All you need to know about ransomware

One of the biggest issues in cybersecurity today is ransomware. This nasty type of malware denies victims access to their network – usually by encrypting their files – unless a ransom is paid. The target’s operational capacities are disabled until they pay up, and even then, it’s not guaranteed that hackers will provide the needed decryption key and restore system functionality.

Devastatingly effective and ever-evolving, ransomware has proliferated in recent years, as sophisticated cybercriminals spawn new strains and strategies of invasion. Annual global damage from ransomware is projected to cost companies more than $20 billion by 2021, 57 times the amount in 2015, making it the fastest-growing form of cybercrime.

First emerging around 2005 as a subcategory of scareware, early ransomware was rudimentary and unprofitable without a suitable payment system. It remained relatively impotent and under control until 2012, when Bitcoin changed the game, providing precisely the monetary exchange apparatus hackers needed – anonymous, universal and outside traditional financial institutions – to extract real ransoms.

How ransomware works

There are numerous forms of ransomware and myriad ways it can infiltrate a system. The most common types include:

• Crypto malware, an infamously harmful version encrypts data and files, making them inaccessible.
• Scareware, bogus software which claims to detect a computer issue and then prompts users to enable settings that invite in malware.
• Lockers, which shut users out of their system, usually displaying a lock screen with a payment demand.
• Doxware, or leakware, which threatens to make public individuals’ or businesses’ private information.

Most often, ransomware enters a system via email phishing spam. The victim opens a malicious attachment or clicks on a link to a dangerous website, the ransomware corrupts the computer and then spreads through the network. Criminals also use exploit kits to manipulate security weaknesses, like the notorious WannaCry Microsoft exploit. Once in the system, ransomware typically blocks hard drive access or encrypts computer files, rendering them unreadable without the hacker’s key, which requires payment.

Any ransom is often demanded in cryptocurrency because it’s anonymous and untraceable. In general, the amount is high enough to be worth the attacker’s time but not so much that victims are unwilling to pay it. There’s no guarantee that coughing up the ransom will return system access, and those who pay out of fear or desperation are frequently retargeted.

The impact of ransomware

Ransomware danger is near-constant, with estimates that businesses incur breaches every 14 seconds – predicted to be every 11 seconds by 2021. That doesn’t even include the more-frequent cyber attacks on individuals, which will also increase as the world’s online population grows. On both a macro and micro level, ransomware is a major problem, resulting in an estimated $5 billion in losses in 2017 and robbing companies of not only revenue, but also reputation, operations, information and customer trust.

Certainly, all companies are at risk of ransomware. Criminals have recently progressed from a “spray and pray” approach – lots of attacks against small targets – to “big game hunting,” focusing on fewer victims that have unique vulnerabilities and can pay more, like medical companies and universities. However, small and medium-sized organizations, which generally have fewer resources to spend on cyber defense and thus less protection, suffer greater impact.

Interestingly, global malware attacks have declined overall in the past year, but ransomware specifically has spiked, up 15% by mid-2019 and up 20% through the first half of 2020. As more businesses work remotely and employees access company networks on their personal devices from home, where there are fewer levels of protection than in an office, experts see a correlation between COVID-19 and ransomware infections. It seems the coronavirus pandemic is exacerbating the ransomware epidemic.

Protecting against ransomware

Once your computer has been hit with ransomware, it’s usually too late to recover your data. Even if you back up files or pay the ransom – and in most cases, law enforcement officials recommend against paying it – your network has already been exposed, your customers compromised and your business endangered.

Most often ransomware exploits the human element of a company’s cybersecurity system, meaning education and training are crucial. An organizational mindset is as important as monitoring tools when it comes to cybersecurity and keeping your company safe.

Here are some best practices to protect against ransomware:

• Train personnel on cybersecurity procedures: Your employees are the first line of defense and most vulnerable to attack. Teach them basic hygiene, like strong password protection and a secure Wi-Fi connection, knowledge of ransomware trends and constant vigilance against phishing by avoiding unverified links and not opening untrusted email attachments.
• Keep operating systems and other software updated: Criminals are always trying to exploit programming holes and backdoors; fortify your cyber defenses by patching software and keeping systems up to date so they can recognize malware.
• Use additional solutions to prevent unknown dangers: Traditional antivirus software may detect known ransomware, but it can fail to work against new threats. Use firewalls, endpoint protection, penetration testing, whitelisting and other types of cybersecurity.
• Monitor for malicious activity and have a security strategy: Keep up with the latest intelligence to understand how best to respond to a threat, and use endpoint detection to identify indicators of cyber attack.
• Back up files: The simplest thing you can do is run backups automatically and often to mitigate the damage of a breach.

A continued threat

Since the earth-shattering CryptoLocker trojan horse in 2013 showed its enormous potential, ransomware has evolved from petty theft to global enterprise. Its growth is driven by increasingly savvy cybercriminals, exploiting still-alarmingly unprepared companies.

A single ransomware infection can spread from one computer through an organization’s network and overwhelm the entire system. This can handicap your business and result in costs far beyond the ransom, including lost data, time, productivity and brand strength.

If you can’t or don’t want to build your own protection capabilities, you need to hire the expertise of a trusted IT services provider. Utilizing an educational framework that explains the cybersecurity environment so you understand it, Calance offers a robust range of managed defense systems and solutions, which can help identify threats and shield your company from the crippling consequences of ransomware attack.