Ransomware 101: Understanding the Digital Kidnapper


Throughout 2022, ransomware consistently made headlines, and this trend persisted into 2023. Reports of attacks on major corporations, institutions, and government agencies were commonplace. Perhaps you’ve even encountered a ransomware attack on your personal device.

The prospect of having all your files and data held hostage until payment is both alarming and a major concern.

What is ransomware?


Ransomware is a form of malware that restricts users from accessing their systems or personal files, and demanding ransom payment to restore access.

Nowadays, those behind ransomware often demand payments through cryptocurrency or credit card, targeting a wide range of victims from individuals to businesses and diverse organizations.

How do I get ransomware?


Ransomware commonly propagates through phishing emails with malicious attachments or via drive-by downloads. A drive-by download happens when a user inadvertently visits a compromised website, leading to the stealthy download and installation of malware.

Crypto ransomware, a variant that encrypts files, disseminates in similar ways and has even been distributed through social media channels, including web-based instant messaging platforms. Furthermore, emerging ransomware infection tactics have been identified, such as exploiting weak web servers to penetrate an organization’s network.

Types of ransomware?


  • Scareware: Scareware encompasses rogue security software and tech support scams. You might encounter a pop-up message asserting that malware has been detected, and the only way to remove it is by paying. Ignoring it might lead to persistent pop-ups, but generally, your files stay untouched.

  • Screen lockers: If lock-screen ransomware infects your computer, you’re effectively locked out of your PC. Upon startup, a full-sized window typically emerges, often brandishing what looks like an official FBI or US Department of Justice seal. It claims that illegal activity has been identified on your computer and insists you pay a fine.

  • Encrypting ransomware: This type of ransomware captures your files, encrypts them, and then demands payment for their decryption and release. What makes this type especially menacing is that once cybercriminals take your files hostage, no security software or system restore can retrieve them for you.

Who is affected by ransomware?


No one is susceptible to ransomware but certain industries are more vulnerable to ransomware attacks than others. Below are the sectors most impacted by ransomware in 2021, based on the global number of attacks.

  • Government
  • Education
  • Information Technology
  • Manufacturing

What to do when affected by ransomware?


If you become a victim of ransomware, the paramount rule is to never pay the ransom. Doing so only emboldens cybercriminals to target you or others with further attacks.

  1. Disconnect your machine from any other devices and from any external drives. If you’re connected to a network, go offline. This will prevent the ransomware from spreading to other devices on your local network or file-syncing services.

  2. Use a smartphone or camera to photograph the ransom note displayed on your screen and document the malware attack. If possible, take a screenshot as well. You’ll need this if you decide to file a police report later, after completing these steps.

  3. Utilize antivirus or anti-malware software to remove the ransomware from your machine. Note that removing the ransomware won’t decrypt your files, and it might reduce your chances of recovering files even if you decide to pay the ransom. However, it will allow you to proceed with the subsequent steps without the threat of the ransomware encrypting more files.

  4. Explore options for recovering deleted files. Many ransomware variants copy your files, encrypt the copies, and then delete the original files. Thankfully, tools are available that can often recover these deleted files.

  5. Determine the specific type or strain of ransomware you are dealing with.

  6. Examine your backup data. Backups of essential data stored on separate drives are your most effective defense against ransomware. However, if a malicious attachment manages to infect and encrypt the backups on your secondary device, you may lose all negotiating power with the attacker. Therefore, if you encounter a ransomware threat, scan your backups for malware and ensure they remain disconnected from the compromised network.

  7. Download the latest security patches. To guard against future ransomware attacks, it’s crucial to use the internet and your devices with caution. Being diligent about which websites you visit and which files you open can provide significant protection.

IT Solutions From Fornida


Fornida offers premium managed service solutions that protect your devices from a variety of malware. Our expert engineers at Fornida ensure your protection from threats, ranging from firewall protection that blocks unauthorized access to computers, to dark web scans for enhanced security.