Ransomware

What is ransomware

Ransomware typically involves criminals gaining access to a network or device and encrypting data to make either the system or data inaccessible to users. Cybercriminals demand the payment of ransom in order for victims to be able to decrypt their data or regain access to their networks.

Ransomware can impact a range of devices, from personal mobile devices through malicious applications to entire corporate networks. Ransomware infections can vary in their technical sophistication and level of compromise.

Below are some common types of ransomware:

• crypto ransomware: removes access to your files by replacing them with encrypted data
• locker ransomware: blocks the login access on your device
• lock screen ransomware: it locks the computer's screen and demands payment. No personal files are encrypted.

Cybercriminals will also often attempt to extort victims by threatening to leak victim data online, and harass victim customers and employees to extort ransomware payments from victim organizations.

Most ransomware incidents start with an email phishing campaign. The email will contain an attachment which can be an executable file, an archive or an image or a link. Once the attachment is opened or the link is clicked, the malware is then released onto the user's system. The malware can remain dormant for many days or months before files or systems are encrypted or locked.

Other ways networks and devices can be affected are:

• visiting unsafe, suspicious or compromised websites
• inserting an infected external device (USB drive) into a device
• exposing the systems to the internet unnecessarily or without robust security and maintenance measures

Warning signs and how to protect yourself

• Be cautious of any unsolicited email
• Do not respond to suspicious emails and do not click on any links in them
• Ensure a backup plan for your data that is consistent and frequent
• Have multi-factor authentication and anti-malware software
• Ensure regular software and system updates/patches as well as frequent system-wide password changes
• Publish and enforce an employee security policy
• Work with law enforcement when developing and testing an incident response plan
• Report, report, report!
• Visit the Canadian Centre for Cyber Security for additional information on ransomware and cyber security advice, guidance and services

Why you should report ransomware to local police and the CAFC

In order for law enforcement to combat fraud and cybercrime, it is essential that those who experience, or fall victim, report it to their local police and the CAFC. Local police are positioned to respond to victims in their jurisdictions and the CAFC supports law enforcement by sharing information collected through these reports to the National Cybercrime Coordination Unit (NC3) and its partners. Learn more about why you should report cybercrime and fraud.

Note: The CAFC and the NC3 have a close working relationship given the strong and evolving links between fraud and cybercrime. The two programs provide distinct services to the law enforcement community to combat crimes related to these domains and will increasingly provide highly coordinated services when there is a connection between fraud and cybercrime activities.

Date modified:

2022-05-11