Ransomware has proven to be a major problem for companies both large and small. It can attack your data in a multitude of ways and bring your business operation to a complete halt.
In many instances it can cost hundreds of thousands or millions of dollars to regain access and use of the pirated information.
According to the Chain analysis 2021 Crypto Crime Report, the total amount paid by ransom ware victims increased by 311% in 2020 to reach nearly $350 million worth of crypto currency, (the most popular form of payment) and the problem will continue to grow.
Overall the best defense against a ransom ware attack is a good offense. Understanding the various forms of ransom ware can help a company prepare for an intrusion. Here are some tips to help deal with any type of cybercriminal.
First, for those unfamiliar with ransom ware, it is a virus that silently encrypts the user’s data on their computer. It can infiltrate your system and deny access to key information, impeding or shutting down all business activity.
Once the intruder has stolen and encrypted the data, a message can appear demanding an amount of money be paid to regain access to the information. The victim has only a set amount of time to pay the cybercriminal. If the deadline passes the ransom can increase.
Some types of ransom ware have the ability to search for other computers on the same network to infect. Others infect their hosts with more malware, which could lead to stealing login credentials. This is especially dangerous for sensitive information, such as the passwords for banking and financial accounts.
The two main types of ransom ware are called Crypto ransom ware and Locker ransom ware. Crypto ransom ware encrypts various files on a computer so the user cannot access them. Locker ransom ware does not encrypt files. Rather, it “locks” the victim out of their device, preventing them from using it. Once it prevents access, it prompts the victim to pay money to unlock their device.
Many well-known cyber attacks with ransom ware have occurred during the past few years. These include…
“WannaCry” in 2017. It spread throughout 150 countries including the United Kingdom. It was designed to manipulate a Windows vulnerability. By May of that year, it had infected over 100,000 computers.
The WannaCry attack affected many UK hospital trusts, costing the NHS about £92 million. Users were locked out and a ransom in the form of Bit coin was demanded. The attack exposed the problematic use of outdated systems. The cyber attack caused worldwide financial losses of about $4 billion.
Ryuk is a ransom ware attack that spread in the middle of 2018. It disabled the Windows System Restore option on PC computers. Without a backup, it was impossible to restore the files that were encrypted. It also encrypted network drives. Many of the organizations targeted were in the United States. The demanded ransoms were paid, and the estimated loss is at $640,000.
KeRanger is thought to be the first ransom ware attack to successfully infect Mac computers, which operate on the OSX platform. It was put into an installer of an open source Bit Torrent client, also known as Transmission. When users downloaded the infected installer, their devices became infected with the ransom ware. The virus sits idle for three days and then encrypts roughly 300 different types of files. Next, it downloads a file that includes a ransom, demanding one Bit coin and providing instructions on how to pay the ransom. After the ransom is paid, the victim’s files are decrypted.
As ransom ware becomes increasingly complex, the methods used to spread it also becomes more sophisticated. Examples include:
Pay-per-install. This targets devices that have already been compromised and could easily be infected by ransom ware.
Drive-by downloads. This ransom ware is installed when a victim unknowingly visits a compromised website.
Links in emails or social media messages. This method is the most common. Malicious links are sent in emails or online messages for victims to click on.
Cyber security experts agree, if you are the victim of a ransom ware attack, do not pay the ransom. Cybercriminals could still keep your data encrypted, even after the payment, and demand more money later.
Instead back-up all data to an external drive or the cloud so it can easily be restored. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for these types of circumstances.
Managed Service Providers can perform a risk analysis without cost and determine a company’s safety risks.
Understanding the vulnerabilities for a possible intrusion, and preparing in advance to defeat them, is the best way to stop a cyber thief from wreaking havoc on your company.