What Is Ransomware?
This past week, Ransomware dominated the news cycle. Cybercriminals attacked the Colonial Pipeline, disrupting the gas supply and causing widespread gas shortages along the East Coast. Let’s define ransomware and explain why it is a threat. Next week, return to this blog. We will help you understand how to prevent a compromising event.
Ransomware is a strain of malware that can infiltrate an unsuspecting victim’s computer or network through various delivery methods such as through software downloads, convincing phishing or spam email, malicious email attachments and URLs, unpatched VPN vulnerabilities, insidious botnets, “free” versions of software or insecure or fraudulent websites. Once in, the ransomware installs itself on any network devices it can access and encrypts any files it finds. Like a virus, it will then attempt to spread to connected systems, including other accessible computers and shared storage drives. If your computer becomes infected with ransomware (or an encryption Trojan), it may lock you out of your operating system and files as it encrypts your data.
When the encryption is done, your data becomes a “digital hostage,” it’s time for the thieves to begin extortion. The ransomware then displays instructions for a ransom payment and is usually a threat to either destroy the data or make it publicly available. The victim or the victimized organization can either pay the ransom and hope to get the decryption key that will, presumably, enable them to restore the data, or they can attempt recovery on their own by removing from the network any infected files and systems and then repairing the data via clean backups.
Ransomware Extortion Figures
Ransom figures can range from several hundred dollars to millions of dollars, and the ransom money is typically payable to cybercriminals in digital currency such as bitcoin, which can be transferred from one person to another without passing through a bank.
Do cyberthieves ever take the ransom money and run? Yes, there’s always that risk. Even if the ransom is paid in full, that’s no guarantee that you will be able to regain your former access to your files. According to the Cybersecurity and Infrastructure Security Agency, “Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access.” A recent survey of 1,200 IT security professionals who had suffered a ransomware attack revealed that 17 percent said they paid the fee but lost their data anyway.
Why Is It a Threat?
Ransomware is a severe threat to individuals, businesses, and government, and criminals are making it a big company. Virtually no one is immune. Ransomware is targeting organizations of all sizes every 14 seconds. The people behind it cannot be arrested in most cases, so they keep on hacking with anonymity. It’s estimated that ransomware gangs made at least $350 million in ransom payments last year alone, and this year, cybercriminals are on a roll to outpace their 2020 record.
Although ransomware has been around for decades, it is increasingly the tool for thieves because even novices don’t have to invent ransomware technology to extort money from their victims successfully. The technology has already been developed and is for sale. Malicious groups like DarkSide, whose ransomware is behind the Colonial Pipeline attack, distribute multiple ransomware variants using a Ransomware-as-a-Service (RaaS) model. Like Software as a Service (SaaS) structures that consumers use daily, RasS enables malicious actors to sign up to use ransomware technology. Depending on the variant, the criminals may pay a one-time fee, a monthly subscription, or even a commission (which permits the cybercriminal to keep a portion of successful ransom payments).
Remember, to become a victim, you don’t need to be as big as the Colonial Pipeline, which paid malicious attackers a $5 million ransom last week to get their data back. Nearly two years ago, 23 small Texas towns were hit in a coordinated attack. And, just last week, the Washington Metropolitan Police Department was in the news; they paid only $100,000 of a $4 million ransom to cybercriminals, so the hackers followed through on their promise to release the department’s personnel files — publicly. Meanwhile, Gary, Indiana, was reeling from a recent ransomware attack on several servers last week.
How AISN Can Help
Don’t be trapped by an attack. Preparation is vital, and AISN’s cybersecurity team can help with everything from preparation to response. We also work with cyber security attorneys if privacy and attorney-client privilege are essential. Contact us this week to begin a discussion. The first consultation is free; that conversation may save your business someday.