If you lost all the files and pictures on your computer or electronic device, how much would you pay to get them back? Cybercriminals think people will pay thousands of dollars to get their files returned and they know companies will pay millions to undo the damage.
Ransomware is a national security threat. We have seen a rise in ransomware attacks around the world targeting critical infrastructure, businesses small and large, hospitals, doctors' and dentists' offices, police departments, schools, and more. These attacks directly impact Americans' daily lives and the security of our nation.
2021 has already seen several damaging ransomware attacks on the American economy by shutting down or crippling large industries such as:
A quarter of JBS S.A.'s American beef operations were shut down for two days;
Colonial Pipeline was forced to shut off gasoline supply to much of the Eastern Seaboard for several days;
A San Diego hospital had its database shut down for two weeks;
CNA Financial Corp, one of the largest insurance companies in the U.S., was locked out of their network for two weeks; and
A water-treatment plant in Florida was hacked and lye was raised to dangerous levels in the drinking water. The US Department of Justice (DOJ) reports roughly $350 million in ransom was paid to cybercriminals in 2020, a 300% increase from the previous year. The DOJ together with the US Department of Homeland Security (DHS) and other federal partners have launched a new website to combat the threat of ransomware.
Ransomware is a form of malware that threatens the security of your electronic devices when it gains access to the device. It then encrypts and disables the entire operating system or individual files, locking a user out of their systems and preventing access to their information. Ransomware can also affect files stored on shared network drives, USB drives, external hard drives, and even cloud storage drives.
Once ransomware is planted, the computer screen will then typically flash a scary message from the hacker demanding a ransom, often threatening to sell, publish or destroy the file information if payment to obtain a decryption key to unlock the device or to otherwise restore access isn't made by a stated deadline.
A single careless moment is enough to trigger a ransomware attack in the user's systems. One of the most common paths to a ransomware infection is downloading malware by opening an attachment or clicking on a link in an unsolicited email. These emails trick users by pretending to be from a source they trust, such as fraudulent emails appearing to be from FedEx or UPS with an attachment or tracking link included. (This is known as a phishing scam.) For more information about fraudulent emails generally, please see the Attorney General's consumer alert "Fraudulent E-mail Thieves Intend to Steal Your Personal Information."
Another popular method is malvertising, or malicious advertising on a popular social media or legitimate website. The user is then redirected to a malicious site where malware is immediately downloaded when clicking the link.
Yet another tactic used by hackers involves using software to get around security holes.
Since malware is designed to remain undetected for as long as possible, it can be difficult to identify an infection before losing access and receiving a ransom demand. Software security can provide earlier detection.
If you become a victim of ransomware and are looking at a lengthy recovery process, it might be tempting to give in to a ransom demand. The Federal Bureau of Investigation (FBI) and other federal law enforcement do not recommend paying a ransom, stating that "paying ransom will not ensure that your data is decrypted or that your systems or data will no longer be compromised… In addition, attackers have begun following their ransom demands to decrypt data with a follow-on extortion demand to keep the data private." Paying attackers only leads to more scams and ransomware. If people pay the ransom, the incentives for criminals to keep spreading this malicious program increases.
There are several other reasons why paying is a bad idea:
You may never get a decryption key. Once you make the payment, you must rely on the integrity of the criminal behind the ransomware to provide you the decryption key.
You could get repeated ransom demands. Once you pay the ransom, the cybercriminals who deployed the ransomware know you are at their mercy. They may give you a working key only if you are willing to pay more.
The decryption key may work - kind of. Creators of ransomware aren't in the file recovery business; they're in the moneymaking business.
Decryption does not always work. The decryption process may corrupt some of your files beyond repair.
Once you pay the ransom, criminals know you are a good investment and may attack again in the future.
When it comes to protecting against ransomware, prevention is better than the cure. Whether you are using your home or a network computer where you work, there are a number of actions you can take to protect against ransomware.
Make sure all your devices are protected with comprehensive security software and keep all software up to date.
Update software often, as patches for flaws are typically included in each update.
Install reliable ransomware protection software.
Practice safe surfing; be careful where you click.
Don't respond to emails or text messages from people you don't know, and only download applications from trusted sources. Never click on links or open attachments in unsolicited emails.
Only use secure networks. Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN (virtual private network), which provides you with a secure connection to the internet no matter where you go.
Back up your data onto an external hard drive or cloud regularly. Remember to unplug your external device when not in use as some malware can also infect devices attached to your computer.
Never use USB sticks from unknown sources.
Stay informed. Keep current on the latest ransomware threats. Visit the Stop Ransomware website for alerts and comprehensive guidance and resources from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), the FBI, and other federal agencies regarding ransomware, how to mitigate risk and respond.
Report ransomware attacks to local law enforcement and federal enforcement agencies: FBI local field office, IC3 or Secret Service. CISA and local FBI can assist with appropriate response upon your request.
Your connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime online on a variety of topics.
Consumers may contact the Attorney General's Consumer Protection Division at:
Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909
Toll free: 877-765-8388
Online complaint form