Ransomware has become a popular topic over the last month. The increased awareness to this growing cyber threat can likely be attributed to the WannaCry ransomware attack that hit worldwide in mid-May. However, there are still several misconceptions regarding this form of malware.
Top 10 Ransomware Myths
- Ransomware is just a virus. False – Ransomware is a form of malware. However, unlike viruses, ransomware will lock your files and hold them for ransom.
- If I pay the ransom demands I’m guaranteed my files back. False – There is a payment demand associated with ransomware, which states if you pay, you will get your files back. However, you’re relying on cyber criminals to release your files. There is no guarantee they will indeed provide you with the key to unlock your data.
- I have to click on something to be infected. False – Ransomware can be installed on your PC by software vulnerabilies, meaning you don’t have to click or download anything for it to worm its way in.
- If I stay away from shady sites, I will be fine. False – There are multiple ways cyber criminals can distribute ransomware including: compromising legitimate websites, exploit software vulnerabilites and malicious emails. Additionally, third-party advertisers could distribute the infection.
- Ransomware targets only large businesses. False – Although businesses are a big target, not always are they large. Small and medium businesses, as well as home users, typically do not have the IT expertise as large enterprises, making them too, a prime target.
- No anti-virus (AV) software can block ransomware. False – Many AV programs are unable to identify new forms of ransomware because they haven’t been identified yet. However, if users implement a security solution that uses application whitelisting as it’s primary method of detection, they will be far more secure than traditional AV users. Application whitelisting only allows trusted applications to run. Regardless of how new the ransomware is, it will never be a trusted program — thus, keeping users and their data secure.
- Ransomware infects people only through malicious emails, known as a phishing attack. False – Although phishing attacks are a popular method of ransomware distribution, they are not the sole method.
- I can spot a fake email or ad a mile away — my data is safe. False – The emails that are being used can be quite advanced. Sometimes they look like they’re from a friend, co-worker, even your boss. Other times, they look like they are from a large business such as Amazon or the USPS.
- If I backup my data, I can’t lose it — even if a ransomware attack hits me. False – Although backups can be helpful when retrieving data after a ransomware attack, it is not a silver bullet. At times, the ransomware can encrypt your backup data too. Or, businesses find it too cumbersome to retrieve files this way, leading to them paying the ransom in hopes of a decryption key.
- Cyber criminals aren’t going to target me — I’m nobody compared to large enterprise targets! False – Money is money, big and small. The goal of these cyber criminals is to exploit as many users as possible as fast as possible, in hopes to collect as much money as they can. Often times they will cast as large of net as possible, hoping for a big return.