data) Against Ransomware
- Make sure your software and operating systems are up to date
- Back up sensitive files in a secure place
- Safeguard your accounts with multi-factor authentication (MFA)
- Learn the warning signs of a phishing attack
- Block pop-ups in your browser
- Use antivirus or anti-malware software on all of your devices
- Create a user account with limited permissions
- Follow your company’s IT and cybersecurity policies
- Use a virtual private network (VPN) on public Wi-Fi networks
- Remove personal or sensitive information from the internet
Ransomware attack mitigation requires the right digital security setup as well as a degree of threat intelligence to recognize the latest scams.
Here are 10 things you can do to help keep yourself and your family safe:
1. Make sure your software and operating systems are up to date
Most malware and ransomware exploit vulnerabilities in software and operating systems to access your data. Software updates often include security patches that protect your devices and application products against newly discovered vulnerabilities.
Keeping your devices up to date is one of the easiest ways to protect your data from the latest ransomware threats. This applies both to your device’s operating system and the individual applications that you use on a daily basis.
2. Back up sensitive files in a secure place
Secure backups allow ransomware victims to turn back the clock, restoring their systems from a point before the attack occurred. With a reliable and secure backup solution in place, you may be able to simply ignore a ransomware attack as if it never even occurred.
However, ransomware developers know that backups can ruin their plans. Many sophisticated attacks corrupt connected backup drives first, preventing victims from restoring their systems from an earlier point. Similarly, slow-moving ransomware encryption methods might mean you still lose several weeks of data despite being prepared.
Here are some ways to keep your backups safe from ransomware:
- Keep multiple copies of your data in several different places. Ideally, you should have important data on a secure on-premises hard drive that ransomware can’t reach.
- Don’t throw away old backups. Ransomware can strike after weeks or months of undiscovered activity. Make sure you have older backups available, even if restoring data from them is inconvenient.
- Use secure cloud storage. Cloud-hosted data backups can resist cyberattacks if the cloud provider uses a secure “Zero Trust” model for interfacing with users.
3. Safeguard your accounts with multi-factor authentication (MFA)
Advanced ransomware can easily break into accounts protected only by a password. This is especially true if your passwords are located anywhere on your device. Remember, ransomware works by encrypting your personal files — nothing prevents it from snooping into the contents of those files to find sensitive data, too.
Multi-factor authentication (MFA) adds another layer of ransomware protection to sensitive accounts. To gain access, you need to verify through an additional method such as a one-time-use code or biometrics.
4. Learn the warning signs of a phishing attack
Phishing attacks are among the most common methods hackers use to infect victims’ devices with malware. Spoofed emails, fraudulent text messages, and other phishing scams provide hackers with easy ways to install ransomware onto your device.
The good news is that most phishing scams follow a predictable pattern, which anyone can learn to spot.
First, scammers impersonate a trusted organization or institution such as your bank. Then they create a sense of urgency by telling you that they’ve detected fraud on your account, or by inventing a problem that you must solve. Once they guide you to a spoofed website that downloads ransomware onto your device, the attack is complete.
How to protect yourself against phishing attacks:
- Never click on links in emails or text messages. Instead, manually type the web address into your browser. This reduces the risk of being redirected to a spoof website.
- Verify unsolicited messages through a separate channel. If an organization contacts you out of the blue, look up its official phone number on its website and call to confirm that it’s really them.
💡 Related: How To Prevent Phishing Attacks →
5. Block pop-ups in your browser
Malicious pop-ups can also download ransomware directly to your device when you click on them. Many of these pop-ups claim to come from trusted sources — like your browser or an antivirus tool.
They’ll almost always warn you that your device is infected with malware and that you need to click on a link to protect yourself. But the whole thing is a ruse to get you to download ransomware.
6. Use antivirus or anti-malware software on all of your devices
Ransomware applications often disguise themselves as legitimate files and programs. To detect them, you need antivirus software that can scan files and applications to look for known threat indicators.
These scans look at what applications do to make sure they’re legitimate. For example, it makes no sense for spreadsheet macros to encrypt system-critical files, so a good antivirus would flag this with an alert.
Not all antivirus solutions are equally secure, though. Some free antivirus programs actually infect devices with malware instead of cleaning them. Always choose a reputable brand that charges for its antivirus software.
7. Create user accounts with limited permissions
Some ransomware attacks target user accounts with privileged access to sensitive data. These accounts give hackers the ability to bypass many of the built-in security solutions that modern software and operating systems have in place.
Here’s what to do:
- Create multiple accounts with different security settings. Most apps and devices support multiple accounts, which means you can create and use accounts that represent a lower risk to your overall security. This is particularly useful for devices shared between family members – especially children.
- Use a non-administrator account for everyday tasks. In most cases, you need to have one administrator-level account that has access to sensitive files and information. If hackers compromise this account, they can gain access to the same data. Using a less-privileged, non-administrator account for everyday tasks exposes you to less risk from ransomware and other threats.
8. Follow your company’s IT and cybersecurity policies
Many ransomware groups target businesses and organizations. Your workplace may expose you to ransomware risks, especially if you have one mobile device for both work and personal use.
Your organization should practice good cyber hygiene, and may have a comprehensive security policy in place to support that goal. However, not all companies take time to conduct awareness training for employees in order to identify security best practices and create incident response playbooks.
If possible, consider getting separate devices for work and personal use. This can limit the impact of many types of ransomware attacks, and prevent them from spilling over between your personal and professional life.
9. Use a virtual private network (VPN) on public Wi-Fi networks
It’s surprisingly easy for hackers to spoof public Wi-Fi networks. When they do, they can intercept any data sent over the network or even inject malware onto your device.
Virtual Private Networks (VPNs) reduce this risk by encrypting the data you send to public networks. When hackers try to intercept encrypted data, they get useless information that they can’t read.
VPNs protect your identity and devices from hackers, which makes you a less likely target for ransomware. However, VPNs don’t directly stop ransomware from operating on your device. You can still accidentally download malware through a VPN the same way you would with an unencrypted connection.
10. Remove personal or sensitive information from the internet
Take a moment to review your digital footprint – the information that is publicly available about you online. Scammers can use this information to craft more credible phishing messages by using information about where you work, where you’ve traveled recently, or your closest friends.
The less public data about you that is available online, the more protected you are from sophisticated social engineering scams.
Here are a few tips to keep your social media feed clean:
- Avoid posting any pictures of sensitive documents. This includes your IDs, credit cards, health records, or any other legal documents. Blur out any data that would help someone compromise your identity.
- Pay attention to what your friends and family members post about you. Even birthday messages and other congratulations may contain information that hackers can use.
- Be careful with location-sharing services. If scammers know the restaurants you visit, the banks where you have accounts, or the airlines with which you fly, they may use these details against you.
Was Your Device Infected With Malware? Do This!
You’ll often only know that you’ve been hacked after your device’s critical files have been encrypted. The device may not respond to anything you do, but it will display a message instructing you to pay hackers in order to get your device back.
If this happens, you need to act quickly. Here’s what to do:
- Disconnect your devices from your Wi-Fi network. This ensures that the ransomware infection cannot spread. However, there is a possibility it has already spread to your other devices on the network.
- Run a full antivirus scan of your other devices. Download and run antivirus software on every device you’ve used in the recent past. You may be able to prevent the ransomware from activating on those devices.
- Contact your local FBI office for help. Federal law enforcement helps individuals respond to ransomware attacks. Contact one of the FBI’s 56 field offices to report the crime, and follow their directions to resolve it.
For businesses and employees:
- Disconnect from your company network. This will help prevent other endpoint devices on your network from being locked down.
- Power down devices and workstations that you can’t disconnect. Some ransomware variants prevent victims from disconnecting their devices. Remove their power cables and batteries to prevent them from spreading ransomware.
- Contact your IT or InfoSec team. If your company doesn’t have a dedicated IT security team capable of handling cybersecurity incidents, you or your supervisor should contact the FBI directly.
After you’ve reported the attack:
- Update all of your passwords. You should assume that most of your online accounts are compromised after a hack. Make sure you change all of your passwords — and use complex and unique combinations of upper and lower case letters, numbers, and symbols for each account.
- Enable two-factor authentication (2FA). Use 2FA on any account that will let you. Whenever possible, use an authenticator app instead of SMS for 2FA codes.
- Submit the ransomware files to CISA. The Cybersecurity and Infrastructure Security Agency (CISA) can help you deal with the fallout of a ransomware attack.
If you have secure backups ready:
- Scan your backup files with an anti-malware scanner before remediation to ensure that you don’t reinfect your devices.
- Identify the date that the ransomware first appeared on your system.
- Restore your systems from a date prior to the date on which you were first infected.
The Bottom Line: Don’t Become a Ransomware Victim
Ransomware is a growing threat for large organizations, but individuals and small businesses are just as likely targets. Sophisticated ransomware gangs will continue to look for the easiest targets to exploit, and protecting your devices and accounts from vulnerabilities is the best way to prevent these damaging attacks.
Consider using a full-service identity theft protection provider that includes ransomware prevention technologies.
Aura keeps your data, devices, and identity safe with a suite of proactive security features — including antivirus, VPN, password manager, and Safe Browsing tools — along with 24/7 U.S.-based support from Fraud Resolution Specialists and up to $1 million in identity theft insurance coverage for every adult on your Aura plan.