Skip to Content
Security & privacy

New twist on ransomware could cost you big time

A couple years ago, the FBI warned that ransomware was the fastest-growing malware threat, targeting users of all types. One reason ransomware is so appealing to criminals is how easily it can be spread to victims.

In most cases, a botnet sends out millions of malicious emails to potential victims in a matter of minutes. The phishing emails are usually pretty generic and can be used to target most anyone.

But there’s a big change in the way ransomware is being delivered now. And it could end up costing you big time.

Ransomware scammers changing things up

So how are crooks spreading ransomware now? They’re making malicious messages more personal, with spear-phishing emails.

If you’re unfamiliar with ransomware and what it does, you should know that this is not your average malware infection. When a device is infected with this particular type of malware, you lose access to critical files.

Once the victim’s computer, laptop, smartphone or tablet is infected, they basically have only two options: Pay the ransom to receive the decryption code, or lose access to everything stored on their hard drive.

The FBI always tells people to never pay the ransom. Since we’re dealing with unethical criminals to begin with, there’s no guarantee they’ll give you back access to your data even if you pay up.

Ransom fees aren’t cheap either. FBI reports show the average attack costs an individual victim hundreds of dollars. For businesses, that number can be much higher. Which is why crooks have started incorporating spear-phishing into ransomware attacks.

Spear-phishing is a form of targeted email scam aimed specifically at an individual or organization.

By sending out carefully crafted phishing emails with identifiable personal or corporate information, the attackers make it appear that the messages are coming from legitimate and trusted sources. That makes it more likely an employee will click on a malicious link or document inside the email.

A successful spear-phishing campaign on a business can reel-in more money for the scammer than a traditional ransomware infection of an everyday Joe. The theory is a company would be more willing to shell out big bucks to recover important files than an individual would.

Defending against spear phishing and ransomware attacks

Be cautious with links

Do not follow web links in unsolicited email messages, it could be a phishing attack. If you need to contact a business or website, make sure to type the web address directly into your browser. This way, you know you’re not clicking on a malicious link that could lead to a spoofed site and stolen data.

Set up two-factor authentication 

Two-factor authentication (2FA) means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.

Use unique passwords

Many people use the same password for multiple websites. This is a terrible idea. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Tap or click here for new ways to come up with secure passwords.

Back up your critical files

With our sponsor, IDrive, you can back up all your PCs, Macs and mobile devices into ONE account for one low cost!

Go to and use promo code, Kim, to save 90% on 5 TB of cloud backup now! That’s less than $7 for the first year!

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me