Imagine that you’re in the middle of typing an email when suddenly everything on your computer locks up. A message appears on your screen saying that your hard drive is locked and all of your files are rendered inaccessible. The only way to get them back, the message says, is to pay.
This is an example of ransomware – a malicious piece of software hackers use to encrypt computer files and demand money in exchange for freeing them – which is becoming increasingly common.
The internet security company SonicWall reported there were 638 million ransomware attempts worldwide in 2016, up from 4 million in 2015. Dallas had the second-highest number of attempted malware attacks of all types – 9.8 million – last year, and Houston, Austin and San Antonio were also prime targets for data hijackers.
Nolen Scaife, a cybersecurity researcher at the University of Florida, says that ransomware has become a global problem because of the relative ease it takes to create. “Just about anybody with a little bit of computer skill can write a piece of ransomware,” he says.
Ransomware is also incredibly lucrative because many individuals and companies who are the targets of attacks simply have no other way to get their data back without paying the ransom, which can range from $100 to tens of thousands of dollars.
“This generates a lot of income, which generates a lot more people trying to pull off this attack,” Scaife says.
If you’re on the receiving end of a ransomware attack and don’t have your data backed up, Scaife recommends waiting a bit before paying the ransom.
“Typically what we’ll see with ransomware is within a day or within a few hours of these new variants coming out, if they’re developed poorly, folks in the security community will release decryptors that can actually get your data back… because of a flaw in the ransomware,” he says.
Malicious software is a game of cat and mouse: As computer scientists develop new techniques to detect and stop a particular kind of cyberattack, hackers will move on to something new.
“Ransomware is a more severe attack, but once we’ve developed a way to protect your data that’s relatively stable, I wouldn’t be surprised to see attackers move on to something else,” Scaife says.
Written by Molly Smith.