Although they have been around since as early as 1989, ransomware attacks have gained traction in the last years, causing great financial harm to both companies and people. But what makes this threat so special? Well, the term “ransom” must ring a bell as to what it might entail. So keep reading to find out everything you need to know about ransomware.
What is Ransomware?
Ransomware is a special and hazardous form of malware from cryptovirology, capable of causing great financial damage to victims. Hackers use this extortion software to encrypt your data, denying you access to your files or to your entire computer and provide you the decrypting key only in exchange for a ransom ranging from a few hundred to thousands of dollars.
Usually, the payments to cybercriminals are made through anonymous and untraceable methods, such as Bitcoin.
Ransomware is constantly being written and modified by its developers to avoid being detected by typical antivirus programs based on its signature.
What types of Ransomware are there?
Depending on the type of virus used, there are two main categories of ransomware:
Locker Ransomware – it affects basic computer functions – this kind of attack locks down the entire device instead of encrypting files. It usually allows the user to boot up the computer.
Crypto Ransomware – it encrypts individual files – one of the most recent forms of malware that restricts the victim’s access to files stored on their computer. It displays an alert demanding the victim to pay a certain amount of money to regain access to their files.
How does Ransomware infect a device, and what does it do?
There are a number of ways in which a computer can be infected by this kind of malware, but by far the most common one is phishing spam – it works by downloading the malicious software disguised as an apparently trustworthy and safe email attachment.
Once it’s been downloaded and opened, the malware takes over the victim’s computer, using social engineering tools that trick users into granting administrative access or exploit security weaknesses without needing human interaction.
The malware may act in several ways after infecting a computer. The most frequent one is to partially or completely encrypt the user’s files. Then, a mathematical key from the attacker is needed to decrypt the files.
In some cases, cybercriminals might pretend to be a law enforcement authority, blocking the victim’s device due to the presence of illegally obained software or pornography, demanding them to pay a “fine”. They use this strategy to minimise the probability of the attack being reported.
Another variation of these attacks is leakware or doxware, in which the attacker uses extortion for financial gain, threatening to publish the victim’s sensitive data unless the illicit payment is made.
Who can be targetted by Ransomware attacks?
Cybercriminals choose their victims in several different ways. They often target large companies and organizations because they seem more likely to pay the ransom quickly, as they cannot afford to disrupt their operations.
This was the case of Colonial Pipeline on May 7th this year, the largest fuel provider in the U.S., which became a target of a massive ransomware attack and had to pay a $4.4 million ransom to the hackers.
Other tempting targets might be healthcare systems, government agencies, law firms, and other companies with sensitive data they need immediate and constant access to.
Attackers might choose their target based on opportunity as well. For instance, universities tend to have small security teams and cybercriminals can prey on their defense systems to gain access to large amounts of files.
But don’t feel safe if you don’t fall into one of the categories above just yet. Anyone can become a target for hackers, especially with the ever-increasing online activity.
What can you do to prevent a Ransomware attack?
The following simple steps will be helpful in keeping you, your files, your computer, or your business or organization out of harm’s way, improving your defense from all kinds of cyberattacks:
- Always keep your operating system up-to-date to avoid weaknesses that hackers can exploit.
- Never install software or give it administrative access unless you are 100% sure you know what it is and what it does.
- Choose the best antivirus for you or your company.
- Back up your files frequently and automatically. This won’t stop an attack from happening, but the damage it caused can be significantly reduced.
How much money is in Ransomware?
The market has expanded quickly from the beginning of the decade. In 2017, ransomware caused damages worth $5 billion, in terms of ransoms paid and recovery measures, an amount 15 times larger than the one reported in 2015.
Healthcare organizations seem to be the most frequent target, with up to 45% of ransomware attacks directed at them. Also, 90% of financial institutions were targets of ransomware attacks in 2017.
Remember, your antivirus software might not always protect you from becoming a victim of a ransomware attack, which is why you should always consider implementing Cybersecurity Awareness training for you and your employees.