May 19 was Ransomware Info Day, a campaign launched by the Swiss Internet Security Alliance to help raise awareness about this particularly nasty type of malware. Microsoft, one of several backers of the outreach effort, is sharing some data about the spread of ransomware and some tips on how to avoid it.
Once ransomware worms its way into a victim's PC, it encrypts the user's files, effectively blocking access to the content stored on the infected system. Adding insult to injury, victims are typically instructed to pay a ransom to a botnet operator for the encryption key, enabling them regain access to their documents, photos and other files.
Ransomware can be a relatively minor inconvenience if users are diligent about regularly backing up their data—they can simply wipe their systems and start anew from a clean backup. For enterprise organizations, getting infected with ransomware can have a much larger impact.
Earlier this year, the Hollywood Presbyterian Medical Center admitted it had paid a $17,000 ransom to decrypt data that had been rendered inaccessible by malware. According to a study conducted by the Health Information Trust Alliance (HITRUST), 18 percent of midsize hospitals have been infected with ransomware.
In April, the FBI issued a bulletin alerting businesses to the alarming rise in ransomware attacks and the potential risks of not taking adequate precautions. "Paying a ransom doesn't guarantee an organization that it will get its data back—we've seen cases where organizations never got a decryption key after having paid the ransom," stated FBI Cyber Division Assistant Director James Trainor in the bulletin.
U.S. Is Top Ransomware Target
New data from the computer security experts at the Microsoft Malware Protection Center reveals that North America is hotbed of ransomware activity.
The United States ranks as the top ransomware target, with nearly 321,000 infected systems. Italy is a distant second with almost 79,000 systems, and Canada takes third place with 45,580 systems infected. The United Kingdom and Spain round out the top five with 38,068 and 35,992 infected machines, respectively.
Microsoft warns that some types of ransomware are more insidious than others. "Exxroute ransomware, for example, demands $500 and doubles the ransom as you delay the payment. It also starts deleting your files if you delay the payment," wrote the Microsoft Malware Protection Center team in a blog post. "It can also violate your privacy, disrupt your work or personal life, and possibly harm your reputation."
To avoid that fate, Microsoft is dispensing with common-sense advice like backing up files to external hard drives and/or cloud services, along with keeping the Windows operating system and antivirus software update to date. In Windows 8.1 and Windows 10, users can enable file history, a Time Machine-like backup feature that restores previous versions of files.
The company also suggests disabling macros in Office applications like Word, turning off the Remote Desktop capabilities in Windows and using the Edge's browser's SmartScreen feature to alert users when they're heading toward sites known to host exploits. The full list of recommendations is available in this blog post.