What is ransomware?
Ransomware is bad news for your digital privacy and your finances.
Keeping your personal data safe online is a nightmare when new threats are emerging every day. Even if you keep an eye out for malware, regularly update your software, and use one of the best VPNs in the business to prevent ISP snooping, it's still tough to stay on top of cyberattacks.
That brings us to ransomware – a new spin on the age-old tactic of holding something you care about to ransom, and not releasing it until you pay a fee. The internet has sped up the rate at which ransoms can be distributed and paid, too, making it a lucrative industry for cybercriminals.
Keep reading, and I'll outline what ransomware is, how to recover from it, and how VPNs and antivirus software can protect you before it's too late.
What is ransomware?
Once you've been infected by it, it'll encrypt files on the hard drive of your computer, making them inaccessible until a ransom is paid.
The technology behind this nefarious encryption has been around since computers were invented, basically, but one new bit of tech has made ransomware into a billion-dollar industry – cryptocurrency.
Since it's harder to trace cryptocurrency transactions than regular bank transfers, ransomware hackers often demand payment in cryptocurrencies such as Bitcoin. They communicate this by displaying a warning screen on your desktop, oh-so politely informing you that your computer has been infected and, if you don't comply with their demands by the time a countdown clock hits zero, something bad is going to happen.
Types of ransomware
Let's take a closer look at today's most prevalent types of ransomware.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
- Crypto-ransomware: the name doesn’t refer to the payment method (almost all ransomware will ask for some type of cryptocurrency), but rather the way the ransomware works. Crypto-ransomware encrypts valuable files like documents, photos, and videos, making them inaccessible. The attacker then demands a ransom for the decryption key needed to restore the files.
- Locker ransomware: similar to crypto-ransomware, the intention behind locker ransomware is to make your device unusable in some way. The hacker might overlay a permanent window on your screen, change your password, or encrypt your hard drive.
- Scareware: this ransomware is more insidious, relying on fraud rather than outright disruption, by pretending to be a legitimate software alert. It'll claim that your system is infected with a virus and demand that you pay for a fake antivirus program. Scareware doesn't typically encrypt files, but can be an indicator that you're dealing with real malware on your computer.
- Extortionware: all of the ransomware types listed above come with extortionware, which takes the data that's been encrypted and syphons it from your computers back to a server that the hacker controls. From there, the hacker will threaten to publish any sensitive or personal data unless a ransom is paid.
How to recover from a ransomware attack
If you've been hit by a ransomware attack – I've got bad news. Unless you keep regular backups of your data, and store it offline, recovery is going to be tricky. Although it's tempting to start from scratch, it's worth running through these steps to see what you can reclaim from the ransomware attack.
- Check with your workplace to see if it has a ransomware attack plan in place. If not, or if you're dealing with an attack outside the workplace, it's time to hire some cybersecurity consultants who specialize in ransomware and do it quickly.
- Next up, once you've assembled your team, identify the damage. You'll need to know which systems have been compromised, what data was stolen, which ransomware tools were used, and how the hackers got into your network in the first place. This isn't an easy task and you'll likely need to rely on several different sectors of the business working together in parallel to be successful.
- After you've found out all you can about the attack, you're left with damage control. Some ransomware types have free decryption tools available online, but sophisticated strains require you to restore from backups or cut the encrypted data loose. This step also involves patching the way that hackers infiltrated your network and loading clean backups of the servers that were affected during the attack to make sure the ransomware crew doesn’t have a foothold in your network.
- Things will be pretty much back to normal now – but your job isn't over. While the attack is still fresh in your mind, call in all the relevant roles and make sure that everything they've learned is used to update your ransomware attack plan for the future.
How to protect yourself from ransomware
Firstly, I'd recommend using one of the best antivirus software tools available. These programs are aware of, and track, most malware. Even if it's a totally new strain that's never been seen before, the antivirus can recognize it and zap it as soon as it starts trying to encrypt your data.
It's well worth making regular backups of the software on your computer. The best way to do this is with a cloud-based backup that the hacker can’t access – like Proton Drive, which keeps all of your data on a fully encrypted enclave only you can access.
Proton Drive relies on the same zero-trust security scheme that Proton Mail and Proton VPN use, so you know it's airtight. Plus, you can get both Proton Drive and Proton VPN as part of Proton's Unlimited package for only $7.99 when you buy for two years, and with a 30-day money-back guarantee there's no reason not to take it for a spin.
If the malware is identified before it hits your computer, however, that's even better. Using an integrated VPN and antivirus service, like NordVPN, can help you out here.
NordVPN uses a variety of methods, including a DNS blocklist and heuristic-based malware scanning, to identify viruses and keep them off your computer. NordVPN also filters out ads so there's less chance of malware catching you unawares via a dodgy pop-up, too.
Whether you're working with a budget, or just want to score some red-hot savings, you'll want to check out our roundup of VPN deals.
If you're uncertain about a file, and want to see if it's hiding a nasty surprise, you can check out NordVPN's Threat Protection Pro scheme. It'll upload the file to a cloud-based execution environment where NordVPN will run the program for you and work out whether or not it’s infected.
This is all included as part of NordVPN's Plus plan – which you can check out for just $13.98 a month if you go for the 1-year plan. It's a no-brainer if you want to keep ransomware away from your device (and all your important files). Plus, you can make good use of the VPN's 30-day money-back guarantee to try it for a month before committing to a long-term subscription.
Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.