Ransomware is EvolvingWe’ve talked before about the problem of ransomware and its broad impact on both individuals and important institutions, like hospitals and schools. Although some security experts have predicted that by the end of this year it won’t be as big a threat, there’s no chance it’s going to disappear altogether. What’s more, the phenomenon has mutated in unexpected and truly devastating ways. What are these changes, and more importantly, how can you continue to protect yourself from them? Continue reading as we talk about how ransomware is evolving, as well as provide tips to keep you safe from the worst aspects of this growing menace.

Ransomware is becoming more common

SonicWall, a network security company that was formerly a subsidiary of Dell, recently released the results of an investigation it conducted on ransomware, which found about 638 million attacks were conducted last year, up from just 3.8 million in 2015. That’s 167 times more attacks than in the previous year, a transformation SonicWall has called “meteoric.”

Ransomware has become so rampant that it recently outpaced traditional malware in frequency, with many scammers now favoring ransomware over traditional malware. Experts mainly cite the profitability of ransomware, which is now a billion dollar industry for criminals, as one of the key reasons for its explosive increase. In addition, would-be scammers no longer need to know how to code to successfully use ransomware. Mirroring the service platforms that real IT organizations sell to legitimate enterprises, hackers on the dark web sell ransomware code as well as tech support to individuals and criminal organizations. Now, anyone willing to pay a commission can get their hands on this type of malware and receive the assistance necessary for deploying it effectively. Worse yet, cybercriminals might be setting their sights on bigger fish, like Internet of things’ smart home products or even city infrastructure.

Ransomware can lock entire systems and is portable

Newer variants of ransomware no longer simply encrypt user files, like photos and documents, they may also encrypt critical system files that are essential for starting a computer. In other words, your device will be turned into a very expensive paperweight if scammers have their way with it. Another interesting development is that some versions of ransomware have been seen on platforms like Google’s Android phones, something we’ve written about before.

When it comes to mobile ransomware, Apple users can rest a bit easier (at least for now) knowing that the iOS ecosystem for iPhones is what’s known as a “walled garden,” meaning that Apple maintains strict control of what applications are allowed on its system, as well as what exactly users can or cannot do with their devices — Android’s ecosystem is a more open structure. While this limits the freedom of Apple product users, in some ways it also reduces the likelihood of users encountering vicious or device-bricking malware. This doesn’t mean that iPhone users are immune from ransomware, it just means that they’re a bit less likely to encounter something that will ruin their phones, assuming they’re not jailbroken. Even though they can’t fall victim to ransomware, it doesn’t mean Apple users don’t have headaches to deal with. As such, all mobile users need to exercise caution when it comes to avoiding risks that could expose their systems to ransomware. Be careful of what apps you install on your phone, as well as what links, text messages and emails you click on.

What can you do to protect yourself?

Keep in mind that everything we’ve discussed about how to deal with ransomware in previous blog posts still applies. Most importantly, maintaining backups is paramount. Doing so manually with external storage drives or through an online cloud storage or cloud backup solution, is ideal, but be aware that any drives and devices which are connected to your network at the time your computer is infected are also susceptible to being infected. Similarly, online backup and online cloud services synchronize files, which means changes that ransomware makes to your files and folders could be reflected online. Ideally, you should only access your backups on a drive or device that you rarely use and you should make backups to multiple drives for the sake of building redundancies — these are fail-safes that guarantee the moment something goes unexpectedly, you’re still prepared for worse case scenarios. In addition to backing up your information, there are a few other things you should take into consideration:

Keep your system up to date. By keeping your programs and apps up-to-date and having the latest operating system installed, you’re ensuring that whatever the pros learn from ransomware attacks (and create to defend against such attacks) is incorporated into your software, computer or smartphone. For example, Microsoft has heavily invested to make sure its newest operating system, Windows 10, is up-to-date and ready to defeat ransomware. Another example is Microsoft Edge’s use of sandboxing to isolate Adobe Flash (a vulnerable plugin) from interacting directly with your system, a feature that isn’t present in earlier Windows browsers.

Stay on guard. Ransomware can come from anywhere, but many attempts to infect systems typically come from malvertisments, phishing and social engineering. Making sure you’re aware of these techniques can effectively help you defend against them and limit your chances of falling victim to ransomware and other harmful types of malware.

Keep security in mind when purchasing smart devices. As 2016’s massive DDoS attack demonstrated, a lot of the devices that are part of the emerging Internet of things are unsecure. If you connect one of these insecure devices to your network, it’s simply one more entryway a hacker has into your home and computer. Or, if the smart device itself – like say, a thermostat – is a target, having a hacker hold it for ransom could turn your life into a complete nightmare. Imagine some Internet troll raising the your home’s temperature to 99 degrees in the middle of the summer, or locking your heater in the dead of winter, which not only tests your will to not give into the ransom as your own home becomes less comfortable, but also costs you money as your utilities bills spike. The best way to protect yourself from this is to purchase smart devices that allow you to set your own password for the device, and that the developers regularly create firmware updates for the product. Sadly, both of these features aren’t necessarily standard with smart products, so make sure you use due diligence before you buy.

Keep an eye on local laws. Certain states, like California and Maryland, have either already approved or are drafting legislation around penalizing ransomware. In many cases, these laws aren’t expected to do much because a number of cybercriminals are located overseas, but on the off chance you fall victim to cybercriminals located in the country, you’ll have some form of recourse, which you should be aware of.

Although it may seem like something that won’t impact you, ransomware is evolving and becoming a problem with the potential to affect anyone. For more information on malware and ransomware, keep reading our technology blog.