Ransomware was the biggest digital threat of 2016. The FBI estimates that victims paid out nearly $1 billion in ransom last year alone.
The Locky ransomware campaign has been one of the scariest threats around. However, there is a new ransomware attack spreading like wildfire that you need to be worried about.
What is the new ransomware king?
If you follow us here at Komando.com, you know that ransomware is malicious software that encrypts data on your computer or gadget until a sum of money is paid. These attacks have become a favorite of scammers, partially because of the ease of anonymity. Not only is it a faceless attack but the ransom is usually paid with bitcoin, which makes this a nearly untraceable crime.
Cybercriminals promise to decrypt your files once the ransom has been paid, but there's no guarantee that they will actually do this. Some ransomware attacks discovered last year actually deleted the victims' data the moment their gadget was infected, never intending to decrypt it when payment was made.
What's happening now is, a new attack making the rounds has taken over as the ransomware king. It's called Cerber and accounted for 90 percent of Windows ransomware attacks during the first quarter of 2017. The formerly popular Locky is almost non-existent at this point, accounting for only 2 percent of attacks.
One reason Cerber is so rampant is the fact that it's ransomware-as-a-service (RaaS). RaaS is a user-friendly type of ransomware that can be deployed by anyone, even if they have very little technical ability. How it works is, an experienced hacker writes the ransomware code and sells it to others on the Dark Web for deployment.
The buyer then sets the ransom and payment deadline, along with the distribution style. The code developer then gets a cut of all ransom paid. It's super easy for anyone with aspirations of becoming a cybercriminal to do so.
Cerber is being distributed through phishing emails. The email contains a link that leads the victim to Dropbox. If the link is clicked on, the Cerber payload downloads automatically and encrypts the files found on the victims' gadget.
How to handle a Cerber attack
Since Cerber is distributed through a phishing email, you need to know how to spot one. Take our phishing IQ test to see if you can spot a fake email.
Also, you need to be very cautious with links found in unsolicited emails, it could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
When dealing with a ransomware attack, some law enforcement agencies have recommended not paying. The theory is there is no guarantee that you will get your files back. Some of the criminals behind these attacks have claimed to return victims' files once they pay but actually, the files are deleted the moment the gadget is infected.
Obviously, it's best to not be infected with ransomware. To help prevent a ransomware attack, the FBI has these suggestions:
- Back up data regularly - this could be the best way to recover your critical data if you are infected.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails.
- Download only trusted software - make sure the software you download comes from trusted sites.
- Have strong security software - This will help prevent the installation of ransomware on your gadget.
Bonus: In the event that you accidentally fall for a ransomware scam, you need to have your data protected. We recommend using our sponsor, IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Click here to receive a special discount of 50 percent.
If you want to learn more about ransomware, listen to our podcast on how to avoid ransomware pitfalls.