So, what is ransomware and why should it matter to me?

According to the U.S. government’s Federal Bureau of Investigation (FBI), “Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data… Once the code is loaded on a computer, it will lock access to the computer itself or data and files stored there. More menacing versions can encrypt files and folders on local drives, attached drives, and even networked computers.”

The FBI’s article goes on to make the unsettling point that “Most of the time, you don’t know your computer has been infected. You usually discover it when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments.”

An early November 2022 report from the U.S. Financial Crimes Enforcement Network (FinCEN), stated that “ransomware continues to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public.”, and that “at least 1,251 ransomware-related incidents occurred between 1 January 2021 and 31 December 2021. The total value of these incidents was roughly $886 million.” By “total value” the report is summarizing the approximate financial cost of these attacks to the government, companies and people.

Ransomware attacks primarily strike businesses, because they are bigger targets with more money

Most ransomware is targeted at businesses, since they can pay much higher ransoms than consumers. For example, in May 2021, an Atlanta-based pipeline company, which carries gasoline and jet fuel from Texas through the Southeast and up to New York, suffered a ransomware cyberattack that crippled computers managing the pipeline. The company halted all pipeline operations to contain the attack. The company then paid the ransom to the hacker group of 75 Bitcoin cryptocurrency (worth approximately $4.4 million at the time) within several hours.

But ransomware can also attack anyone’s personal computer, and it can be tough, unrelenting, and extremely harmful

All it takes is to click on a malicious link, download an infected file, or accidentally end up on a compromised website to have a computer taken over. When a computer is compromised, a ransomware demand message will pop up in a web browser or over the entire computer screen. The computer has now been hijacked and may even be completely locked up and totally under the control of hacker’s ransomware. The false message could claim to be from the FBI or other government law enforcement agency. It will say that you need to pay a financial penalty for your computer to be unlocked and provide a link to make a payment. If a user follows the instructions, they may pay hundreds of dollars to ransom their computer—and the hacker may still not unlock the computer after the payment is made. The crook may now have your credit or debit account details, and the computer may still be fully infected.

How to help prevent a personal ransomware attack

Dedicated, experienced and smart hackers are always working to get new victims. But it’s possible to make their job harder by being informed and cautious. What can you do to lessen the chance that your computer be taken over by ransomware? Here are a few suggestions:

• Never, ever, ever click on unknown and possibly unsafe internet links. Try to look at the entire URL of a link before clicking on it. Do not click on links in spam messages or on websites you are not familiar with and have no reason to trust. Clicking on malicious links can send you to an infected site or initiate an automatic download of malware, including ransomware.
• Don’t open suspicious email attachments, whether the email is from someone you know or a stranger. Image, video, or document (including .pdf and spreadsheet files) email attachments can all be infected with malware that starts installing as soon as you download and open (or just open) an innocent-looking, normal attachment. Pay very close attention to the sender’s name and check that the email address is correct—and consider calling them on the phone to confirm the message and attachment are authentic. If it’s downloaded, any attachment—even from a trusted source—should always be scanned with antivirus software before the attachment is opened.
• It’s best to avoid using any USB flash memory sticks, secure digital (SD) cards, or other storage media from unfamiliar sources. If you don’t know it, don’t trust it. Do not connect USB sticks or other storage media to your computer if you do not know where they came from, since hackers could have infected storage drives and cards with malware that is lurking to attack an unwary user. Any storage device should be scanned for malware by an antivirus program as soon as the device is inserted into your computer and before accessing any files on the device. And about antivirus programs; you might…
• Research getting an antivirus program for your personal computer, since no computer system is completely invulnerable from being attacked and infected. Although computer operating systems can have some built-in protections against viruses, worms and other types of malware, specialized antivirus software from reputable cybersecurity firms could provide an additional level of security. This software generally has a recurring annual cost for a personal software license, but if you can’t pay for a license, then a number of global, well-known, antivirus/antimalware software companies still offer free versions of their software with its basic functions active. If you install antivirus software, check the settings on the program to be sure that it is covering your computer files, folders and programs. Also be certain that the program is set to both automatically scan your computer for infections and update itself against always evolving threats.
• Update your software regularly to limit vulnerabilities in your programs. Keep operating systems' security software and internet browsers (and other software) current with the latest version updates from computer software manufacturers. Keep computer operating systems (such as Microsoft Windows^®, Apple^® MacOS, Linux or Google^® Chrome OS), protective software (examples are antivirus and a firewall), and internet browsers (including Google Chrome, Firefox^®, Microsoft^® Edge, Opera^®, Apple Safari^®, Vivaldi^®, and others) patched and updated to the current versions. Consider turning on automatic updates to keep up with the latest fixed and improved versions of these programs.
• Download programs, music, video, image and document files only from known and trusted websites. If you don’t know a download source, then don’t use it. Never download software and media files from strange websites that may not be trustworthy. It could also be helpful to scan all downloaded files with an antivirus program before opening the files.
• Check that any website address (or URL) in the address bar of your internet browser uses the prefix of "https" instead of "http"; for example for Delta Community, the address should show https://www.deltacommunitycu.com/us/en/knowledge-center/blog.html. If you see https, the added “s” means that the connection between the internet site’s computer server and your internet browser is encrypted with a Secure Sockets Layer (SSL), and this SSL encryption should offer some additional security for the integrity and safety of the site you’re visiting.
• Investigate going virtual with a real Virtual Private Network. For your computer (or cellphone), a Virtual Private Network (VPN) could increase the security of your connection by encrypting it so it’s more protected from hackers. A VPN is both software and a service that creates what can be described as an encrypted data tunnel and all your internet traffic goes through it, making your connection and communications almost issnvisible and protected from some intrusions. Many VPNs are paid services, but some of the service providers offer free VPNs for a pre-set amount of data.
  
• If you think someone is trying to defraud you or has already scammed you, collect and report the details (dates and times of contact, emails, phone numbers and phone records, website addresses, text messages, names of contacts or companies that were used), to the U.S. Federal Trade Commission at ReportFraud.ftc.gov. The FTC’s other website, ftc.gov/MoneyMatters, can also assist in spotting, avoiding and reporting scams.

Free personal cybersecurity advice can be valuable, and more knowledge could be an investment in your online security

Would you like more advice at no cost? Additional information on protecting yourself is available from Delta Community’s blog and security posts:

• Avoid fake check scams.
• Learn check-writing tips.
• How to hang up on imposter scams, part 1.
• How to hang up on imposter scams, part 2.
• Did you know that only scammers get paid with gift cards or cryptocurrency?
• Think for a minute, and then don’t click 'unsubscribe' from spam emails and texts—managing spam.
• Learn how to make your mobile and online payments safer.
• How to protect yourself online while working or learning from home.
• Why to question your security questions.
• ​How to secure your home network.
• You should know how to tell if someone’s stolen your identity and how to prevent it.
• How to get a stronger password and use a password manager.
• Be on the lookout for phishing, smishing and vishing attacks.
• Be vigilant for spoofed phone calls.
• Harden your email account against an attack.

There are also free Delta Community Financial Education Center public live, in-person workshops and on-demand webinars on many different money-related (and some cybersecurity) topics. You can visit the Financial Education Center's Events & Seminars page to register for its sessions.