There are plenty of different cybersecurity threats on the internet, but the dreaded ransomware is one of the most prolific ones out there. It's as scary as it sounds, so it's a good idea to learn about this threat, what it does, and what to do when you're hit by it.

Let's explore what ransomware is and what you can do to stay safe.

What Is Ransomware?

Ransomware is a term that covers any virus or malware that holds your computer hostage. There are a few different methods that ransomware can use in an attack, but the binding connection between all the different types is that they lock you out of a part of, or all of, your PC.

How Does Ransomware Work?

To explore how ransomware works, we first have to dive into the different kinds of ransomware, what each one does, and what they're trying to achieve.

Regular Encryption-Based Ransomware

This is the more common version of ransomware. It works by locking you out of your computer's files, and some will even prevent the operating system from booting up. The ransomware then demands payment from the user to get their files back.

To prevent the user from finding a way around the ransomware, the virus bundles all the files into a folder then locks them up using powerful encryption. That way, the files have not been deleted forever, but the user can't use them without the proper passkey.

Once the user pays up, the malware developer will then provide the passkey to unlock their PC. The developer may add incentive by adding a timer to the ransomware. Once the timer hits zero, all of the files are deleted.

Scareware Impersonating a Legitimate Entity

Sometimes a ransomware program won't be upfront with what it is. Sometimes it'll impersonate a legitimate entity in hopes that it tricks the user into taking action.

For example, take the Reveton virus as reported by the FBI. This virus is ransomware that locks down the computer but pretends to be from the bureau itself.

The virus claims that the victim was caught downloading illegal files, so their PC has been seized to prevent further illegal activity. To continue using the PC, the victim has to wire money to "pay a fine," but don't be fooled; the money is heading straight to the scammer's pockets.

Ransomware may also take the form of official tech companies. There was one strain of malware reported by Forbes that didn't lock down the entire computer, but it did cause your browser to freeze.

The malware claimed that it was from Microsoft and that it had locked down your browser to prevent damage from a contracted virus. The malware tells the user to phone a "support line" to fix the PC, which has heavy call charges.

These malware strains are typically called "scareware" because they focus on terrifying you into making a rash decision without thinking logically. Fake virus and malware warnings fit this category well because they scare you into doing something that does you more harm than good.

Ransomware's Cousin, Leakware

There's another strain of ransomware making the rounds called "leakware." Ransomware and leakware are similar, as they both lock away the user's files and give them a ransom to pay that unlocks them again.

What makes them different is what happens when the user doesn't pay up. Typical ransomware may threaten the deletion of your files, but leakware does the opposite. If you don't pay up, leakware will give your files back... by publishing them on public forums.

This tactic is particularly effective versus all kinds of victims. Civilians may not want their friends and family to discover the heinous or illegal things they've been using their PC for, and businesses don't want their confidential data leaking onto the dark web.

Where Does Ransomware Attack?

Due to the nature of ransomware, it doesn't single out a specific person or PC when locking down a computer. As long as someone accidentally runs an infected file and uses an insecure operating system, the attack will go through.

However, malware developers have recently been picking and choosing their targets. In the heyday of ransomware attacks, malware developers would publish ransomware to the internet in a wide sweep. The idea was to achieve quantity over quality by getting as many people infected as possible to boost profits from the ransoms.

However, two developments forced ransomware developers to change their tune. Both developments began after the ransomware attack method began gaining infamy, and security companies began to respond to the rising threat.

The World Prepares for Ransomware Attacks

The first development was the rise of anti-ransomware websites. Services like No More Ransom tackle ransomware specifically by releasing programs and keys that can free a PC that's locked down.

As such, a strain of ransomware has to keep its head down and avoid detection as much as possible. The more people who come under attack from a strain, the higher the chance of the alarm being raised, and the quicker a solution will be found.

As a result, a ransomware developer had to ensure their program hit as many paying victims as possible before it was discovered. For instance, Auntie Mabel who uses her PC to look at cat memes won't, and likely can't, pay the ransom fee. However, a rich person with sensitive documents on their PC is far more likely to cough up.

The second development was the increased public awareness of ransomware. After ransomware became a hot topic in cybersecurity, people were encouraged to create backups of their computers. After all, what good is a ransom if someone has a spare back up on the side?

Not only that, but operating systems began offering anti-ransomware tools to their users. For instance, you can protect against ransomware using Windows Defender at no extra cost.

A Change in Focus for Ransomware Developers

As a result, malware developers began designing and deploying ransomware with two goals in mind. The ransomware had to hit a big business or organization that had the cash to pay the ransom, and it had to hit the spot where just the act of locking up a computer was disastrous, even if the victim had a data backup.

There's a report on Security Intelligence that discusses the worst-hit areas for ransomware:

In terms of targets, IBM Security X-Force has observed a general shift in ransomware attacks. Ransomware hits manufacturing companies hardest. These account for nearly a quarter of all the incidents responded to so far this year. The professional services sector is the second most targeted industry and has experienced 17% of ransomware attacks. Government organizations follow in third place at 13% of attacks.

These areas see the most attacks because they're very sensitive to disruptions if a PC stops working. In these areas of business, locking away files is just a minor part of a ransomware attack; it's the unusable PC that potentially costs industries millions as they're forced to stop trading to solve the issue.

Of course, a panicked business owner who's losing dollars by the second will want to free up their systems as quickly as possible. Unfortunately, if tech support can't find a way to free up the PC, the company is forced to pay up and hope that the ransomware developer makes good on their side of the deal.

The cost of ransomware is huge. Emsisoft reports that an estimated $25 billion was spent on ransomware demands in 2020, and close to $170 billion was lost as a combination of ransomware payments and downtime costs.

How to Prevent Ransomware

The best kind of antivirus is not allowing the virus to get onto your PC in the first place. If the idea of ransomware gives you the chills, there are ways to protect yourself.

Keep Current Backups of Your PC's Data

A good backup will stymie all ransomware attacks that aren't leakware. Why pay the ransom when you can just wipe everything and reinstall?

Before you bust out that memory stick, however, why not try backing up your Windows computer to the cloud? There are plenty of services that automatically back up your entire PC for a monthly fee, a perfect Plan B if your PC does get hit by ransomware.

Be Ransomware-Minded

Now that your stuff is backed up, it's time to stop ransomware from infecting your PC in the first place.

Unfortunately, there is no single trick to protecting yourself from ransomware, but you should be okay if you follow a few basic rules.

Related: Ways to Avoid Ransomware

How to Remove Ransomware

If you come across this nasty piece of work in the wild, it's important not to panic. A ransomware developer plays on fear to encourage you to pay up.

Don't Pay the Ransom!

While reading this article, you may have wondered what's stopping a ransomware developer from taking a paid ransom and walking away before they unlocked your PC. The answer is: nothing is stopping them.

If you pay the ransom, the best-case scenario is that you tell the developer that ransomware works, thus encouraging them to develop and spread more malware. In a worst-case scenario, the developer won't care to get back to you with the key to unlock your PC.

Look for a Pre-Existing Solution

Remember the website we mentioned earlier, the No More Ransom Project? There are plenty more of these websites that you can visit to find a solution for your predicament. If someone has unearthed a working key or developed a program that can free your PC, it should be listed on one of these websites.

Here's a list to get you started:

The above tools are free to use, so give them a try and see if they fix your PC.

Say No to Ransomware

Ransomware is a nasty strain of malware, but you're not helpless against it. Now you know how ransomware works, how to protect it, and what to do if you're ever hit by it.

Did you know that ransomware comes in all kinds of shapes and sizes? It's a good idea to get familiar with these different types so you can be prepared if this threat ever hits you.

Image Credit: Nicescene / Shutterstock.com