What Is Ransomware?
Ransomware dominated the news cycle this past week with cybercriminals’ attack on the Colonial Pipeline, which resulted in a disrupted gas supply and widespread gas shortages along the East Coast. Let’s define what ransomware really is and explain why it is a threat. Next week, return to this blog. We will help you understand what you can do on your own to prevent a compromising event.
Ransomware is a strain of malware that can infiltrate an unsuspecting victim’s computer or network through various delivery methods such as through software downloads, convincing phishing or spam email, malicious email attachments and URLs, unpatched VPN vulnerabilities, insidious botnets, “free” versions of software or insecure or fraudulent websites. Once in, the ransomware installs itself on any network devices that it can access and begins encrypting any files that it can find. Just like a virus, it will then attempt to spread to connected systems, including other accessible computers and shared storage drives. If your computer becomes infected with ransomware (or an encryption Trojan), it may lock you out of your operating system and files as it goes about encrypting your data.
When the encryption process is done, your data then becomes a “digital hostage,” and it’s time for the thieves to begin extortion. The ransomware then displays instructions for a ransom payment and usually a threat to either destroy the data or make it publicly available. The victim or the victimized organization can either pay the ransom and hope to get the decryption key that will, presumably, enable them to restore the data, or they can attempt recovery on their own by removing from the network any infected files and systems and then restoring the data via clean backups.
Ransomware Extortion Figures
Ransom figures can range from several hundred dollars into the millions of dollars, and the ransom money is typically payable to cybercriminals in digital currency such as bitcoin, which can be transferred from one person to another without passing through a bank.
Do cyberthieves ever take the ransom money and run? Yes, there’s always that risk. Even if the ransom is paid in full, that’s no guarantee that you will be able to regain your former access to your files. According to the Cybersecurity and Infrastructure Security Agency, “Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access.” A recent survey of 1,200 IT security professionals who had suffered a ransomware attack revealed that 17 percent said they paid the fee but lost their data anyway.
Why Is It a Threat?
Ransomware is a serious threat to individuals, businesses and government, and criminals are making it a big business. Virtually no one is immune. Ransomware is targeting organizations of all sizes every 14 seconds. The people behind it cannot be arrested in most cases, so they keep on hacking with anonymity. It’s estimated that ransomware gangs made at least $350 million in ransom payments last year alone, and this year, cybercriminals are on a roll to outpace their 2020 record.
Although ransomware has been around for decades, it is increasingly the tool of choice for thieves, because even novices don’t have to invent a ransomware technology to be successful at extorting money from their victims. The technology has already been developed and is for sale. Malicious groups like DarkSide, whose ransomware is behind the Colonial Pipeline attack, are distributing multiple variants of ransomware using a Ransomware-as-a-Service (RaaS) model. Similar to Software as a Service (SaaS) structures that consumers use every day, RasS enables malicious actors to sign up to use ransomware technology. Depending on the variant, the criminals may pay a one-time fee, a monthly subscription or even a commission (which permits the cybercriminal to keep a portion of successful ransom payments).
Remember, to become a victim, you don’t need to be as big as the Colonial Pipeline, which paid malicious attackers a $5 million ransom last week to get their data back. Nearly two years ago, 23 small Texas towns were hit in a coordinated attack. And, just last week, the Washington Metropolitan Police Department was in the news; they paid only $100,000 of a $4 million ransom to cybercriminals, so the hackers followed through on their promise to release the department’s personnel files — publicly. Meanwhile, also last week, the city of Gary, Indiana was reeling from a recent ransomware attack on several of its servers.
How AISN Can Help
Don’t be ensnared by an attack. Preparation is key, and AISN’s cybersecurity team can help — from preparation through response. We also work with cyber security attorneys, if privacy and attorney-client privilege are important. Contact us this week to begin a discussion. The first consultation is free, and that conversation may just save your business one day.