Earlier this week, a Petya-based ransomware virus targeted the Ukraine in the largest cyberattack the nation has ever experienced, taking down the central bank, postal services, and commercial enterprises such as the Antonov aircraft manufacturer. While as of about 3 days ago, the attack had peaked and was more or less contained, we expect to hear many more similar reports in the coming months. Ransomware attacks have become a definite, unfortunate trend.

Ransomware itself has been around in primitive forms since the late 80s, but the first splash of its modern incarnation came in 2013, when an insidious virus called CryptoLocker infected thousands of computers and collected an estimated $3 million in extortion payments. That success, combined with how simple malware is for criminals to execute, has propelled it to become a popular tactic in the villainous world of cybercrime.

How ransomware does its dirty work

Ransomware usually infects your system through a phishing email that tricks you into clicking a bad link, but it can also get in if your operating system (OS) is outdated and lacking recent software updates that fix vulnerabilities. But cybercriminals are always developing new infection methods, such as the WannaCry ransomware worm that attacked entire computer networks in May, hitting over 400,000 machines without the user having to click anything. This is the terrible reality of worms – they duplicate themselves so they can “burrow” into every computer attached to a network they infiltrate.

Ransomware typically scans files on your computer, identifying which seem important or valuable, then encrypts those files, effectively “kidnapping” them. If a large organization is the victim of a ransomware attack, these kidnapped files can be important databases without which the business essentially freezes. In the case of home users, these files can be anything personal or sensitive, such as financial documents or photographs.

When you try to click on the hostage files, you trigger a screen demanding that you pay a ransom to regain access to the files. The sum varies with the criminal, but the average amount is $300. Ransomware typically also gives you a deadline, after which, if you haven’t paid, your files will be gone forever.

While this is the most common way ransomware works, variations exist. ScreenLocker is a strain that freezes your system, preventing you from performing any task except for paying the ransom. Doxware, another strain, captures personal information that it uses in turn to blackmail you, threatening to post the info publically if you do not pay. In an effort that is 99% fearmongering, ScareWare demands a ransom, saying your system is being attacked, when in reality the perpetrators aren’t actually harming your data – they’re just bullying you.

How can you defend against ransomware?

As popular as it is on the cybercrime circuit, ransomware is not bulletproof. You can outsmart it, with these 4 anti-ransomware practices:

1. Our first, most basic advice is the strongest: keep backups. If you have workable versions of what cybercriminals have “kidnapped,” they have no power over you.
2. Always keep your operating systems and program software updated so you have the latest protections, and install a strong antivirus system that includes ransomware protection.
3. If your files do get infected, don’t lose hope: instead, search through the many free decryption tools available online to see if someone has developed a way for you to free your encrypted files. Good guys release decryption tools just as often as bad guys launch encryption attacks.
4. And while you may be tempted, don’t pay the ransom. Paying does not guarantee your files’ safe return. Once they have your money, the cybercriminals may decide to just leave your files encrypted. Paying also motivates them to strike again and again.

Avast has new ransomware solutions

Avast antivirus technology stops more than 1.5 billion malware attacks each month, blocking all types of hacks, including Petya-based ransomware. Even if a ransomware virus somehow makes it through our multi-tiered security screening, we have a deep-level protection called Behavior Shield that kicks in, scanning all running software for suspicious behavior. If a file shows signs of acting abnormally, Behavior Shield immediately detects, quarantines, and destroys it.

We also offer new protection, called Ransomware Shield, a safeguard that keeps your most valuable files from being encrypted by shrouding them in extra layers of defense.

The threat is real, but so is the solution. Empower yourself with knowledge to defend against the current wave of predatory targeting. When you know you're protected, you don't live in fear. Learn more about the new Avast Ransomware Protection.