I stood at the locked door of my family’s favorite neighborhood restaurant and peered in the window. How could it not be open on a Friday evening, I wondered.
Then I saw the sign in the window, which explained it: The restaurant would remain closed all week because their computer system had fallen victim to a “ransomware” attack.
Like many people, my daughters had never heard the term “ransomware” and had no idea what it meant. Unfortunately, for computer security experts, it’s an all-too-familiar term. In fact, some experts have dubbed ransomware the “supervillain” of cybersecurity.
So what is this evil new villain, what does it want, and should you be concerned about it? Regarding the last question, the answer is yes. But first, let’s back up.
Most of us worry about cybercriminals stealing our information through viruses and spyware. Ransomware poses a different kind of threat. Instead of theft, these criminals employ the age-old practice of extortion: Pay up or lose access to your information forever.
Ransomware is malicious software that enters the victim’s computer system through a downloaded file or network vulnerability and covertly encrypts files on the victim’s computer. Without knowing the key to decrypt the information, the victim can’t access files. Of course, the cybercriminals will happily provide the decryption key — for a price.
Cybercriminals cast a wide net, potentially ensnaring anyone’s computer or smartphone. It doesn’t matter to them whether it’s your personal computer or one belonging to a business, hospital, school, or even a police department. Nobody is safe.
Yet despite the threat, few consumers are aware of the potential danger.
A recent survey found many consumers are unaware of ransomware — what it does, what type of information can be lost, or how to remediate the damage. Not surprisingly, few consumers expressed concern over the threat of ransomware.
This is particularly troubling given that the number of ransomware attacks is growing rapidly. In the past two years, the FBI recorded more than 4,200 complaints with a reported loss of more than $47 million. And the pace of attacks is accelerating rapidly.
So what steps do experts recommend to mitigate the threat posed by ransomware?
- Become educated and spread the word about ransomware and the danger it poses. People will have a much better chance of avoiding the threat if they know it exists.
- Routinely back up computer files and store them offline to minimize information lost should a ransomware attack occur.
- Keep software up to date to protect against known vulnerabilities.
- Use security software to help prevent these types of attacks from invading computers.
- Only download trustworthy software and do not click on unknown email attachments or links.
Ransomware represents a growing threat to consumers, businesses and others. Understanding the danger and how to protect your computer is important. Otherwise, ransomware might cost you more than just a meal with your family.
Neal Walters is a policy research senior analyst for the Financial Security Team who publishes on topics including information privacy and security, technology, identity theft, affordable home utilities, prepaid cards and credit reporting.