Ransomware

What is Ransomware?

Ransomware is a type of malicious software (malware) that encrypts the contents of your device so it’s unusable, then offers to restore your device (your phone, computer, or tablet) in exchange for a payment to the ransomware operator.

How does ransomware work?

Ransomware is a malicious usage of a technique called encryption. Encryption transforms meaningful, usable data into an unintelligible, scrambled form. The original data can only be restored by using a small piece of secret data called a “key.” Ransomware encrypts the data on your device (such as documents, spreadsheets, photos, and other files), making it effectively unusable. The key required to undo (or “decrypt”) the encryption is held by the ransomware operator, who offers to give you the key and allow you to recover your data in exchange for a payment.

The goals of ransomware operators vary. One goal is simply to make money from ransom payments, by releasing the ransomware more or less indiscriminately. However, sometimes the goal is to damage or embarrass a specific target, like a particular company, by causing data loss and interruption of business.

How can I avoid getting ransomware on my devices?

General anti-malware practices will reduce your chances of getting ransomware. The most important ones are:

• Always keep the software you use updated, so it has the latest security fixes. This is especially important for your operating system (OS) and browser, which will often let you know when they need updating.
• Enable Safe Browsing in your Web browser. All major browsers support this feature, which can warn you if you’re about to visit a site that is known to host malware.
• On mobile devices, only install apps from the official app store. On desktop or laptop devices, only install apps from the official app store, or from reputable companies.
• Be careful when clicking links in messages and emails: Consider the source, and be wary of clicking links that come from people or businesses you don’t know.
• Another important practice is to make regular backups of your important data. This won’t prevent you from getting ransomware, but it will allow you to recover from a ransomware attack by restoring from a backup. You can use a cloud-based service for backups, or use a drive of your own. (If you use your own drive, it’s best to keep it disconnected from your main device except when making backups, so that if you get ransomware, it won’t encrypt your backup drive too.)

What should I do if I get ransomware?

Ideally, you have a recent backup of your important data. If so, the best course of action is to factory-reset your device, make sure it has all available software updates applied, and then restore from your backup.

It is generally not a good idea to pay the ransom. There’s no assurance that you’ll get your device unlocked even if you pay. The people who operate ransomware are not trustworthy. Paying the ransom should be a last resort, and is not recommended.