Ransomware has proven to be a major problem for businesses, both large and small. It can attack your data in many ways and bring your business operation to a complete halt.
In many cases, regaining access to and use of hacked information can cost millions of thousands or millions of dollars.
According to Chainanalysis Cryptocrime Report 2021, the total amount paid by ransomware victims increased by 311% in 2020 to reach almost $350 million in cryptocurrencies (the most popular form of payment) and the problem will continue to grow.
In general, the best defense against a ransomware attack is a good attack. Understanding the various forms of ransomware can help a business prepare for an intrusion. Here are some tips to help you deal with any type of cyber criminal.
First, for those who are not familiar with ransomware, it is a virus that silently encrypts user data on your computer. It can infiltrate your system and deny access to key information, preventing or shutting down all trading activity.
Once the intruder has stolen and encrypted the data, a message may appear demanding payment of an amount of money to regain access to the information. The victim only has a certain amount of time to pay the cyber criminal. If the deadline passes, the ransom may increase.
Some types of ransomware have the ability to seek out other computers on the same network in order to infect them. Others infect their hosts with more malware, which could lead to the theft of login credentials. This is especially dangerous for sensitive information, such as passwords to bank and financial accounts.
The two main types of ransomware are called Crypto ransomware and Locker ransomware. Crypto ransomware encrypts various files on a computer so that they cannot be accessed by the user. Locker ransomware does not encrypt files. Rather, it “locks” the victim out of their device, preventing them from using it. Once it prevents access, it asks the victim to pay money to unlock their device.
Many well-known cyberattacks with ransomware have occurred during the last few years. These include…
“WannaCry” in 2017. It spread to 150 countries, including the UK. It was designed to manipulate a Windows vulnerability. By May of that year, it had infected more than 100,000 computers.
The WannaCry attack affected many UK hospitals and cost the NHS around £92 million. Users were blocked and a ransom in the form of Bitcoin was demanded. The attack exposed the problematic use of outdated systems. The cyber attack caused worldwide financial losses of around $4 billion.
Ryuk is a ransomware attack that spread in the middle of 2018. It disabled the Windows System Restore option on PC computers. Without a backup, it was impossible to restore files that were encrypted. It also encrypted network drives. Many of the organizations targeted were in the United States. Demanded ransoms have been paid and the estimated loss is $640,000.
KeRanger is believed to be the first ransomware attack to successfully infect Mac computers, running on the OSX platform. It was placed in an open source BitTorrent client installer, also known as Transmission. When users downloaded the infected installer, their devices got infected with the ransomware. The virus lies dormant for three days and then encrypts approximately 300 different types of files. It then downloads a file that includes a ransom, demands Bitcoin, and provides instructions on how to pay the ransom. After paying the ransom, the victim’s files are decrypted.
As ransomware becomes more complex, the methods used to spread it also become more sophisticated. Examples include:
Payment for installation. This targets devices that have already been compromised and could easily be infected with ransomware.
unauthorized downloads. This ransomware is installed when a victim unknowingly visits a compromised website.
Links in emails or social media posts. This method is the most common. Malicious links are sent in emails or online messages for victims to click on.
Cybersecurity experts agree, if you fall victim to a ransomware attack, don’t pay the ransom. Cybercriminals could still keep your data encrypted, even after payment, and demand more money later.
Instead, back up all data to an external drive or the cloud so it can be easily restored. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for this type of circumstance.
Managed service providers can perform a risk analysis at no cost and determine a company’s security risks.
Understanding the vulnerabilities of a potential intrusion and preparing ahead of time to defeat them is the best way to prevent a cyber thief from wreaking havoc on your business.