What is a Ransomware Attack?
You hear the word ransom and your mind starts conjuring up images of a human hostage situation. But in the cyber world, ransom takes on a different meaning not because it doesn’t also demand a ransom fee to be paid, but because that fee is requested to release data rather than a person.
As the name suggests, ransomware is a type of malware (a malicious software) that encrypts data and demands a ransom be paid by the victim to retrieve access. The cost varies, ranging from hundreds to thousands of dollars, which cybercriminals request in Bitcoin or other cryptocurrency. Ransomware attacks can find their way to your device and data through malicious links sent via various means, including via emails or websites. They could lock you out of your devices and accounts entirely, or encrypt particular files only.
You may well have heard of it, you might even know someone who’s fallen victim. But how big is the threat of a ransomware attack? Firstly, Datto recognizes ransomware attacks as the most prominent malware threat. Beyond this, it’s predicted that ransomware costs are expected to reach $20 billion by 2021. That’s a staggering sum of money. What’s more, with downtime costs up by 200% year-over-year, the cost of the downtime itself is 23 times higher than the average ransom cost in 2019. So, forget the actual money requested by the cybercriminals - the biggest financial damage comes from the aftermath of their attack.
The message is clear: ransomware attacks are on the rise, costing businesses and individuals alike more to solve in both time and money. Keep reading to find out how you can protect yourself and your business.
A Brief History of Ransomware Attacks
The first ransomware went by the name of PC Cyborg or AIDS and was created in 1989 by a Harvard-educated biologist, David L. Popp. The victims, attendees of an AIDS conference organized by the World Health Organization, had files encrypted by what we know now to be simple encryption. The attackers demanded $189 be sent to them via mail.
Not much action occurred in the ransomware world over the following decade. Then, in the early noughties, the scene began to pick up pace. In 2004, GpCode used RSA encryption to hold files ransom. In 2005, ransomware action was reported in Russia. In 2007, a new type of ransomware attack made itself known: instead of encrypting files, it locked people out of their devices. The attackers, WinLock, replaced victims’ desktop backgrounds with pornographic images, and demanded a fee to be paid via SMS to restore the desktop back to its original state.
2012 saw the introduction of yet another type of ransomware: the law enforcement ransomware. While locked out of their desktop, victims would be shown what appeared to be an official page from an agency such as the FBI claiming that the user has committed a crime. This required the user to pay a hefty fine. In the third quarter of 2012, around 200,000 new ransomware was discovered internationally.
Then came the infamous CryptoLocker in 2013, which encrypted Windows on hundreds of thousands of computers and business systems. This time, military grade encryption was used to make the attack impossible to overcome without paying the ransom. Victims were tricked into opening emails from fake courier services, such as FedEx and UPS.
As ransomware technology has developed over the last three decades since its first creation in the late 1980s, its threat has risen too. In fact, 41% of all cybersecurity insurance claims stem from ransomware attacks. What’s more, the share of data breaches caused by malicious attacks is 52%. Within this, ransomware and destructive malware breaches cost more than the average malicious attack by $580,000 on average.
Money and downtime aren’t the only issues that have transpired from such attacks. In September 2020, German authorities opened a homicide investigation linked to a hospital ransomware attack. Network outages at the hospital due to the attack meant patients had to be redirected to other clinics. Unfortunately, an elderly woman with an aneurysm that required immediate care, died after being rerouted to another city. It’s thought to be the first death related to a ransomware attack.
Types of Ransomware Attacks
Generally, there are three main types of ransomware that face the cyber landscape: crypto, scareware and screen lockers. While crypto ransomware encrypts files, screen locker ransomware locks victims out of their devices. Crypto ransomware demands a fee be paid to decrypt the files and retrieve access for the victim, whereas screen locker ransomware demands a fee to unlock the device. Scareware sends victims a pop-up warning that malware was discovered on their device, and the only way to remove is to pay. In reality, this attack is little more than a brief ‘scare’. Often, if you ignore the pop-up the only consequence is being bombarded with more, not the encryption of your files.
There are other types too, but these are less common, such as doxware. Doxware, like traditional screen locking ransomware, takes a device hostage until the ransom has been paid. However, unlike traditional ransomware the attack is not that ‘simple’. Doxware also threatens the privacy of the stolen files with the threat of public release. This makes the temptation to not pay the ransom harder to ignore; who wants their most sensitive information being aired to the world? Oftentimes this can cause serious legal issues, cause damage to a business’s reputation or just be plain embarrassing.
More specifically than all of the above, there are many examples of ransomware that are in circulation today, most of which were released in the last five years.
Locky is designed to lock victims out of their device until ransom is paid. It began its circulation in 2016 via malicious links in emails and phishing campaigns disguised to look like invoices. If opened, the invoice disappears and requires macros to be enabled in order to be read. The victim may think they’re harmlessly enabling macros, but what they’re really doing is allowing Locky to encrypt their files using AES encryption.
CryptoLocker is often regarded as a game changer in the field of malware, marking the shift to ransomware as a popular form of cyber attack. CryptoLocker itself is a botnet that’s been around for decades, but it was only in 2013 that it was first used to conduct a ransomware attack. CryptoLocker is one of the strongest forms of ransomware, and malware in general, since it uses military grade encryption algorithms that makes it pretty much impossible to decrypt the infected devices or files without paying the fee.
Ironically, WannaCry was developed by the NSA before it was stolen by hackers to be used with malicious intent. Having infected 125,000 organizations in over 150 countries, this is the most famous ransomware in circulation. The NSA developed EternalBlue, which is what WannaCry uses to spread between devices.
This ransomware began in 2017 and spread predominantly amongst media companies across Eastern Europe and Asia. It’s rapid spread amongst media companies is due to the fact that it usually reaches devices through a fake Adobe Flash update found on compromised websites.
The cyberattackers behind this ransomware got very lucky. Back in 2016, they discovered a Microsoft vulnerability that enabled them to infect networks with their ransomware through targeting cloud-based Office 365 users. As you can imagine, that’s a lot of users. The victims racked up to millions and the attackers made hundreds of thousands of dollars in the first few months alone, making Cerber one of the most successful ransomwares out there.
Ways to Prevent A Ransomware Attack
Like nearly all other types of malicious cyberattacks, the best way to protect yourself is to prevent it from happening at all. Install strong cybersecurity, act with caution online (especially regarding unknown links and emails), and back-up your data regularly.
● Cybersecurity can protect you on many fronts, including from the threat of a ransomware attack. A trusted cybersecurity software installed on your device can block malware attacks, even those as advanced as ransomware attacks. In this particular case, it’s important that the software can both obstruct the ransomware itself as well as prevent the ability to hold files hostage should the ransomware get that far.
● Act cautiously. If you don’t know the source of an email, don’t trust it. Especially don’t click any links. Remember that official institutions have legitimate protocols for how they contact you, and most likely it isn’t via an unexpected email link or website pop-up. For example, the FBI wouldn’t lock you out of your desktop and demand a fine be paid via Bitcoin. Or, a cybersecurity software provider won’t send you a warning demanding payment if they’re: ○ Not installed or being paid by you for their services. In that case, they won’t be monitoring your device and any pop-up from them is likely scareware. ○ Already installed and being paid for by you. In that case, they won’t require any extra payments and any such demands are likely scareware.
Education is key here: if you keep yourself (and/or your employees) educated on how to detect all forms of malware attacks, including ransomware, that’s one of the best ways to prevent them.
● Back-up your data regularly. If you’re going to back it up, you might as well do it properly and use a cloud storage system that’s heavily encrypted. If you choose to use an external hard drive, however, you must ensure that you disconnect it from your device to avoid it also becoming infected with ransomware (which is possible as long as they’re connected).
● Update, update, update! Ensure all of your software and operating systems are updated. Patches are constantly being created to fix vulnerabilities in the security of previous updates, and these could be the key to protecting your data. Let the WannaCry ransomware scandal of 2017 teach you this, since the attack took advantage of a vulnerability in Microsoft software. The vulnerability had been addressed by Microsoft, but many people didn’t install the update. You get the point. Allowing your devices to update automatically is one easy step closer to protection, without needing to remember to do anything yourself.
● Only use apps that you know and trust. Sometimes, ransomware can spread via untrustworthy apps being installed onto devices. That’s why it’s imperative that you ensure each and every app you download comes from a source you trust, recommended to you or with good reviews.
● You might be bored of hearing us say this by now, but using complex passwords (and different ones for each of your accounts) is really one of the top ways to protect yourself from any type of cyber attack. Weak passwords are recognized as one of the top three causes of successful malware attacks, so this is no joke.
What Should I Do if I Fall Victim to A Ransomware Attack?
Whatever you do, don’t pay the ransom! There are numerous reasons why paying the ransom is a bad idea, but numerous authorities such as the FBI offer the very same advice.
Who’s to say that you’ll actually be reunited with your decrypted files once you’ve paid the fee? You have no idea who’s acting behind the attack so there’s certainly no guarantee. In paying, you’re reinforcing one thing the cybercriminals are relying on: ransomware attacks provide the results they’re after. In short, they work. Your payment acts as the opposite of a deterrent, it’s only going to encourage them further.
Ransomware attacks are on the rise and precautions should be taken to avoid leaving yourself susceptible. As Datto states, there’s reason to believe they’re the most prominent malware threat around. It’s a similar story to that of other dangers in the digital realm - make sure you’re doing everything you can to protect yourself. Preventative measures are much easier to implement than reactionary. Unfortunately, it’s often too late to do anything by the time an attack has taken place.
The good news is, as we hope to have evidenced above, there are numerous ways you can protect yourself to take yourself out of the vulnerable zone. If you remain stringent and follow our simple guide to protection above, you’re setting yourself apart from being a prime cybercrime victim. After all, phishing, lack of cybersecurity training and weak passwords are the top three causes of successful ransomware attacks. Use your digital common sense, keep your passwords strong and diverse, and educate yourself and/or your employees.Find out more about Ciphr