Ransomware-as-a-service — yes, that's a thing
SAN FRANCISCO — Ransomware is a growing problem. It's estimated to have affected tens of thousands of Americans in 2016, and according to the FBI, is on track to make nearly $1 billion a year for the criminals behind it.
At its heart, ransomware is digital extortion. It begins when criminals use subterfuge to get malicious software onto a victim's computer, often through emails that contain software or links to the malware.
The ransomware then infects the computer, encrypting files or locking down the entire system.
When the victim attempts to use the machine, a message pops up informing him or her that files or the computer have been hijacked. The target can only regain access by paying a ransom.
That ransom is typically paid in difficult-to-trace digital currencies such as Bitcoin.
'Lazy' criminals get rich off emailed ransomware
Ransomware has become more prevalent, in part due to the rise of what's known as "ransomware-as-a-service." Beginning in 2015, cybercriminals set up ransomware platforms that performed all the necessary functions for the crime, says a recent McAfee Labs report.
They rent out this network to criminals who don't have the technical expertise to do it on their own, getting paid a commission on every successful ransom.
Ransomware hits both individuals and businesses, with businesses generally being targeted by more sophisticated programs and paying much higher ransoms, in the tens of thousands of dollars. In February a Los Angeles hospital paid $17,000 to unlock its files.
Protection
The best protection against ransomware is to not get infected in the first place. In most cases, victims are infected by opening an email that contains malware or clicking on a link that takes them to a website that installs the malware on their system.
Not opening suspicious emails and not clicking on links send by unknown parties is the best offense.
It's also helpful to keep your operating system up to date and also use, and keep updated, security programs that scan for malware and ransomware, filtering out known variants.
It's also crucial to do frequent and routine backups, so if your system does get shut down you've got a backup of any files that are encrypted. Backup systems should not be continuously attached to the computer or they, too, will be infected and then encrypted by the malware.
Finally, the FBI recommends individuals and businesses think in advance about what they would do if they were the victim of ransomware, so they have a plan should it happen to them.
Bitcoin tutorials
The FBI doesn't support paying ransom in response to a ransomware attack, as there's no guarantee that the criminals will actually unlock the files and it can encourage criminals to attack others.
However, many individuals and companies do pay up because it's often the only way they can get access to crucial files that are not available via backup. In that case, the criminals often helpfully provide tutorials on how to use digital currencies, even going so far as setting up help desks for their victims to aid them in paying their ransom.
The FBI asks that anyone who is hit with ransomware, whether or not they pay the ransom, report the incident so they can track its spread. The Internet Crime Complaint Center at www.IC3.gov has a form for such reports.