Everything you need to know about Ransomware

Why just give your computer a virus when we can get money?

That is exactly what a hacker would ask. Whey just give you a computer virus when you can be held to pay a ransom? This is an overview of ransomware, including what it is, its history how it works to target businesses and how to protect against it.

What is Ransomware?

Before we get into everything you need to know about ransomware. We need to know what it is. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.  The attacker demands a payment from the victim and promises to release access to the data when payment is made.

There has been a huge increase in attacks. Also, attackers are targeting businesses. According to 71% of ransomware attacks targeted small businesses, and have increased by 130%. While in the previous year, California lost more than $214 million dollars through cybercrime, with Texas and Florida also losing more than $100 million dollars each.

Many forms of cybercrime or malicious software exist such as a virus, malware, rootkits, spyware, worm, and trojans. Here I am going to focus on what Ransomware is and how is it used as by an attacker.

According to the United States Cybersecurity and Infrastructure Security Agency (CISA) “Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.”

The first known ransomware attack occurred in 1989, but the real

Where did Ransomware come from?

The first known ransomware attack occurred in 1989 and is memorialized in Becker’s Hospital Review. That attack targeted the healthcare industry, and 30 years later, the healthcare industry remains a top target for ransomware attacks. The opportunity for attackers has increased with the ability to get paid but made it harder to track with the introduction of Bitcoin. This cryptocurrency allows attackers to collect money from victims without going through traditional banking or payment.

Ransomware is created by highly knowledgeable hackers, programmers, and scammers that are experts in computers. The term “ransomware” refers to the purpose of the software, which is to extort users or businesses for financial gain. The computer program is created to gain access to the files or operating system that it will hold ransom. The ransomware program gains access happens through infection or attack vectors.

How does ransomware work?

Phishing

The most common delivery system for ransomware is phishing. Often an email or attachment will arrive in your company or personal email. A phishing email will be masquerading as a legitimate email, possibly from Microsoft or your bank. It usually looks like a file or company you can trust. Phishing is so prevalent that Trend Micro list, 91% of cyberattacks, and the resulting data breaches begin with a phishing email.

Once a link has been clicked or an attachment has been opened, the malware can then gain access over a victim’s computer or multiple computers and devices. The ransomware then encrypts the user’s files. When this happens, the files are then held for ransom by the attacker. The attacker holds the mathematical key to unlock the files.

Can you take Google’s phishing test Google’s phishing test and score a perfect 8 out of 8?

Doxware

Doxware is a similar scenario to ransomware, except an attacker will threaten to release sensitive files of the victim’s unless a ransom is paid. There is not much that can be done apart from paying up if you do not want your data to be public.

How costly is ransomware?

After analyzing 3,300 incidents involving its clients in 2018 Beazley Breach Response Services found that ransomware attacks that targeted small businesses (SMB), with an average ransom demand of $116,324 and a median of $10,310. If the ransom was not expensive enough there are often other large costs associated with ransomware that include:

  • Damage and destruction of data, and/or hardware
  • Lost of income for businesses due to disruption during and after the attack
  • Data Recovery Services
  • Additional I.T. (Information Technology) Costs (overtime, additional personnel, security enhancements)
  • Cyber Security Forensics & Investigation Services for a data breach
  • Restoration and deletion of hostage data and systems
  • Reputation Management
  • Employee training to advert future attacks

The average total estimated business cost of a ransomware attack, including ransom, work-loss, and the cost of time spent responding is more than $900,000.

To pay or not to pay

Most experts urge you not to pay the ransom as paying it funds future ransomware attacks. Last year 45% of companies hit with ransomware paid their attackers, but only 26% had their data unlocked. But why?!

While refusing to pay for your data is the best practice it may not be possible.  Many businesses do choose to pay when they do not have proper backups. If a business will shut down permanently or lose access data that is required for daily operations or because of regulations, businesses tend to pay the ransom.

In some ransomware cases, the ransom is strategically calculated so it is cost-effective enough for the victim to pay. Yet, the ransom is set below the price the cost to reconstruct the encrypted data.

What if you’re infected by ransomware?

If you are infected by ransomware, you should notify the employee in charge of your security immediately. If your company does not have an employee in charge of your security or you are a home user you should immediately disconnect your computer from the network, and disconnect any external drives (hard drives or USB drives) and contact an expert on security solutions and data recovery.

How do you protect against ransomware?

  • Proper Backups: Having frequent tested, scheduled backups that follow the 3-2-1 rule is one of the strongest defenses against ransomware. If all your data can be restored to a recent time, then there is no need in most cases to pay a ransom.
  • Employee Training: When answering emails, phone calls, text messages they should know not to give out any personal information. Phishers can try and trick employees into installing malware or gain intelligence by claiming they are someone from your IT department. Also, they should be able to identify phishing emails.
  • Secure Systems: Keeping computers, operating systems, NAS, anti-virus, Office, and all software up to date. Keeping systems and software updated include patches to make the software more secure against known threats. Every company should have an I.T employee or contractor in charge of security and updates for the software.
  • Access Restrictions, Credential, and Reporting/Tracking and: Limitations and security practices should be employed on employees with devices that contain company files. They should also have limitations and security restrictions for devices attached to company networks that could be made vulnerable or infected. Proper reporting and tracking should also be implements
  • Enhance phishing and malware protection: Phishing and malware protection incoming mail against phishing and malware should be set up on your email. Additionally, protection against spoofing a domain name, employee names, email impersonating your domain, and unauthenticated email from any domain should be set up.