Skip to main content
Internet Security

Ransomware: What You Need to Know

Written for NortonLifeLock

What if, all of a sudden, the files on your computer became unusable? Every financial document, music file, family picture—you name it—essentially gone. How did that happen? What did you do to deserve this? Welcome to the world of ransomware. Oh, and prepare to pay up, perhaps as much as $10,000, to see those files again.

If you don’t think twice before opening an email attachment or clicking on a link in an email, you are the perfect target of a ransomware attack. The same applies if you download illegally copied software from the Internet rather than pay for the authentic version. These are some of the ways cybercriminals spread malicious software, or malware, to their victims. And among the various types of malware is ransomware, something you may be hearing more about lately because it’s victimizing more people and businesses around the world. You don’t want to be next.

What is ransomware?

As the name implies, ransomware is intended to force a payment—or ransom—by the victim to the person who launched the ransomware attack. The attacker can use a variety of methods, as noted above, to load ransomware on to the victim’s computer. Often, the ransomware will encrypt, or “lock,” the computer’s files, so that they cannot be opened or used. The attacker usually includes a message as part of the attack, asking the victim to pay a fee for the “key” to unlock the files. Payment doesn’t guarantee that the attacker will provide the key. In fact, once the victim shows a willingness to pay the ransom, the attacker may ask for additional payments.

Back to our opening scenario: Consider all of the data you have on your computer—everything from your loved ones’ photographs to your music collection to critical personal documents. If you lost access to all of them due to a ransomware attack, would that be okay with you? Some—like the photographs—may be irreplaceable, while replacing others—like your music library—may be prohibitively expensive. So, it makes sense to learn how to help protect yourself, your computer, and all those important electronic files.

Is ransomware a big deal?

You might wonder how widespread ransomware is. Very.

In its 2017 Internet Security Threat Report, LifeLock parent company Symantec said its detections of ransomware increased 36 percent from 2015 to 2016, to 463,000.

[Full Disclosure: Symantec is the parent company of LifeLock and Norton brands that sells digital security solutions. This article, however, is educational in nature and not designed to promote any offerings and/or services. Our goal is to inform readers, and empower them to make smart decisions.]

How do you stage a ransomware attack?

Criminals who want to infect your computer with ransomware have a handful of tried-and-true methods of doing so. The interesting thing about their tactics is that as long as they continue to work, there’s little reason to change them. The more you know about the tactics, the more you can do to help protect your data.

To stage a ransomware attack, the attacker must both put the malware on your computer and have it execute, or open and run. On top of that, the attacker will likely need to trick you into doing something. In other words, you become the attacker’s unwitting accomplice.

Email is a common way to put ransomware on your computer, and it’s not unlike a friend sharing a picture with you by email. You open and read the email and, then, click on the attached image file to see it. Once you open the file, it moves from the email to your computer. It’s not unusual to receive emails with attachments, so it’s almost second nature—even if you don’t know the sender—to open any attachment to see what it is. (Maybe it’s a cute cat video!)

Another common email tactic used by ransomware attackers is to include a link in the message, hoping you’ll click it to see where it takes you. (More cat videos?) But in these cases, the link takes you to a website where the ransomware is automatically downloaded to your computer.

A 2016 study by Osterman Research said 59 percent of ransomware attacks in the U.S. occur through email. Given how freely so many of us share our email addresses, plus the number of data breaches that have exposed email addresses, it’s not difficult for a cybercriminal to access large numbers of them. As a result, they can send many emails at once, and even if only a small percentage of recipients act on them, there can still be a good return on the criminals’ investment.

Here’s how to help avoid an email ransomware attack

The lesson here is to never open an email attachment or click on an email link unless you’re absolutely certain it’s safe to do so. Hackers can easily make an email look like it’s from someone you know or a reputable entity, so that you’ll be more likely to take action. If you weren’t expecting an email, it makes sense to double- or even triple-check to make sure it’s legitimate. For instance, if the email appears to come from your bank and includes a link to the bank website, asking you to log in to your account, type the bank’s real URL into a web browser yourself.

Other ways ransomware is spread

Another way attackers can put ransomware on your computer is by first loading it on pirated software that you download. It’s relatively easy to find places on the Internet where you can download free copies of popular and, often, expensive software that you would typically purchase from a reputable retailer or software company. If it includes ransomware, that “free” software may turn out to be very expensive. Once you download the software program, the ransomware can go to work.

In May 2017, the WannaCry ransomware attack spread globally by using a vulnerability in the Windows operating system. While individual home computer users were susceptible to WannaCry, file-sharing networks were a lot more fertile ground for the attack. Once unleashed by an unwitting victim, the ransomware acted like a virus, jumping from machine to machine to infect entire networks. This was a new ransomware tactic.

How to help avoid a ransomware attack

So, what steps can you take to help avoid becoming the next ransomware victim? There are a number of relatively simple things you can do to minimize your risk. Here are a few recommendations to consider.

  • Think twice when it comes to email, even when a message looks authentic. If you receive an email with an attachment or link that you weren’t expecting or didn’t request, stop and think before taking action. A simple click could result in a data disaster.
  • Make sure you’re running a version of your computer’s operating system that the manufacturer still supports. That way, you know the company is producing updates and patches that help protect against the latest security threats. And make sure you install those updates and patches. It won’t do you any good if you ignore those “updates are available” messages.
  • Back it up. You have a lot of data on your computer, so it makes sense to have a backup copy of all those files. Even without a malware attack, computers can simply stop working. There are several approaches to data backup, but your chosen solution doesn’t have to be complicated. Ask a tech-savvy friend or colleague.

The FBI recommends not paying if you suffer a ransomware attack. They also ask that you report the crime via the Internet Crime Complaint Center (IC3). But when you see your important data start locking up and, then, a threatening message telling you to pay up or never see that data again, it may be hard to resist. Just know that even if you do give the cybercriminals what they’re asking for, that doesn’t guarantee they’ll make things right. You’re dealing with criminals after all.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Start your protection,
enroll in minutes.