What is ransomware? 7 things you must know before it’s too late

Ransomware looked like it was on the decline in 2022, but a recent report by Chainalysis showed a significant rebound in 2023 — so much so that it was the most profitable year for ransomware seen so far.

You really don’t want to be a ransomware victim. Don’t know what ransomware is or why you should care? Here’s everything you need to know to stay safe and avoid ransomware troubles.

Further reading: How to prevent (or survive) a ransomware attack

What is ransomware?

Ransomware is a type of malware that encrypts critical files on your device or otherwise blocks access to critical components, then forces you to pay a ransom to regain access to the encrypted files.

The algorithms used in ransomware attacks are strong, so it’s unlikely you’ll be able to break the encryption on your own.

Once your files are locked, the ransomware will prompt you to send payment if you want your files freed. Usually the payment is demanded in the form of cryptocurrency like Bitcoin, which makes it harder to track down the attackers via paper trail.

Check out our top pick for antivirus software Norton 360 Deluxe Read our review Price When Reviewed: $49.99 for the first year Best Prices Today: $19.99 at PCWorld Software Store | $49.99 at Norton Who’s at risk of ransomware attacks?

Technically, everyone is at risk of ransomware attacks. There are many different strains of ransomware, though, and each one targets a different type of victim, from individuals to entire companies.

In recent years, cybercriminals have mainly focused on attacking governments, businesses, and organizations because they tend to have the most valuable data and are the most willing (and able) to make ransom payments to recover that data.

Does that mean you don’t have to worry? Not quite. There are still active ransomware strains out there that seek to infect any and all devices, which means any device of yours that’s connected to the internet is at risk — yes, including mobile devices!

How much does ransomware cost?

Depending on the ransomware strain, the actual ransom can range anywhere from a few hundred dollars to over a million dollars.

For example, the Leex ransomware demands $490 within 72 hours of infection. If you wait longer than that, the ransom doubles to $980. This is on the lower end of the ransomware spectrum.

And then you have stories like the Colonial Pipeline ransomware attack, where the company paid a ransom of $5 million one day after their IT network was hacked by foreign cybercriminals.

In Q3 2023, the average ransomware payment in the United States was $850,700 according to Statista. Meanwhile, in 2023, the average cost of a data breach caused by a ransomware attack was $5.13 million according to IBM’s Cost of a Data Breach 2023 Report.

JLStock / Shutterstock.com

JLStock / Shutterstock.com

JLStock / Shutterstock.com

How do I get infected by ransomware?

Ransomware infections can happen in many ways, but here are some of the most common attack vectors for individuals:

Phishing. Cybercriminals send out emails with malicious attachments, hoping you’ll download and open them. When you do, the ransomware activates and infects your system. These emails usually convey a sense of urgency so you’ll panic and act before thinking.

But it’s not just emails. Phishing can also happen through SMS or messaging apps. You may receive a text message pretending to be from a reputable company, asking you to click a link for some urgent reason (e.g., win a prize, confirm details, avoid a ban, etc.). But when you click it, you unknowingly download ransomware to your device.

Shady downloads. Any time you download software on the web, you have to be 100% sure that you trust the source. Lots of shady sites pretend to offer free downloads for popular premium software, but they end up serving you malware instead — including ransomware.

Security vulnerabilities. If you have out-of-date software or systems that have fallen behind on security patches, attackers may be able to exploit vulnerabilities to gain access to your device and plant ransomware.

Similarly, attackers could gain control of your device through things like Microsoft’s Remote Desktop Protocol (RDP). If your RDP credentials are weak, attackers could gain access via brute-force; if your RDP credentials are leaked, they could acquire them and gain access that way. Then, once they have access, they can plant ransomware.

Further reading: Must-know PC security tips

What are the signs of a ransomware infection?

Your security software is turned off. Some ransomware can detect that you have security software installed and disable it to avoid being caught. If you notice that your security software is suddenly off for some reason, it’s worth looking into.

Your device is hot, laggy, or noisy. Lots of ransomware will first scan your device for files, then encrypt them. The encryption process can be resource-intensive, resulting in system slowdowns, battery drain, high CPU temps, laggy applications, and loud fans. If you notice these signs out of the blue, check for malware.

Your files have weird extensions. When ransomware encrypts a file, it may tack on a different extension to the filename. For example, the STOP ransomware adds the “.STOP” extension to encrypted files, turning “image.jpg” into “image.jpg.STOP” and so on.

Other examples of ransomware that change file extensions include Djvu, Leex, Mercury, and Shadow.

You can’t access files you normally could. If you have documents, images, or other files that should be accessible but aren’t anymore for some reason, they may have been encrypted by ransomware — even if their file extensions haven’t changed.

Similarly, if you find that certain files have gone missing and you’re absolutely positive that you didn’t delete them, it’s possible that they’ve been taken captive by ransomware.

You see a ransom note. The most unmistakable sign of a ransomware infection is that you find a strange new text file on your desktop with a filename like “DECRYPT_INSTRUCTIONS.txt” or “How_to_Recover_Files.txt” or similar. Within that text file you’ll likely find ransom payment instructions.

Alternatively, you may see a pop-up message with ransom details or you may get locked out of your system and see ransom instructions.

IDG / Matthew Smith

IDG / Matthew Smith

IDG / Matthew Smith

Should I pay the ransomware ransom?

No, for several reasons.

There’s no guarantee that you’ll get access to your files again even after paying the ransom. The cybercriminals may simply run with your money — or they may demand even more money.

Paying the ransom could also mark you as a target worth attacking again because they know you’re willing to pay up.

Even if the cybercriminals do provide you with a decryption key after payment, it may not work — or your files might get damaged during the decryption process.

By paying, you also show that ransomware is effective and profitable, encouraging others to engage.

Is it possible to recover data from ransomware?

Yes, but it’s extremely difficult and not guaranteed to work.

Unless you’re a cybersecurity expert, you should avoid trying to recover data lost in a ransomware attack by yourself.

That said, a tool like Crypto Sheriff by No More Ransom might be able to diagnose your exact strain of ransomware and may even be able to provide a decryption tool if one exists. Again, there’s no guarantee that the decryption tool will work, so proceed with caution.

For the best chance of recovery, we recommend contacting a professional service that specializes in ransomware recovery, like OnTrack. It won’t be cheap and you’ll likely have to pay even if the recovery fails, but if you absolutely need your data back, this is the best option.

Further reading: What to do if you’re hit by ransomware

How do I protect myself against ransomware?

Back up your data regularly. If you always have a recent backup of your data, most ransomware types can’t hurt you. You can simply reset your device and restore your data—but only if you’re good about keeping backups. The best Windows backup software can help with this.

Stay on top of security updates. Security patches are important because they plug holes that cybercriminals use to infiltrate your devices. Putting off these updates will leave you vulnerable, so don’t neglect them. This means both software and operating system.

Learn to spot phishing attempts. Phishing emails and messages are so dangerous because they’re surprisingly easy to fall for. Knowing how to identify a phishing attempt can go a long way towards keeping you safe, but they can still be deceptively hard to spot. At the very least, never click on unsolicited links and never open unsolicited attachments.

Avoid shady websites. Stick to trusted, reputable websites and never download anything from an iffy website. Typically, any website that seems to be offering something too good to be true is probably trying to trick you into a scam or downloading malware. When in doubt, move on.

Use antivirus software. Good antivirus software will stay on top of new ransomware strains and protect you against dangerous or suspicious files. Even if you think you’re alert enough to never catch malware, it only takes one mistake or lapse in judgment—and antivirus software can help protect you when that happens.

Antivirus, Security Software and Services