What is ransomware?
Ransomware is malicious software that holds data on -- or access to -- a victim device "hostage" until money is paid to the attackers. This is usually accomplished by encrypting data on the device in the background before the attack is discovered by the user. In some cases, the strain of ransomware used may transfer decrypted copies of the data to the attacker's own computers for use in identity theft, credit card fraud, or blackmail.
In most ransomware attacks, the victim is unable to regain access to their device and its contents even after paying the ransom because the attackers provided the wrong decryption key or decided not to send a key at all. In fact, there are some strains of ransomware that were never designed to produce a decryption key, even if the attacker wanted to provide one. One thing to keep in mind: the criminals who initiate ransomware attacks are very rarely the same people who created the ransomware being used. Typically, ransomware is written by one person (or group of people) and is then sold on a large scale to other criminals who use it in their attacks.
Since new malware programs are being created all the time, it is difficult -- if not impossible -- to be protected 100 percent of the time. However, some of the best ways to avoid ransomware is to:
- Practice safe browsing best practices
- Make sure all software on the device is up-to-date
- Make sure you have security software installed, such as an antivirus program and a firewall
Even if your device gets infected with ransomware, there are things you can do to prepare for it just in case it does happen. Some of the best ways to mitigate the damage done by a ransomware attack:
- Do not login to your computer as an administrator for everyday use
- Perform a regular backup of all important data
- Do not keep backup media/services constantly connected to your device (disconnect them when you are not actively backing up your files)
If you are on a SF-owned device:
- Call the Help Desk immediately