Explained: Is Ransomware a Real Threat? Should I worry?

Dennis Faas's picture

Infopackets Reader Tina A. writes:

" Dear Dennis,

I've been reading articles on the Internet about cyber criminals breaking into computer networks, encrypting files and then demanding a ransom. I've also read that if I leave my computer connected to the Internet, I could be susceptible to ransomware. I don't know what to believe. So my question is: is ransomware a threat? Is ransomware malware? Should I be worried? "

My response:

This is a pretty big question to answer.

The simple answer is that: yes, ransomware is a threat, and yes you can get infected with ransomware just by having your computer connected to the Internet. And yes, ransomware is malware. Ransomware is a billion dollar industry and affects regular users as much as it affects corporations and organizations - and it's not going away any time soon.

Below I'll go into a bit more detail.

Update 20190425: There is a lot of confusion regarding the definition of ransomware - that is, when a computer or a network of computers have their files encrypted by malicious software, then a ransom note is displayed on the screen that demands money be paid (to cyber criminals) in order to unlock files. That scenario is very different than users that are being blackmailed for a ransom (usually payable in bitcoin) through email or Facebook. This is commonly known as a "sextortion scheme", though the circumstances of what the "hacker" says may be different because the ransom message changes all the time. If you came to this page from a search engine because a hacker "hacked" your PC / smartphone and is demanding payment because he's spying on you (and is going to tell the world), then please read either of these articles:

Assuming you are here to read about the ransomware insofar as files being encrypted on your computer or computer network and whether it's real - read on.

Is Ransomware Malware?

Yes, ransomware is malware. The term "malware" is a portmanteau for the words "malicious" and "software". Therefore any software which is designed to be malicious in nature is considered to be malware.

A virus is malicious because it infects a computer and causes havoc, whether deleting user files, or propagating to another computer in the network to perform nefarious acts. Ransomware is also malicious in nature because it is designed to encrypt files on a hard drive, essentially locking the user out, then demands a ransom to unlock the files. Hence, ransomware is also considered malware.

Is Ransomware Real?

Yes, ransomware is real. I've been previously hired to clean up a corporate network infected with ransomware and it was no easy feat.

Many stories online regarding ransomware are about large companies and corporations getting infected, resulting in large sums of money to correct the problem. In the past, hospitals and police organizations have been hit with ransomware.

Some organizations opt to pay the ransom just to get their data back because there is no other viable alternative (and the data is worth more money than the ransom being paid). It's rare you hear about regular users getting infected with ransomware - perhaps because it's not as interesting to read about - but I can assure you that it definitely happens.

How can I get Infected with Ransomware?

As I mentioned, ransomware is malware. It's true that you can get infected with ransomware (like any other malware) just by having your computer connected to the Internet.

There are many ways to get infected with ransomware. Some examples include:

  • Not patching your system with Windows updates - this is the same as leaving the front door of your home wide open - anyone can walk in and take what they want. In the same respect, not patching your system can allow malware (and ransomware) onto your computer and network.
     
  • Using an out of date browser which has security exploits. This is similar to not patching the operating system.
     
  • Using out of date antivirus, antimalware, or having the firewall disabled. All of these security features are important in blocking malware, including ransomware.
     
  • Downloading a program from a website and executing it, not realizing that it's malware-laced which then downloads more malware (including ransomware) behind the scenes and infects you. The more programs you download off the Internet, the greater the risk, even if it comes from a reputable site.
     
  • Visiting nefarious websites that serve malvertising, which then infects the system and delivers a ransomware payload.
     
  • Using remote desktop programs such as (RDP, VNC, Teamviewer). Oftentimes these programs are not configured to run over a VPN by the user, which means the machine is wide open to the Internet. This is a HUGE no-no because the remote desktop program's password can be cracked (by brute force), or hackers can get in due to an exploit in the program. Once the machine is compromised, cyber criminals plant ransomware on the system.

There are many more ways you can get infected with ransomware (or malware) - these are just a few examples.

Is Ransomware a Threat?

Yes, however, this question depends on whether or not you have anything to lose and what your strategy is for dealing with a ransomware infection.

Keeping in mind that ransomware is designed to spread across a network like wildfire and infect as many machines as possible, let's look at a few examples:

  • If you only have one computer on the network and don't have any important files on it, and that computer was infected with ransomware, then this might be considered a low threat because the computer could be wiped clean, windows reinstalled, and virtually no loss of data incurred.
     
  • On the other hand, if you own a few PCs and laptops at home which share the same network and Internet, and if one of those machines became infected, then the ransomware could spread and infect other machines on the network, encrypting all your files in the process. If those machines contained important data and you didn't have any way to restore this data, then this would be considered a huge threat. Even if you had backups to restore the data, you would have to figure out how you got infected in the first place - otherwise it might happen again and again.
     
  • If you own a company and it has 10 or more employees (and 10 PCs), a few servers and data stores and one of the machines got infected with ransomware, that would be a massive threat because ransomware will keep reinfecting the network if you don't find out where it's coming from and plug the hole. Also, any down time means no revenue is being generated, plus you risk the possibility of losing business with clients.

Is Ransomware illegal?

Yes and no. The deployment and infection of ransomware is illegal, however being a victim of a ransomware is not.

Ransomware was developed by cyber criminals to infect as many machines as possible, encrypt as many files as possible, then demand a ransom to undo the damage; this activity is considered illegal. The criminals behind ransomware remain anonymous using fake email addresses and virtual currencies (bitcoin) to accept payment. Often the criminals live in countries, which makes ransomware an anonymous crime and virtually impossible to prosecute.

Is Ransomware a Data Breach?

Yes. As I mentioned previously, ransomware (like malware) can infect a machine and a network using various methods.

Being infected with ransomware is considered a data breach because it means your computer or network and anything attached to it could have been accessed by cyber criminals, which means that data has been potentially breached.

It is certainly possible that the ransomware could deploy other malware to relay any and all data back to cyber criminals. Once they have the data (for example, a database of email addresses and names), they could sell it to third parties. Similar schemes have been pulled off by criminals in the past; the Yahoo data breach is a good example, though they were not infected with ransomware.

I hope that helps.

Additional 1-on-1 Support: From Dennis

If all of this is over your head, or if you are concerned about whether or not you're protected enough against a potential ransomware attack, I can help using my remote desktop support service. Simply contact me, briefly describing the issue and I will get back to you as soon as possible.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (6 votes)

Comments

ron_weiskopf's picture

You might add that often claims that your computer has been infected are bogus and the only thing needed is to close the window. I've had that happen a couple of times from a site that was not particular about their advertisers.

Dennis Faas's picture

If you're describing a browser popup, yes those are bogus. However real ransomware will pop up with a window (such as with WannaCry) stating that your computer is encrypted - and those warnings are real. Make no mistake about the difference!

lmaz's picture

Thanks for this post it really explained clearly with regards to ransomware. <a href="https://toonblast.io">toon blast game</a>