Last week's massive ransomware attack that seized an estimated 200,000 computer systems in 150 countries demonstrated one thing very clearly -- most of us aren't prepared for something like this.
Ransomware, which appeared on the scene a few years ago, is a very different animal than the typical malware that is spread through phishing scams. It's simple extortion.
If the hacker is able to persuade you or someone on your network to click on a link in an email or pop-up, every file on your computer or network is encrypted.
Encryption is a security measure designed to make information more secure, but in this case it's being turned completely upside down. Only the hacker has the key to undo the encryption. To unlock your files, you must pay a ransom in untraceable Bitcoin.
So far, this scheme has mostly targeted large institutions with computer networks. In this latest attack, hospitals were a major target.
First, they have the money to pay the ransom. Second, they are served by computer networks with many users. All it takes is for one user to click on a link in a phishing email to launch the attack on all connected devices.
An international survey funded in part by the Internet Society finds people are largely unprepared to deal with a ransomware attack. Twenty-four percent had no idea what to do if their computer were taken hostage. Many said they would probably pay up.
“Ransomware attackers have discovered that they don't have to steal or destroy your data to enrich themselves, they just have to hold it hostage," said Fen Osler Hampson, director of global security at CIGI, a think tank. "Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable."
One organization not willing to pay is Disney. Deadline.com reports hackers used ransomware to seize control of the final cut of the upcoming "Pirates of the Caribbean" movie. The report says Disney has refused to pay the demanded ransom and is working with the FBI.
While most of the attacks are carried out against large organizations, individual computer users can also fall victim. While you should make sure your operating system has all the latest security updates, there are other steps you can take to prepare for a ransomware attack.
First, don't click on links in an email without checking it out first. The phishing emails are disguised to look like they are from legitimate organizations, such as a bank. Call the bank's fraud detection service and ask them if the email is legitimate.
Second, back up your important files -- the stuff you really don't want to lose -- to the cloud. A flash drive or external hard drive would also work, but you would need to disconnect the drive between back-ups. If a drive is connected to your computer during a ransomware attack, all the files on it will be encrypted.
The survey, conducted by research company Ipsos before last week's attack, found 6% of internet uses around the world had personally experienced a ransomware attack. Those numbers are expected to climb, so organizations -- as well as individual consumers -- had better get prepared now.