How Ransomware Works and How You Can Help Stop It

The information stored on personal and business computers is often sensitive, vitally important, and critical to its owners, be they private citizens, national companies, or global conglomerates. Ransomware launched by cybercriminals, like the Blackbaud ransomware attack, threatens the security of that information and puts people at risk. Knowing how ransomware works can help organizations avoid an attack.

What Is Ransomware?

According to the tech powerhouse Cisco, malicious software that can lock and encrypt a computer’s files and operating system once installed and virtually hold it for ransom until the hacker who installed it chooses to remove it is called ransomware.

Cybercriminals plant the software remotely – usually gaining access by tricking their targets into opening a file that triggers the download of the software – then typically give their victims a deadline and a demand for payment to release the files.

That’s how ransomware works.

“Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization,” the cybersecurity company McAfee says. “It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.”

How Ransomware Works to Extort Victims

There are several kinds of ransomware attacks.

Crypto malware encrypts a computer’s hard drive and files, meaning it converts the language and coding of the files to a unique, secret coding, which makes them unreadable and unusable, the experts at Norton, another cybersecurity company, say.

Locker-style ransomware will lock the computer or device completely. Software that starts out with a pop-up saying problems have been detected on your computer and encouraging you to “click here” to “clean it” and then installs the ransomware is known as scareware. “Some types of scareware lock your computer,” Norton says. “Others flood your screen with annoying alerts and pop-up messages.”

Leakware, also referred to as extortionware and doxware, is the kind of ransomware that “threatens to publish your stolen information online if you don’t pay the ransom,” Norton says.

Is Ransomware the Same as a Data Breach?

How ransomware works is not quite the same as a data breach, even if the data that is accessed is held for ransom, according to the cybersecurity company Panda Security. “Ransomware generally restricts access to the data on infected machines until the ransom is paid,” Panda’s website explains. “A data breach (is) a security incident in which sensitive or confidential data is copied and stolen from the organization, it can then be used in a number of ways both for financial gain and to cause harm.”

How to Prevent Ransomware Attacks

Antivirus and cybersecurity software can help to prevent ransomware attacks. Modern antivirus and malware detection programs are usually quite effective for personal computers, particularly since the companies that make and sell the software regularly update their products to compensate for changes in the ways hackers design ransomware.

Installing the latest updates is crucial to continued prevention. McAfee and Norton say.

Cybersecurity experts say it’s also best to keep operating systems, software, and applications current by installing available updates as soon as they become available. Software companies are regularly redesigning their programs to fix bugs, patch holes in security systems and add new protection features.

Another of the most frequent pieces of advice cybersecurity experts offer to prevent ransomware – and every other form of malicious software – from infecting a computer system is to avoid opening suspicious emails from unknown senders and opening attachments to those emails. Referred to as phishing scams, that kind of email-based invasion can send messages that mimic known senders and lull recipients into a false sense of security that the email is legitimate. Users should be vigilant. When in doubt, delete the message instead of opening it, the experts suggest.

Can Victims File a Ransomware Lawsuit?

It is uncommon for the culprit behind a ransomware campaign to be identified, but victims of cybersecurity attacks sometimes have legal recourse, especially if there is evidence someone else is liable for putting their personal information and files at risk.

Blackbaud, one of the biggest international providers of financial and fundraising software for nonprofits, institutions of higher education and healthcare organizations, among others, was subjected to a ransomware attack in May. The company disclosed that it paid a ransom to the cyber thieves, who reportedly destroyed the data they had illegally copied during the theft.

Officials from Boston University and Harvard University revealed both had been subject to the crime.

At least one civil lawsuit has been filed against Blackbaud, claiming the company was liable for not protecting its systems and data well enough.

Some of the civil cases filed over ransomware attacks have resulted in significant financial settlements. Such was the $6 million settlement with Banner Health in 2016, which involved the illegal access of data on 2.9 million unsuspecting patients.

Top Class Actions can help explain how ransomware works and connect victims of ransomware attacks and other cybercrimes with experienced lawyers who might be able to help them seek justice and compensation in civil court.

Join a Free Blackbaud Ransomware Attack Class Action Lawsuit Investigation

If you are a current or former university student or nonprofit employee whose information may have been affected in the recent Blackbaud ransomware data breach, you may be able to join this Blackbaud ransomware data breach class action lawsuit investigation.

Get a Free Case Evaluation

This article is not legal advice. It is presented
for informational purposes only.