The modern ransomware age began with CryptoLocker in the year 2013. In the upcoming years, it is expected that attackers will go one step ahead to become business-minded and increasingly sophisticated - causing an increased threat to organizations. According to FBI estimates, the loss incurred as a result of ransomware in the year 2016 was around $1 billion. Data was hacked, and computers were locked up, holding crucial information in exchange for a ransom. Unfortunately, dozens of countries and thousands of businesses were attacked in this cyber-extortion including government agencies, hospitals, and industry giants.
Ransomware: Definition and Concept
Ransomware is the type of malicious software that infiltrates computers and other devices to capture crucial data. The owners of the data are locked out while the data itself is used to threaten and demand money to provide the access back. The victim is pressurized to make payments to the attacker by a mere promise to restore the access to the data. To get the decryption key back, victims pay the ransom according to the instructions of the attacker
Depending on the type and importance of the data, the ransom cost can be anything from a few hundred dollars to millions. Usually, the payment is made in the form of Bitcoin.
How Does It Work
There are various ways through which an attacker can access a computer. The phishing scam is the most common delivery system used by cybercriminals. They send attachments in an email, masking it as a trustable file to encourage them to open or download it. Once the action is taken, the attackers get instant access to the victim's computer. Then there are more dangerous and aggressive types of ransomware, such as NotPetya, which exploit and enter through the information security gaps to take over computers and restrict access. In such a case, the cybercriminals do not have to trick users into opening a file or allowing administrative access.
With access to the computer, there are many things attackers can do. However, the focus is on encrypting the important data and files that are valuable to the user. The attackers lock the user out of the system, and the files cannot be decrypted without the decryption key that only the attacker knows about. The victim then receives a message from the attacker explaining what happened to the files, why they are inaccessible, and how only a ransom payment through untraceable Bitcoin can help them recover access.
Sometimes, the attacker may even present himself/herself as a law enforcement agency, claiming to shut down the computer or lock files due to the presence of pirated software and pornography on it. They ask for the ransom as a fine to avoid reporting the attack to authorities.
Another variation of ransomware is doxware or leakware. Usually, this involves sensitive information that's worth a lot of money to the organization. The attacker threatens to leak or publicize sensitive data unless the user agrees to pay the ransom. But since identifying and extracting such information can be quite tricky for a random attacker, most stick to the encryption ransomware to make easy money.
Common Ransomware Targets
Attackers also do their homework and choose the company they want to target for ransomware. In some cases, it's a random pick and a matter of opportunity. Universities and hospitals are at risk because their information security measures are not considered strong enough. Moreover, they also tend to have disparate users, who may open random files without a check. This makes penetrating in their systems easier.
Similarly, some organizations seem easy targets as they are likely to pay money more quickly. Medical facilities and government agencies have data with sensitive information, and they immediately want to restore access to their files. Other organizations, such as law firms, may also be willing to pay without even reporting to the authorities to keep the news of compromising with cybercriminals a secret. Such organizations appear more tempting when attackers are choosing their targets. However, any organization with weak security measures can fit into the vulnerable category. It has been noted that some ransomware spreads indiscriminately and automatically across the internet.
The Ideal Preventative Measures
In addition to strengthening your information security system through data security training, an organization must take various defensive measures to prevent becoming a victim of ransomware infection.
The following are a few general security practices that could offer great results as far as improving your defenses is concerned.
- Stay up to date with your operating system and keep it patched. This is to ensure you have fewer security gaps and vulnerabilities to exploit.
- Do not open, download, or allow any administrative privileges on software unless you can recognize it.
- Install a strong and reliable antivirus software to detect malicious programs - including ransomware as you receive one on your computer. Also, it is prudent to keep a whitelisting software on hand to prevent running any unauthorized application.
- Always back up your files. Automate the system and make sure it happens frequently. While this cannot stop the attack itself, it can make the damage less significant.
As mentioned earlier, a phishing attack is one of the most common methods cyber criminals use to get into your network. The idea is to trick the user into opening or downloading risky links. This is where security training comes in. An employee must be able to differentiate between the right and wrong emails to avoid ransomware to gain a foothold on the system. Providing the right training related to information security can reduce the threat of human error, which could directly lead to ransomware infection.
As cyber-attacks continue to become more modern and sophisticated, an organization needs to implement strong response and destructive tools to be more prepared to deal with the risks. Provide cyber security training and certifications, such as Certified Information Systems Security Officer, as well as CompTIA Advanced Security Practitioner, and take all the important measures to identify, prevent, and recover from ransomware.