A new study published in the American Journal of Preventive Medicine shows that a patient can be infected with ransomware by only touching the infected device, rather than touching any files.
The researchers at the University of Rochester School of Medicine say they used data collected by the University’s Medical Computing and Analytics Center (MCACC) to show that a malicious individual who infects an infected PC by clicking a link on a malicious website or by using a Trojan virus is able to encrypt and install a ransomware attack on the victim computer.
Ransomware is the type of malicious software that encrypts data, encrypts files, and locks a device in place.
This type of ransomware attacks target businesses and individuals with a financial or legal loss and makes it more difficult for law enforcement to identify the individual.
In this case, the researchers say the ransomware is based on an older version of the CryptoLocker ransomware that had been released in 2017, and it was a direct result of a ransomware campaign targeting businesses and institutions.
The study authors say that because it has become more prevalent, the prevalence of ransomware in general is increasing.
“Our data indicates that a large number of people, especially young people, have been infected with this type of malware,” said Dr. David B. Boudreaux, a professor in the School of Public Health at the Rochester Institute of Technology.
The authors suggest that the rise of ransomware infections can be attributed to a variety of factors, including a lack of encryption and the popularity of new types of ransomware.
“We believe the main reason is that people are using devices they don’t know how to use,” said Boudres.
The report notes that a ransomware infection can take many forms.
It can result in data loss, for example, by not properly encrypting a computer’s hard drive or by not locking the device down.
A ransomware attack can also require a person to pay a ransom to unlock the data, making it easier for criminals to spread the malware.
Roughly half of the victims infected in the study were under the age of 35.
While this study shows that ransomware can be transmitted via the Internet and via touch, the authors suggest other types of malware can also be transmitted from an infected device.
“These types of attacks may have originated on the Internet, but can also have been delivered via an infected USB drive, USB stick, or any other device that is connected to the Internet,” said study co-author Dr. Christopher D. Zweig.
The most common types of infected PCs included laptops, smartphones, and tablets.
Ransomware infection is often spread via email attachments or a file or file manager app, and can be triggered by ransomware threats that use an exploit to infect a targeted machine.
Researchers say that the findings highlight the need to educate consumers about the risks of using these types of devices.
“The best defense against ransomware is to be proactive,” said Zweigs co-investigator Dr. William P. Rieger.
“We need to be smarter about using our devices, using anti-malware software and better identifying our infected devices and devices we should be careful with.”
The researchers suggest that consumers who are worried about ransomware should first investigate the virus or malware infection by looking for the presence of the ransomware virus or other malware on their computer.
Follow us on Twitter @TechRadar for the latest in cyber security news.
Follow the author @davidfoss.
More from TechRadars: