BIRMINGHAM, Ala. (WIAT) — Ransomware attacks, like the one that forced the Colonial Pipeline’s recent shutdown, are becoming more common, and larger entities are more often the target. That’s according to computer experts who say they’re seeing an evolution in hackers’ strategies.

Ransomware works by giving hackers access to a person’s computer, usually through an email. When the target clicks on a link or downloads an attachment in the email, the hacker gains access to the their computer. The hacker then encrypts files to prevent the owner from accessing them and demands money to unlock the files, often threatening to publish sensitive information if payment is refused.

“It’s a very nefarious type of attack that causes all sorts of problems with whoever gets attacked,” said Greg Kawell, assistant professor of computer science at Samford University.

Ransomware attacks on individuals and smaller companies were once the most common targets of hackers. Now, they are targeting larger organizations and even some cities.

“Unlike the past where to rob a bank, make millions, you would have to physically go there and rob a bank and be subject to police and all these things,” said Ragib Hasan, an associate professor of computer science at UAB. “But now, criminals have figured out they don’t have to do that. They can just target large organizations and target their most vulnerable thing – that is data – and then they can take over their computers and hold that at ransom.”

According to the FBI, a group called DarkSide was responsible for the Colonial Pipeline attack. It is not clear whether they carried it out themselves or if they provided the tools for someone else. Either way, it underscores the importance of being careful on the Internet.

“Most people don’t realize that there is a whole dark side of the web that has stores that you can go to to buy people’s personal identification information,” Kawell said. “There’s place you can go to to say, ‘Hey, I would like a ransomware attack against Company X. How much do I have to pay you to do that?'”

Caution is the key to safety, according to both Kawell and Hasan. It’s crucial to ask questions about anything that seems unusual in emails.

“Is it coming really from my friend or my coworker, or is it a cleverly designed ransomware attack, where it’s an attachment, and if you click on that my system will be infected?” Hasan said.

Hasan also recommended backing up one’s computer by saving files on an external hard drive. Kawell said online storage options, like Apple’s iCloud, Google Drive, or Microsoft OneDrive, are also good.