Ransomware has proven to be a major problem for companies both large and small. It can attack your data in a multitude of ways and bring your business operation to a complete halt.
In many instances it can cost hundreds of thousands or millions of dollars to regain access and use of the pirated information.
According to the Chainanalysis 2021 Crypto Crime Report, the total amount paid by ransomware victims increased by 311% in 2020 to reach nearly $350 million worth of cryptocurrency, (the most popular form of payment) and the problem will continue to grow.
Overall the best defense against a ransomware attack is a good offense. Understanding the various forms of ransomware can help a company prepare for an intrusion. Here are some tips to help deal with any type of cybercriminal.
First, for those unfamiliar with ransomware, it is a virus that silently encrypts the user's data on their computer. It can infiltrate your system and deny access to key information, impeding or shutting down all business activity.
Once the intruder has stolen and encrypted the data, a message can appear demanding an amount of money be paid to regain access to the information. The victim has only a set amount of time to pay the cybercriminal. If the deadline passes the ransom can increase.
Some types of ransomware have the ability to search for other computers on the same network to infect. Others infect their hosts with more malware, which could lead to stealing login credentials. This is especially dangerous for sensitive information, such as the passwords for banking and financial accounts.
The two main types of ransomware are called Crypto ransomware and Locker ransomware. Crypto ransomware encrypts various files on a computer so the user cannot access them. Locker ransomware does not encrypt files. Rather, it "locks" the victim out of their device, preventing them from using it. Once it prevents access, it prompts the victim to pay money to unlock their device.
Many well-known cyberattacks with ransomware have occurred during the past few years. These include...
"WannaCry" in 2017. It spread throughout 150 countries including the United Kingdom. It was designed to manipulate a Windows vulnerability. By May of that year, it had infected over 100,000 computers.
The WannaCry attack affected many UK hospital trusts, costing the NHS about £92 million. Users were locked out and a ransom in the form of Bitcoin was demanded. The attack exposed the problematic use of outdated systems. The cyberattack caused worldwide financial losses of about $4 billion.
Ryuk is a ransomware attack that spread in the middle of 2018. It disabled the Windows System Restore option on PC computers. Without a backup, it was impossible to restore the files that were encrypted. It also encrypted network drives. Many of the organizations targeted were in the United States. The demanded ransoms were paid, and the estimated loss is at $640,000.
KeRanger is thought to be the first ransomware attack to successfully infect Mac computers, which operate on the OSX platform. It was put into an installer of an open source BitTorrent client, also known as Transmission. When users downloaded the infected installer, their devices became infected with the ransomware. The virus sits idle for three days and then encrypts roughly 300 different types of files. Next, it downloads a file that includes a ransom, demanding one Bitcoin and providing instructions on how to pay the ransom. After the ransom is paid, the victim's files are decrypted.
As ransomware becomes increasingly complex, the methods used to spread it also becomes more sophisticated. Examples include:
Pay-per-install. This targets devices that have already been compromised and could easily be infected by ransomware.
Drive-by downloads. This ransomware is installed when a victim unknowingly visits a compromised website.
Links in emails or social media messages. This method is the most common. Malicious links are sent in emails or online messages for victims to click on.
Cybersecurity experts agree, if you are the victim of a ransomware attack, do not pay the ransom. Cybercriminals could still keep your data encrypted, even after the payment, and demand more money later.
Instead back-up all data to an external drive or the cloud so it can easily be restored. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for these types of circumstances.
Managed Service Providers can perform a risk analysis without cost and determine a company's safety risks.
Understanding the vulnerabilities for a possible intrusion, and preparing in advance to defeat them, is the best way to stop a cyber thief from wreaking havoc on your company.