With the attack on the Colonial Pipeline Company, which has affected fuel availability across the country, “ransomware” has again been much in the news lately—but what does this term mean, how does ransomware work and what can you do to protect your data from future attacks?



What does “Ransomware” mean?

Ransomware, as the name might suggest, is the umbrella term for malware designed to extort a payment from the target of an attack. This is normally achieved by encrypting the files on a victim’s computer and providing the key only when the victim pays the cyber-criminal a ransom. There are also versions of ransomware that lock systems, affect boot files and change file locations, but the goal is the same: to compromise a victim’s data, functionality or privacy, in pursuit of profit. In the Colonial Pipeline attach, hackers from Eastern Europe were able to deploy an encryption payload across the company’s entire network, shutting down operations for the better part of a week and forcing Colonial to pay a $5 million ransom. Hackers are making serious money by launching these attacks: a report released last month by a ransomware task force said payments by victims increased by 311% in 2020, reaching approximately $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493.


How does ransomware work?

Step one is for the malware to get onto a computer or a business’ server. This can be achieved by someone opening a suspicious email attachment, being compromised by a “phishing” attack (social engineering to obtain passwords and account credentials), or by exploiting a security loophole on old, out-of-date software. Once the malicious software is into the system, it proceeds to either encrypt all the files stored on the system, or begins sending the data back to a cybercriminal’s server where it can be used for identity theft or blackmail (cybercriminals have sometimes threatened to release sensitive or private information publicly if they are not paid a ransom). At this point a message will be left on the victim’s computer, informing them that their data has been locked or stolen and that the only way to retrieve it is to pay a ransom to the cybercriminals using Bitcoin, or some other anonymous online currency.

How to protect yourself

As with many threats posed by malware, an important element of a good defense is to ensure that you’re running an up to date antivirus program that is set to do regular scans. It is also crucial to keep your operating system up to date—the “Wannacry” ransomware attack that swept across the world in 2017, exploited a loophole that had been patched months prior to the attack–so only companies running old or outdated systems were affected. All users should also be careful about visiting illegitimate websites, opening attachments or clicking on links in emails. If something seems suspicious to you, trust your gut and don’t click on it. Finally, the best insurance against technological calamity is to keep a regular backup.


“Air Gap” your backup

It is always a good idea to back up your important files. When it comes to ransomware all backups are not created equal. If you are using an external hard drive to back up your files and that hard drive is always connected to your computer or network, there is a possibility that your backup could become encrypted or compromised as well. To truly be secure against ransomware, a backup should be made at regular intervals and “air gapped” or disconnected from the system and the network. Many cloud based backup services also have their own security and encryption settings which will usually keep them secure against ransomware attacks, allowing you to restore your data from a clean backup, rather than paying the ransom.