An explanation of ransomware
In this video, TechTarget editor Sabrina Polin talks about ransomware, how these attacks happen and how to protect your business from them.
Your computer is the hostage and you're the victim.
Ransomware is a type of malware that locks access to your own device, usually by encryption and keeps it that way until demands are met.
The motivation is typically monetary. Payment is usually demanded in virtual currency, like bitcoin, to protect the cybercriminals' identity.
Ransomware can be spread through typical user activity, like accidental clicks and downloads from malicious emails, infected external devices or compromised websites.
But attacks can still happen with no user involvement at all, with approaches like remote desktop protocol.
And, through inexpensive ransomware kits and ransomware-as-a-service, anyone can carry out attacks. There are several different types of ransomware, the most common being screenlockers and encryption ransomware.
Screenlockers will completely lock a user out of their computer until a payment is made. Although screenlockers deny users access to their system and files, the data is not encrypted.
With encryption ransomware, attackers use complex algorithms to encrypt all data on a device and payment doesn't guarantee the data returns.
There's no surefire way to completely protect against ransomware, but experts urge users to backup devices regularly to restore data, update antivirus software regularly, compartmentalize authentication systems and limit data access.
Users can sometimes remove ransomware with antimalware programs after a reboot, or can restore their entire system from a backup stored on a separate disk or in the cloud.