How To Prevent Ransomware

By
&
Aliza Vigderman
Gabe TurnerChief Editor
Last Updated on Aug 11, 2021
By Aliza Vigderman & Gabe Turner on Aug 11, 2021

Automation is a problem you’ve probably heard about a ton in the past decade, and now, even ransoms are automated. Ransomware is a type of malware that extorts users for money, taking control of a website or data and demanding a ransom for its release. If that sounds unpleasant to you, we’re here to make sure you’re never a victim.

How To Prevent Ransomware

Preventing ransomware applies to not only your computer, but also to your data and your entire network. Let’s take a closer look.

How To Protect Your Computer From Ransomware

  • Don’t click on suspicious links or email attachments.
  • Only download files from trustworthy sites.
  • Don’t use random USB or other remote storage devices (CDs, DVDs, etc.).
  • Update your software as often as possible.
  • Use antivirus software. The best antivirus software has behavior-based detection, so it can detect forms of ransomware even if they’re not in the database.

Did you know?: On average, 81 percent of U.S. adults use antivirus software, and 91 percent are aware of it, according to our research on the personal antivirus market.

How To Protect Your Data and Networks From Ransomware

  1. Limit the amount of personally identifiable information (PII) that you share, as sharing too much could result in identity theft.
  2. Use anti-phishing software on your email provider in particular, as many phishing attempts go through email.
  3. Use VPNs, virtual private networks. VPNs hide your browsing history and also hide your IP address.
  4. Back up all of your data in encrypted storage; that way, you’ll have a fallback even if ransomware holds it, well, for ransom.
  5. Use a firewall to guard against threats to your network. Firewalls are part of some but not all antivirus programs.

What To Do if You’re Under a Ransomware Attack

Even if you performed all of the above tasks, it’s still possible for ransomware to sneak in. If that’s the case, don’t panic. You can get through this.

Removing Ransomware: How To Respond

Here’s what to do:

  1. Isolate and disconnect your computer. First, disconnect the affected computer from the internet and its network. That way, the ransomware can’t spread to other computers.
  2. Don’t pay the ransom. We’ll talk a bit more about this below, but just as the U.S. government doesn’t negotiate with terrorists, there’s no reason for you to give in to cybercriminals’ demands.
  3. Run an antivirus scan. Perform a full virus scan of your device to let your antivirus work its magic. If it detects the ransomware, it can quarantine and remove it without you having to pay up.
  4. Use a ransomware decryption tool. A common ransomware method is to encrypt your computer so that you can’t see your files or data. If that’s the case, you’ll need a ransomware decryptor, which could be separate from your existing antivirus software. Don’t worry, though; Kaspersky offers one for free.1
  5. Restore your files from backup. You backed up your files … right? If you listened to us, then it’s time to upload your backup back onto your device that’s now (hopefully) free of the ransomware. Again, regular backup is key.2

For more information on ransomware and other antivirus-related topics, read all of our antivirus guides.

Should You Pay the Ransom?

We are of the firm belief that you should not pay the ransom that ransomware requests — or that anyone requests, for that matter. For one thing, many organizations have paid the ransom and still not regained control of their computers (a full 1 percent, according to data from Sophos3). Additionally, paying the ransom encourages more ransomware attacks, creating a vicious cycle. But the most damning reason not to pay the ransom is that fact of cold, hard cash. Paying the ransom doubles the total cost of dealing with ransomware attacks. We’ll discuss the monetary costs of ransomware attacks below, but trust us: Negotiating with terrorists (or hackers) is never a good idea.

Tip: Invest in cybersecurity insurance that covers ransomware. This insurance pays the ransom for 94 percent of organizations, so even though the overall cost of a ransomware attack may be higher, it gets passed on to your insurance company, not your business.

Methods for IT Administrators

For businesses, preventing ransomware attacks falls to, you guessed it, IT administrators. While this isn’t a comprehensive list of the preventative measures you should take, it’s a start.

  • Train employees to avoid phishing messages.
  • Create spam filters to authenticate both inbound and outbound email.
  • Install antivirus software on all work-related devices.
  • Configure access controls so that only authorized users can access sensitive data.
  • Create a centralized patch management system for quick, automatic updates.
  • Install firewalls to block malicious IP addresses.

What Is Ransomware, and How Does It Work?

It may be obvious by now, but ransomware is a form of malware that targets systems and data and extorts users for ransoms. But where does it come from?

How Ransomware Is Delivered

According to a survey of organizations that had ransomware attacks in 2020, the most common way that ransomware infected their computers was through file downloads and emails with malicious links, aka phishing. That accounted for nearly one-third of all ransomware attacks, with remote server attacks accounting for just over one-fifth of all attacks. See the rest of Sophos’ data below:

How ransomware got into organizations Percent of total ransomware incidents
File download / emails with malicious links 29%
Remote attacks on server 21%
Emails with malicious attachments 16%
Misconfigured public cloud instances 9%
Remote desktop protocol 9%
Third-party suppliers 9%
USB / removable media device 7%
Other 0%
Not sure 0%

Why Are Ransomware Attacks so Effective?

There’s a psychological component that makes ransomware attacks so effective, and it’s called panic. Seeing an intimidating or threatening message demanding a ransom can make victims scared, naturally.4 Not to mention the widespread nature of ransomware: In 2020, over half of organizations were victims of ransomware attacks, and 73 percent of these attacks involved the encryption of their data, known as crypto-ransomware, according to Sophos. As anyone who’s ever lost access to their electronic devices can tell you, this combination of threats and encryption make ransomware particularly effective.

Who’s at Risk of Ransomware Attacks?

While we normally speak about ransomware attacks against organizations, many might be wondering if it can happen at the individual level as well.

Business vs. Personal

Both individuals and businesses can be the target of ransomware attacks, according to the U.S. Department of Justice. However, there is some variance within business industries. For example, the private sector is victim to ransomware attacks more often than the public sector. While 51 percent of all businesses worldwide were affected by ransomware, only 45 percent of public organizations were affected. Conversely, media, leisure, and entertainment businesses were more likely to fall victim to ransomware at 60 percent overall, according to Sophos.

Types of Devices

While we couldn’t find any studies on ransomware rates per type of device, we know that ransomware can attack both computers and mobile devices.

Why Ransomware Prevention Is Important

If you’re not convinced that ransomware is important to prevent, let’s talk about what it costs in terms of dollars and cents.

The Costs of Ransomware Attacks

We’re not exaggerating when we tell you that the average cost of ransomware attacks for organizations is $732,520 for those who don’t pay the ransom and $1,448,458 for those who pay. If that doesn’t convince you not to pay the ransom, we don’t know what will. Of course, even businesses that don’t pay the ransom still lose a ton of money, as you can see. Those losses stem from the loss of their reputations, revenue, and business data.5

As more and more companies learn that not paying the ransom is the way to go, there’s been a butterfly effect: Ransoms are decreasing. Between the third and fourth quarters of 2020, the average ransomware payment decreased by 34 percent to $154,108, while the median ransom payment decreased by 55 percent to $49,450.6 With any luck, it’ll continue to decrease until ransomware attacks stop altogether.

Types of Ransomware

Ransomware can be divided into two categories:

  • Crypto-ransomware encrypts a computer’s valuable files, preventing the user from accessing them.
  • Locker ransomware does not encrypt a computer’s files but locks a victim out of their device.

There are variants of ransomware within those categories, with examples from all over the world. Here are the most common ransomware variants as of the last quarter of 2020, according to Coveware:

Ransomware type from most to least common Percentage of market share (rounded to nearest whole number)
Sodinokibi 18%
Egregor 12%
Ryuk 9%
Netwalker 6%
Maze 5%
Conti v2 5%
DoppelPaymer 4%
Conti 2%
SunCrypt 2%
Zeppelin 2%
Avaddon 2%
Phobos 2%
Nephilim 2%
MedusaLocker 2%
LockBit 2%
GlobeImposter 2.0 2%

Ransomware Do’s and Don’ts

To reiterate, here’s how you should and should not handle ransomware attacks and prevention.

Do’s
  • Back up your data in encrypted cloud and local storage.
  • Only share the minimum amount of PII necessary.
  • Only download files from trustworthy sites, emails, and attachments.
  • Update your software as often as possible, especially your antivirus software.
  • Use a firewall to protect your entire network, not just your computer.
  • Install anti-phishing software on your email inbox, if it’s not already included.
  • Use antivirus software on all of your devices.
  • Use a VPN whenever you’re on a public Wi-Fi network.
Don’ts
  • Don’t click on any emails, attachments, or links that seem phishy.
  • Don’t pay the ransom requested in a ransomware attack.
  • Don’t use a random USB, CD, DVD, or other remote storage device, as these could contain ransomware or other malware.

Famous Ransomware Attacks

Well, maybe they’re more infamous.

Locky

Locky was a ransomware variant released in 2016 that could encrypt over 160 different file types. Its method? To trick victims into installing it through phishing emails, a form of social engineering.

WannaCry

In 2017, WannaCry spread across 150 countries, exploiting a vulnerability in the Windows operating system. WannaCry turned out to be named quite accurately, as it affected 230,000 computers and one-third of all U.K. hospitals, losing the National Health Service £92 million. Damages around the world added up to $4 billion.

Bad Rabbit

Finally, Bad Rabbit launched in 2017, performing “drive-by” attacks that targeted insecure websites without any action needed from the user. Bad Rabbit hid within a fake request to install Adobe Flash. Bad is right!

Recap

Knowledge is power, and knowing how to prevent and handle ransomware attacks could save you tens of thousands of dollars. Knowledge is also a great antidote to the fear you may face when your device is hijacked; by looking at the facts, you know that paying a ransom is not only a waste of money, but it also leads to more ransomware attacks. Now, if only everyone was as knowledgeable as you!

FAQs

We are far from done talking about ransomware, one of our favorite topics in digital security.

  • What is a ransomware virus?

    A ransomware virus is a form of malware that targets devices, systems, and data to extort users for a ransom. Often, the virus encrypts the device’s data or locks the user out of their device until a ransom is paid.

  • How do ransomware attacks work?

    Ransomware attacks work by either encrypting the user’s data or locking them out of their devices. Ransomware can get into devices through a number of means, such as these:

    • Emails with malicious attachments
    • Emails with malicious links
    • File downloads
    • Misconfigured public clouds
    • Remote desktop protocol
    • Remote server attacks
    • Third-party suppliers
    • USB and removable media devices like CDs or DVDs
  • Can you remove ransomware?

    Most of the time, you can remove ransomware through either antivirus software or a specialized ransomware encryption tool.

  • Should you pay ransomware?

    You should not pay ransomware. Rather, you should remove the ransomware using antivirus or encryption software. Paying the ransom may not get the hacker to remove the ransomware. In addition, organizations that paid the ransom paid $1,448,458 on average, compared with $732,520 of those that don’t pay, according to research from cybersecurity company Sophos.

Citations
  1. Kaspersky. (2021). Free Ransomware Decryptors.
    noransom.kaspersky.com

  2. Kaspersky. (2021). Tips on how to prevent ransomware attacks.
    usa.kaspersky.com/resource-center/threats/how-to-prevent-ransomware

  3. Sophos. (2020). The State of Ransomware 2020.
    secure2.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf

  4. UC Berkeley. (2021). Why is Ransomware so effective?
    security.berkeley.edu/faq/ransomware/why-ransomware-so-effective

  5. Chase. (2021). Cyber Threat Awareness – Potential Impacts of Ransomware.
    jpmorgan.com/insights/technology/potential-impacts-of-ransomware

  6. Coveware. (2020). Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands.
    coveware.com/blog/ransomware-marketplace-report-q4-2020