What Is Ransomware?

A business’s computer network, which may comprise of network and database servers, is the operation’s lifeline.  A successful business should require its computer network to be secure and protected.  There are many ways that these measures can go wrong.  Yes, sometimes hackers can get in and access sensitive information (e.g., trade secrets, intellectual property) without authority.  There are countless ways for a hacker to obtain unauthorized access to a private network.  However, what happens when the hacker has gained unauthorized access? In the hacker’s tool belt is a special kind of malware known as “ransomware.” What can ransomware accomplish? How can you spot it? How dangerous can it be to your business?

What is Ransomware?

As the name might suggest, ransomware is a program that holds (or claims to hold) data hostage.  It then encrypts data, and renders it inaccessible until the data owner pays off the hacker.  Generally, the hacker will place the malware on the host computer through an email attachment, special program, unverified email, or malware that accesses a computer through pivoting, and then releasing the “payload” which consists of the malware.  After ransomware is activated, it sends an alert on the electronic device, usually demanding payment to an account, in the form of cryptocurrency (e.g., Bitcoin) or credit card payment.

However, ransomware is not only a program that locks data since it also focuses on the victim’s fear.  Instead of holding data hostage, the ransomware just threatens it. For example, if an employee engages in illicit activities, such as illegally downloading music, a pop-up may hit the webpage.  This pop-up would say something like: “This device is now hacked! Call this number to unlock it.”  The employee, who is now in a panic, may blindly call the number and pay without question.  However, in the victim’s panic, he/she may not realize that the electronic device is safe and unlocked.  Instead, it’s just a false flag that is meant to scare a victim into payment.

The “false” ransomware may imitate law enforcement agencies such as the FBI.  An example of this is the Citadel malware and Reveton ransomware.  Citadel would lure a victim to a drive-by-download website, where Reveton would be installed onto the victim’s electronic device.  Thereafter, Reveton would freeze the screen and display the ransom request, posing as the FBI, and demanding payment by the victim.

How to avoid Ransomware?

To avoid ransomware, it’s best to use general safe computing standards: For example, don’t click on unknown links; don’t visit suspicious websites; and maintain anti-virus and anti-spyware programs on your electronic devices. As always, ensuring a multi-step back up (keeping copies on the Cloud, external hard drive, and/or another remote device) is preferable.

If you are hit by ransomware, follow these steps:

  1. Disconnect your electronic device from the network, if possible. Remember that hackers can pivot to another electronic device when they get into a network.
  2. If the alert occurs while you are on a website, see if you can force quit from your internet browser.
  3. If force quitting fails, then attempt to restart your electronic device. Do not reconnect to the network until you have performed a security scan.
  4. If your electronic device cannot be unfrozen from the encryption, do not pay the ransom. While you could get the recovery key to unencrypt your device and allow access, there is no promise. Even if you can force re-access your device and wipe out the ransomware, the ransomware may make it impossible to recover data.

At our law firm, we assist clients with legal issues related to internet, technology, intellectual property, and e-commerce transactions. Please contact us to set up an initial consultation.