Ransomware
Scam medium:
- Email and text
- Internet
Targeting:
- Businesses
- Individuals
What is ransomware
Ransomware typically involves criminals gaining access to a network or device and encrypting data to make either the system or data inaccessible to users. Cybercriminals demand the payment of ransom in order for victims to be able to decrypt their data or regain access to their networks.
Ransomware can impact a range of devices, from personal mobile devices through malicious applications to entire corporate networks. Ransomware infections can vary in their technical sophistication and level of compromise.
Below are some common types of ransomware:
- crypto ransomware: user's files/data is encrypted (made inaccessible) until a ransom payment is made
- locker ransomware: user is locked out of their computer or electronic device until a ransom payment is made
Note
Just because a payment is made doesn't guarantee the return of access to your files or devices.
Cybercriminals may use a combination of threats during their attack to pressure victims into paying. These threats include:
- encryption
- public release of stolen data
- threatening distributed denial of service (DDoS) attacks
- harassing customers, clients or employees of the victim
Many ransomware incidents start with an email phishing campaign. The email will contain an attachment which can be an executable file, an archive or an image or a link. Once the attachment is opened or the link is clicked, the malware is then released onto the user's system. The malware can remain dormant for many days or months before files or systems are encrypted or locked.
Other ways networks and devices can be affected are by:
- visiting unsafe, suspicious or compromised websites
- inserting an infected external device (USB drive) into a device
- exposing the systems to the internet unnecessarily or without robust security and maintenance measures
- downloading an unsafe or suspicious application or software on to your computer or mobile device
Warning signs and how to protect yourself
- Be cautious of any unsolicited email
- Always do your research before downloading applications or software online
- Do not respond to suspicious emails and do not click on any links in them
- Ensure a backup plan for your data that is consistent and frequent
- Have multi-factor authentication and anti-malware software
- Ensure regular software, application and system updates/patches as well as frequent system-wide password changes
- Publish and enforce an employee security policy
- Work with law enforcement when developing and testing an incident response plan
- Report, report, report
- Visit the Canadian Centre for Cyber Security for additional information on ransomware and cyber security advice, guidance and services
Why you should report ransomware to local police and the CAFC
In order for law enforcement to combat fraud and cybercrime, it is essential that those who experience, or fall victim, report it to their local police and the CAFC. Local police are positioned to respond to victims in their jurisdictions and the CAFC supports law enforcement by sharing information collected through these reports to the National Cybercrime Coordination Unit (NC3) and its partners. Learn more about why you should report cybercrime and fraud.
Note
The CAFC and the NC3 have a close working relationship given the strong and evolving links between fraud and cybercrime. The two programs provide distinct services to the law enforcement community to combat crimes related to these domains and will increasingly provide highly coordinated services when there is a connection between fraud and cybercrime activities.
- Date modified: