What is a ransomware attack? How to protect your files

If you haven’t heard of ransomware yet, then you’re lucky — you probably haven’t been the victim of an attack. This kind of malicious software can infect your computer and hold your files hostage until you pay a ransom to the attackers. That’s bad enough, but the negative consequences can be more than just financial.

In this installment of our security series, we'll explore what a ransomware attack is, the danger it poses to your personal and professional files, and most importantly, how to protect yourself before anything happens. Read on!

In a ransomware attack, a hacker gains access to your computer or network and encrypts your files, making them inaccessible. The attacker then demands payment, usually in cryptocurrency, in exchange for the decryption key to unlock your files. Ransomware attacks can be devastating — not only can important data be compromised or lost, businesses and individuals alike can also suffer significant damage to their finances and reputations.

Ransomware attacks typically occur in a few distinct ways, such as:

• Phishing emails designed to trick users into clicking on a link or downloading an attachment that contains the ransomware 
• Malicious downloads that get installed when users visit unsecured websites or download software from untrusted sources 
• Exploiting vulnerabilities in software or operating systems to gain access and install the ransomware 

Regardless of which tactic the criminal uses to infect their victim’s system, the rest of the ransomware attack is pretty straightforward. Once the ransomware is installed, it encrypts the victim's files. Then, the hacker behind the attack demands payment in exchange for the decryption key. 

To protect themselves from ransomware attacks, individuals and organizations should make sure to keep their software up-to-date, use strong passwords, and be cautious when opening emails or downloading files, especially from unfamiliar sources.

For more tips on keeping your digital data safe, check out our online security guide.

One of the most well-known ransomware attacks was called WannaCry and occurred in May 2017. The attack affected over 200,000 computers in 150 countries, including hospitals, businesses, and government agencies. 

The WannaCry ransomware exploited a vulnerability in Microsoft Windows operating systems, allowing it to spread rapidly across networks. Then, the ransomware encrypted the victims' files and demanded payment in Bitcoin in exchange for the decryption key. The attack caused widespread disruption and financial losses, especially because of its scale. For many people, this attack highlighted the importance of keeping software up-to-date and taking steps to defend against online threats like ransomware.

WannaCry isn’t the only well-known ransomware attack — there have been several high-profile examples in recent years. Here are a few notable ones:

• WannaCry: As we mentioned, the WannaCry attack in May 2017 affected over 200,000 computers in 150 countries.
• Petya/NotPetya: In June 2017, a version of the ransomware attacks known as Petya or NotPetya affected companies in Ukraine and quickly spread to other countries, including the United States. Although there are technical differences between Petrya and NotPetya, both strains are extremely disruptive and destructive.
• Ryuk: Ryuk ransomware has been used in several attacks against large organizations, including hospitals and municipalities. In the United States, the city of Baltimore was hit by a Ryuk attack in 2019 that disrupted city services and cost millions of dollars to recover from.
• Maze: This ransomware is known for its "double extortion" technique. With Maze, the attackers encrypt the victim's files, but also threaten to release sensitive data if the ransom isn’t paid. Maze has been used in attacks against companies in various industries, including healthcare and manufacturing.

These are just a few examples, but there are many more. And defending against ransomware attacks and other security issues isn’t just crucial for companies and local governments — there are important steps that individuals can take to protect themselves, too. Let's look more closely now at how to keep your data safe.

To protect your files from ransomware attacks, it's essential to take the following steps:

• Keep your software up to date: Make sure that your operating system, antivirus software, and other applications are updated regularly to patch any security vulnerabilities.
• Use strong passwords: Use complex passwords that are difficult to guess and enable multi-factor authentication (preferably with an app and not a phone number, to protect against SIM card swap scams) whenever possible.
• Backup your files: Regularly backup your important files to an external hard drive or cloud storage service.
• Watch out for suspicious emails: Don't click on links or download attachments from unknown sources, as they may contain malware or scareware.
• Use antivirus software: Install reputable antivirus software and update it regularly.
• Stay informed: Educate yourself — and your employees, if you run a business or lead a team — on how to recognize and avoid ransomware attacks.

By taking these precautions, you can reduce the risk of ransomware attacks and protect your files from being held hostage by hackers.

First, the bad news: Even if they receive the ransom payment, attackers might not provide the decryption key. Instead of paying, victims should report the ransomware attack to law enforcement in their area and seek help from a reputable cybersecurity professional. 

If you backed up your files, it may be possible to recover them or use specialized decryption tools on the encrypted versions — but there’s no guarantee. That's why it’s so important to take steps to prevent ransomware attacks in the first place.

Antivirus software can help prevent ransomware attacks by detecting and blocking known ransomware threats. However, ransomware is constantly evolving. New variants may be able to get in and cause damage before they’re detected by antivirus software. 

Some antivirus software includes specific features designed to protect against ransomware, such as behavior-based detection and ransomware-specific protection. Choose a reputable antivirus software and keep it updated to ensure the best possible protection against ransomware and other types of malware. And even better: Use antivirus software together with the other security measures we mentioned earlier. 

At N26, we take security seriously. Since 2016, we’ve been operating with a full German banking license, which means that your funds are protected up to €100,000 by the German Deposit Protection Scheme. 

If you’re worried your card has been compromised or you spot a transaction on your account that you don’t remember making, our N26 Customer Support team is here to help, seven days a week. Simply get in touch through the chat function in your N26 app or the N26 WebApp. Want to learn more about staying safe online? Check out our online security guide for handy tips to protect yourself and your money from scams.