Cybersecurity Awareness Month: What is Ransomware?

FBI Portland Special Agent Gabriel Gunderson answers questions about ransomware during Cybersecurity Month.

Video Transcript

What is ransomware?

Ransomware is a form of malicious software that targets your data. If ransomware infects your device or network, the ransomware actors behind that attack have the ability to lock you out of the data stored on your devices or network. They will demand you pay a ransom – usually by cryptocurrency. They claim they will give you the “key” to recover your data if you pay, but there are no guarantees.

Who is most at risk for ransomware attacks?

There are three basic groups who can suffer ransomware attacks:

  • Businesses – both large and small
  • Individuals; and
  • ·Public agencies and public service providers

What’s the risk to individuals?

When these kinds of attacks first started, ransomware actors often targeted regular people at home. The majority of attacks now go after larger targets, but individuals still need to take precautions. The loss of wedding photos or videos of your newborn are irreplaceable.

What’s the risk to businesses?

Any business can be vulnerable, but we are particularly concerned about small and medium-sized companies. They often don’t have the expertise or, they think, the funds to invest in the robust security they need. If you are a business owner, please take the time to learn about some simple steps you can take to protect your business. Otherwise, one bad ransomware attack can cause you to shut your doors for good.

What’s the risk to public agencies and service providers?

We are seeing attack after attack targeting hospitals, health care providers, government agencies, and schools. Not only do these organizations risk a loss of money, they also hold sensitive information that the attackers can pull out and re-sell on the dark web. Beyond that, there are real world consequences of a hospital that is unable to care for patients.

How do ransomware attacks usually start?

Ransomware actors will often send ransomware through email phishing campaigns. Once anyone on your network clicks on an infected file or link, the fraudsters can have access to all of your devices and data. They encrypt the system, effectively locking you out.

How much can a ransomware attack cost?

The ransom demands may range from a few hundred dollars for an individual to millions of dollars for a big company, hospital, or utility. But the ransom is only the start. Organizations risk loss of productivity, legal fees, and the need to purchase credit-monitoring services for employees and customers.

What are some basic steps to take to avoid a ransomware attack?

To avoid a ransomware attack, you should:

Educate yourself and your employees as to how to identify and manage phishing lures.
Back up your data often and keep back-ups segregated and offline from normal operations.
Make sure that all devices on your network are using the most current versions of operating systems and applications; and
Keep your anti-malware software up-to-date.

Should I pay to unlock my system?

The FBI recommends that victims do NOT pay a hacker’s ransom demand. The payment only encourages more criminal activity, and, even if you do pay, there is no guarantee that the hacker will unlock your data, hasn’t already downloaded your data for re-sale, or won’t return for another round of ransom.


Video Download

Video Source