Ransomware has proven to be a major problem for both large and small companies. It can attack your data in various ways and stop your business operations completely.
In many cases, restoring access to and use of pirated information can cost hundreds of thousands or even millions of dollars.
According to the Chainanalysis 2021 Crypto Crime Report, the total amount paid to ransomware victims increased by 311% in 2020 to nearly $350 million worth of cryptocurrency, (the most popular form of payment) and the problem will continue to grow.
Overall the best defense against a ransomware attack is a good offense. Understanding the different forms of ransomware can help a company prepare for an intrusion. Here are some tips to deal with any type of cyber crime.
First, for those unfamiliar with ransomware, it is a virus that silently encrypts a user’s data on their computer. It can infiltrate your system and deny access to key information, interrupting or stopping all business activity.
Once the intruder steals and encrypts the data, a message may appear demanding payment of an amount to regain access to the data. The victim has only a certain amount of time to pay the cybercriminal. Ransom may increase after the deadline.
Some types of ransomware have the ability to search for other computers on the same network to infect. Others infect their hosts with more malware, which can steal login credentials. This is especially dangerous for sensitive information, such as passwords to banking and financial accounts
The two main types of ransomware are called crypto ransomware and locker ransomware. Crypto ransomware encrypts various files on the computer so that the user cannot access them. Locker ransomware does not encrypt files. Rather, it “locks” the victim out of their device, preventing them from using it. Once it blocks access, it prompts the victim to pay to unlock their device.
There have been many well-known cyber attacks including ransomware in the last few years. This includes…
“WannaCry” in 2017. It spread to 150 countries including the UK. It was designed to manipulate a Windows vulnerability. By May of that year, it had infected more than 100,000 computers.
The WannaCry attack affected many UK hospital trusts, costing the NHS around £92 million. Users were locked out and ransom was demanded in the form of Bitcoins. The attack exposed the problematic use of the old system. Cyber attacks have caused financial losses of around $4 billion worldwide.
Ryuk is a ransomware attack that spread in mid-2018. This disables the Windows System Restore option on the PC computer. Without a backup, recovering the encrypted files was impossible It also encrypts network drives. Many of the companies targeted were in the United States. The ransom demanded has been paid, and the estimated damages are $640,000.
KeRanger is believed to be the first ransomware attack to successfully infect Mac computers running on the OSX platform. It was put into an installer of an open source BitTorrent client, also known as Transmission. When users download the infected installer, their devices are infected with ransomware. The virus remains inactive for three days and then encrypts about 300 different types of files. After that, it downloads a file with a ransom, demands a bitcoin and provides instructions on how to pay the ransom. After paying the ransom, the victim’s files are decrypted.
As ransomware becomes increasingly sophisticated, the methods used to spread it also become more sophisticated. Examples include:
Pay-per-install. It targets devices that are already compromised and can easily be infected by ransomware.
Drive-by download. This ransomware is installed when a victim unknowingly visits a compromised website.
Links to email or social media messages. This method is the most common. Malicious links are sent in emails or online messages so they can be clicked.
Cybersecurity experts agree, if you’re the victim of a ransomware attack, don’t pay the ransom. Cybercriminals can encrypt your data even after payment and demand more money later.
Instead back-up all data to an external drive or the cloud so it can be easily restored. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for such situations.
Managed service providers can conduct a risk analysis at no cost and determine a company’s security risks.
Understanding the vulnerabilities to a potential intrusion, and preparing in advance to overcome them, is the best way to stop a cyber thief from wreaking havoc on your company.