May 10, 2019
What is Ransomware?
Ransom malware, more commonly known as ransomware, is software designed to block users from accessing their computer system or personal files. While some types of ransomware can be easy to reverse, more advanced attacks will encrypt the victim’s files, making the data inaccessible without a decryption key. These advanced attacks are called cryptoviral extortion, which means the files will remain encrypted until the victim pays a ransom. Modern attacks often require victims to pay the ransom via cryptocurrency.
Who Does Ransomware Target?
Unlike kidnappings in the physical world, ransomware attacks are rarely directed to a specific user with deep pockets. Rather, they use a shotgun approach of trying many targets in the hopes that a small percentage are hit and charge a ransom that is not exorbitant to a single victim (yet totals prove quite profitable). They do, however, tend to target industries that are overtly vulnerable like higher education, healthcare, government, and law firms.
How Does Ransomware Gain Access?
In many cases, like the well-known Petya, WannaCry, or Locky, the malware enters by means of a phishing scam.
For example, a person inside a company receives an email from a job applicant with a file attached. The file’s name is some variant of “resume,” often with “pdf” within the filename, but it is actually an executable file. When the recipients of the email click the file, they must agree to the Windows User Account Control warning.
For those who allow the control, the infection begins.
What Does Ransomware Do to Systems?
Different variants of ransomware, like CryptoWall or TeslaCrypt, work a little differently, but in general terms, Petya has been coined “the next step in ransomware evolution” due to its three-stage functionality.
Petya doesn’t encrypt specific files, unlike some ransomware. Instead, it overwrites the master boot record to encrypt the master file table. So while the files themselves aren’t harmed, the system doesn’t know how to find the files.
There is an in-depth resource about how different ransomware strains act by the Infosec Institute, but the general methodology is that they encrypt files or systems and then prompt the user to pay a ransom in order to decrypt.
Why Do Hackers Use Ransomware?
Ransomware is code that is relatively unsophisticated, so it isn’t hard to come by and generates huge returns. Statistically, a business falls victim to some form of ransomware every 14 seconds and in 2019, ransomware is expected to cost $11.5 billion. Most of the ransoms that are paid through an untraceable cryptocurrency.
“Ransomware is a game changer in the world of cybercrime,” says Marc Goodman, author of the New York Times best-selling book Future Crimes, founder of the Future Crimes Institute and the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. “It allows criminals to fully automate their attacks. Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organized crime syndicates.”
Bottom Line: A Good Defense Is the Best Offense
Law enforcement suggests never to pay ransomware perpetrators as to not encourage them. TrendMicro’s research found that business people agree in principle: 66 percent said they would never pay a ransom. The same research, however, also found that when push comes to shove, 65 percent of companies attacked by ransomware actually do pay the ransom.
Experts agree that the best way to fight ransomware is by protecting your files and systems and preventing the ransomware from claiming your company as its victim. This is done with a multilayered approach:
- Use a good quality antivirus program, and patch and update operating systems regularly
- Educate your users about ransomware and how to detect phishing and social engineering schemes
- Back up files often -- and automatically. While the backup does not prevent infiltration, it does give you an out -- instead of paying the ransom, you can restore to your pre-attack status
While ransomware is on the decline, it is still a risk for business, and one that -- with adequate protection -- can be easily averted.