These articles are for general information purposes only and are not intended to provide legal, tax, accounting or financial advice. PNC urges its customers to do independent research and to consult with security, financial and legal professionals before making any financial decisions. This site may provide reference to internet sites as a convenience to our readers. While PNC endeavors to provide resources that are reputable and safe, we cannot be held responsible for the information, products or services obtained on such sites and will not be liable for any damages arising from your access to such sites. The content, accuracy, opinions expressed and links provided by these resources are not investigated, verified, monitored or endorsed by PNC.
Ransomware: It’s Personal
If you’ve heard of ransomware attacks, but are confident that you’re not a target — think again. Your personal devices and network are at risk, and so are the businesses and organizations with whom you and your family interact. Consider that:
- Home sales in a major U.S. city were suspended when real estate records couldn’t be accessed.
- A 911 response center was impacted when computers at the local fire and police departments were temporarily offline.
- A public school system unexpectedly suspended remote learning when they lost access to servers.
- Medical procedures were postponed when a healthcare system’s access to medical records was restricted.
The fact is, ransomware attacks are a threat to everyone. That’s why it’s vital to know how to identify cybercrime and protect yourself.
Ransoms and reporting
The FBI doesn’t recommend paying ransom to any criminals because:
- It doesn’t guarantee you will regain access to your data and/or systems.
- Criminals don’t always provide decryption keys.
- The same or other cybercriminals might repeatedly target you.
- This may encourage more ransomware crime.
- You might incur fines and civil penalties for violating the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) laws, which prohibit transactions with a sanctioned entity.
Ransomware attackers are professional, organized criminals. According to PNC Enterprise Technology & Security, they reinvest the ransoms to develop better attack tools and talent.
REMINDER: If you receive a suspicious email or text that claims to be from PNC, forward it to PNC Cyber Defense at abuse@pnc.com, and include background information in your email.
What is Ransomware?
Ransomware is malware that attempts to prevents users from accessing data by encrypting it with a cryptographic key that is known only to the hacker1. The data — which is typically critical to business or system operations — is unusable until the victim pays a ransom. A pop-up message on the locked screen notifies the victim of the ransom’s terms. In some cases, the hacker threatens to sell the encrypted data.
Verizon estimates that in 2020, ransomware attacks accounted for 27% of all malware activity. This is a 20% increase from 20192. These attacks can result in:
- Temporary or permanent loss of sensitive information, personal files and data
- Financial losses related to the restoration of systems and files
- Disruption to business operations that can negatively impact people
Who is impacted?
Initially, ransomware criminals attacked personal computers; however, these professionals are increasingly targeting government entities, non-profit organizations and businesses of all sizes. According to PNC Enterprise Technology & Security experts, small to medium-sized business are primary targets because they often have a simple network infrastructure, lack dedicated IT and security personnel, or have insufficient access to control policies.
Methods of Attack
Attackers have many methods of delivering malware, including:
- Phishing emails: An email recipient opens a malicious attachment or clicks on a compromised link.
- Drive-by download: A compromised website downloads malware onto your device without your knowledge.
- Strategic attacks: These attacks target software vulnerabilities.
- Remote desktop protocol compromise: A user logs on to a computer remotely, and hackers use brute force methods and credentials which they purchased on the dark web.
Responding to an Attack
If you receive a ransomware message, stop it from spreading to shared network resources (such as file shares) by:
- Unplugging ethernet cables
- Turning off Wi-Fi and Bluetooth
- Putting the device in Airplane Mode
- Disconnecting external devices, such as USB drives, phones and cameras
- Contact a cybersecurity expert or consulting firm
- Reporting the attack! Contact a local Federal Bureau of Investigation (External) (FBI) Field Office and/or file a complaint the FBI’s (External) Internet Crime Complaint Center.
Take Precautions
The best defense is prevention. The tips below, while not all-inclusive, can help protect your business and personal devices from attack:
- Install the Russian keyboard option in your Windows system – Some Russian malware gangs program their malware to check for the presence of Russian (or other Cyrillic) keyboards on the system. If they find it, they may not attack that system. While not a guarantee, this is a simple step you can take, for free, that will not impede your use of your system in any way:
- Hit the Windows button and “X” at the same time
- Select “Settings” then “Time and Language” then “Language”
- Scroll to the Russian or other Cyrillic option.
- Pick one, then reboot.
- Never click on links or open attachments in unsolicited emails or texts. Verify that the email or text is legitimate with the sender and only use known contact information, not the information within the suspicious email/text.
- Update software and operating systems with the latest patches. Hackers target outdated applications and operating systems.
- Regularly back up your data on a separate device and store data offline.
- Don’t respond to requests for sensitive personal or financial information. Verify request first with the sender using known contact information. Don’t use the contact information within the email or text.
- Maintain up-to-date antivirus software and scan software you downloaded from the internet before you install it.