Ransomware: What you need to know
How to protect yourself from being extorted by cybercriminals
A Winnipeg family. A couple of B.C. law firms. A Michigan radio station. They are among the victims around the world who have been extorted out of tens of millions of dollars by cybercriminals using ransomware.
A recent report from Intel Security's McAfee Labs found that ransomware attacks have more than doubled in the past year. The internet security firm estimates that ransomware is now earning criminals $10 million to $50 million a month.
Here's what you need to know to avoid having to pay up.
What is ransomware?
Ransomware is a form of malware or malicious software. It seeks out files on your computer and locks them to make them inaccessible to you. Cybercriminals demand money — a ransom — to unlock your files.
Some kinds of ransomware do that by encrypting the files. When you try to open the encrypted files, a warning pops up, demanding a ransom in return for a decryption code or key.
Most often, the files targeted by ransomware are photos, videos and business records like spreadsheets, documents and presentations — anything likely to be valuable to a person, family or business.
Are files stolen from my computer?
No. The files remain on your computer and are not usually accessed. The cybercriminal is not looking for banking or other records. They want a ransom, not your files.
How much is the ransom?
As with any criminal enterprise, as much as the criminals think they can get. Typically, in North America, that’s $500 US, but paid in the untraceable cybercurrency bitcoins. If you don’t have any bitcoins, the ransom instructions explain how to get it. If a business, especially a larger one, is the target — the ransom can grow. The largest publicly recorded ransom demand was $800,000. Often, there is a time limit — typically 12 hours — before the ransom doubles.
How does your computer become infected?
Your computer is typically infected with malware such as ransomware when you open an attachment to an email or download software or apps. Such emails and software can appear legitimate enough to fool many users.
Is it just PCs?
The target is predominantly Windows-based computers and, increasingly, Android phones. But a number of tech security experts told CBC News that Apple devices are expected to become a much bigger target this year. Ransomware typically seeks files written in English, but has expanded to other major languages, including French, Spanish and Arabic.
How can you protect yourself from ransomware?
As with anything else, ensure you have virus protection and that it is up to date. Missing even one daily update can make you vulnerable because the type of malware keeps changing. Don’t open attachments or download software (often free programs or games to your computer or phone) that you can’t be sure are safe.
It's also a good idea to back up all your files on a hard drive that is not connected to your computer so that you have a clean and accessible copy of your files if your computer does become infected.
What should you do if you become infected?
You can’t remove the malware without destroying the infected files. If you have those files externally backed up, you or a computer technician can remove the files and the malware, and reinstall uninfected files from the backup. Of course, you shouldn't connect your external backup to your computer until the malware has been removed, or it could become infected too.
What if you haven't backed up your files? Should you pay the ransom?
If you pay the ransom, you will regain access to your files. But this may not remove the malware itself. There have been numerous instances of computers becoming reinfected.
As a result, some technicians recommend wiping your system and changing your IP address.
Also, remember that if you pay, you are funding a criminal enterprise and encouraging more attacks.
What happens if you pay the ransom?
If you pay the ransom, the cybercriminal provides a code, which triggers the decryption process. That can take days or weeks. Once files are decrypted, you'll be able to access them again.
If your computer is infected with ransomware, who should you report that to?
Police say if you have not paid the ransom, you can report the incident to the Canadian Anti-Fraud Centre at 1-888-495-8501, or by email to info@antifraudcentre.ca. If you have paid the ransom, you can report the crime to your local police force.