1. WHAT IS RANSOMWARE?
2. WHAT SHOULD YOU DO?
- Ransomware is a type of malware that holds a computer's files hostage until a "ransom" is paid. Once installed on a computer, it begins "encrypting" or locking files including documents, pictures, videos, MS Office files and PDFs. Ransomware can also affect files stored on shared network drives, USB drives, external hard drives, and even cloud storage drives in some cases. The malware then displays a message demanding payment within a set period of time, or the "key" to decrypt the files will be destroyed and the files will be lost forever.
- Ransomware criminals demands payment of the ransom by Bitcoin or MoneyPak, two essentially untraceable payment methods. Once payment is confirmed, the program promises to decrypt the encrypted files.
- Ransomware is spread through fraudulent emails with malicious links or attachments.
Many victims have reported that the fraudulent emails appeared to be from FedEx or UPS and had tracking notices attached. Ransomware usually spreads by pretending to be flash updates or video players required to view an online video. It also can be an email with a zip file directing the recipient to 'open the document' that was supposed to have been 'scanned and sent to you.'
3. IF YOU BELIEVE YOUR COMPUTER IS INFECTED
- Backup, Backup, Backup.
Regularly backup your files and keep these backups in an offline location that is not connected to the internet.
- Careful What You Click.
Most ransomware campaigns begin with a phishing attack. As a rule, you should never open an unsolicited email from a source you do not recognize.
To learn how to easily recognize phishing attacks, read our report "How Human Behavior and Decision Making Expose Users to Phishing Attacks".
- Anti-Virus Software.
Keep your anti-virus software up-to-date.
- Software Updates.
Keep your operating system and other software up-to-date with the newest patches.
WITH RANSOMWARE, FOLLOW THESE STEPS:
- Disconnect from the Internet ASAP.
- Contact a Computer Professional.
- Change Passwords.
- File a Complaint with the Internet Crime Complaint Center.
- For more security tips continue reading below.
FBI / Crime Commission Alliance on Cybercrime
How to Protect Yourself from Ransomware
There are precautions that can and should be taken by internet users in an attempt to secure any network.
Tips for Individuals
Some defense techniques to be used for securing one's home network include steps such as:
Some general safety measures that all internet users should take include practices such as:
- Install a comprehensive home-based security suite
- Limit the use of the administrator account
- Use a web browser with sandboxing capabilities to help prevent invasion
- Migrate to a modern operating system and hardware platform that offers more advanced protection
Email best practices are important to keep in mind as well:
- Effective password management
- Use caution when storing personal information on websites
- Examine all links closely before navigating to a new webpage
The National Security Agency offers more detailed information on securing a home network.
- Avoid clicking on links or opening attachments in emails from an unknown sender in an attempt to avert phishing scams
- Be sure to keep anti-virus software up-to-date in order to avoid the acquisition of destructive computer viruses and spyware
Cybersecurity For Individuals
General Online Safety Resources
How to Secure Your Home
How to Secure Your Mobile and Smart Devices
Social Networking Safety Tips
Resources for Parents
Media & Resources
WHERE TO REPORT CYBERCRIME?
Adware: A computer program used to track users' online activities and deliver targeted pop-up ads to users.
Bitcoins: Uninsured digital currency, also known as "cryptocurrency," which operates independently of central banks. It is used for peer-to-peer electronic transactions and transfers.
Botnet: A collection of private computers that have been infected with malware and are being controlled by a cyber criminal without the owner being aware. Criminals will likely use botnets to send out spam messages, spread viruses, and commit fraud.
Computer Worm: A malware that replicates itself over a computer network and usually performs malicious actions such as damaging data, or using up the computer's resources and possibly shutting the computer down.
Denial-of-service (DoS): An attacker attempts to prevent legitimate users from accessing information or services. Typically, a network server is bombarded with authentication requests; the attack overwhelms the resources of the target computers, causing them to deny server access to other computers making legitimate requests.
Encryption: The process of encoding data or confidential information so that it is not easily understood by those who are not permitted access to it.
Firewall: A computer security program that blocks incoming network traffic and screens for hackers, viruses and worms that try to reach your computer over the Internet. Users should make sure that firewalls are enabled on all their network devices.
Keylogger: A type of spyware that records every keystroke of the user and reports this information back to its source.
Malware: Short for "malicious software." It consists of viruses, worms, spyware, Trojan horses and botnets that become installed on computers, Internet of Things or mobile devices without consent. Malware is often used to steal private information, send spam messages, and commit online fraud.
Phishing: A type of cybercrime in which individuals deceive others by posing as legitimately established enterprises (your bank, government agencies, the FBI, employer) as to steal users' valuable personal information, such as account data and credit card information.
Proxy Server: A proxy server is an intermediary between your PC or device and the Internet. This server makes requests to websites, servers and services on the Internet for you. Cyber criminals use proxies to route their communications through several different locations or even countries. Because of this, it can be quite an exhausting challenge to track down cyber criminals.
Ransomware: A type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.
Spyware: A type of malware that is self-installed on a computer and can be used to collect personal information about users without their knowledge.