Recently, news spread that Canon may have fallen victim to a ransomware attack that took the site down for six days. Canon revealed that an issue involving ten gigabytes of data storage was under investigation. At the same time, Boyce Technologies, a ventilator manufacturer, was also targeted by ransomware in an attack that threatened to release confidential data if a ransom wasn’t paid (another example of cybercriminals cashing out on the pandemic). Not only are ransomware attacks increasing, but the amount of organizations paying the ransom is also increasing. In 2017, 39% of victims paid to retrieve encrypted data; in 2018, 45% paid the ransom, and in 2019, 58% paid the ransom.
So what’s it all about? Ransomware is a type of malware that steals a victim’s files, encrypts them, and requests a ransom for its release. By locking a victim’s data, the hacker is able to put themselves in a favorable position to benefit financially from the theft. In order to restore access, the victim is forced to pay the ransom. Often, if the victim doesn’t provide the requested funds within a certain time period, they lose access to that data forever. The data that’s held hostage could include anything from personal photos to customer data that your company keeps. Once the ransom is paid, the thief provides the decryption key necessary to release the files.
Types of Ransomware
There are many different ways to execute ransomware attacks. Although there are several types of ransomware, there are three common types: crypto malware, scareware, and doxware.
Crypto malware is a type of malware that encrypts entire files, folders, and hard drives. The WannaCry ransomware attack is one the more recent, infamous cases of crypto malware. This attack used a cryptoworm that targeted computers running the Microsoft Windows operating system, encrypting data, and requesting that ransom be paid in Bitcoin. Although Microsoft quickly released emergency patches, the cryptoworm managed to spread to 200,000 computers across 150 countries. Victims included individuals and entire organizations.
Scareware is a type of fake software that acts like an antivirus or cleaning tool. It utilizes social engineering to create anxiety and shock, which forces the victim to act by purchasing unwanted software. A traditional scareware pop-up on your computer would deliver a message along the lines of, “Your computer is infected! Download anti-virus software to keep your files safe.” In some of these cases, ad-pops are the scare tactic itself and your files have not been compromised. In others, the scareware hacker is both the attacker and the “healer.”
Doxware is an extortion malware that threatens to reveal your private information if you don’t pay their ransom amount. This is becoming increasingly common as more people turn to their computers and cloud drives to store personal files, such as taxes, photos, email conversations, and other vital documentation. For many, this release of sensitive, private information is crippling. One of the first variants of Doxware was called Ransoc. Ransoc informed victims that child pornography or files depting violation of intellectual property have been found on their computer, and that if they did not pay the fee, those files would be exposed publicly.
How Ransomware is Delivered
The most common way to fall victim to a ransomware attack is by opening up a file, typically delivered via email or other instant messaging. The files or links contain malware that installs ransomware once downloaded. For example, a hacker might use phishing to convince a recipient to download a Microsoft Word document. A slight change in a domain email address can go unnoticed, prompting the recipient to believe they are receiving a legitimate document. For example, instead of [email protected], the email might read [email protected].
Responding and Recovering to a Ransomware Threat
Receiving ransomware is always a scary thing. You don’t know what to do or who to turn to, and it’s this emotion that makes so many victims go ahead and pay the ransom. Of course, how you react depends on how critical the situation is. A local clinic that receives ransomware threatening to hold patient information needs to react much more swiftly and with great calculation and precision, compared to an individual receiving ransomware. One of the first questions you’ll ask yourself is whether you should pay.
The majority of security researchers say no. If you receive ransomware, immediately disconnect from your internet server and turn off the infected device. In some cases, you may be able identify the type of malware used, which allows you to search for the most remedial options. Paying a ransom only further funds hackers to continue spreading infections to others.
On the flip side, paying a ransomware can be seen as a smart, swift business decision—depending on who you ask. Although it goes against conventional wisdom, the cost of having a business underground for several days can be even more damaging and costly than paying the ransom. With the rise of ransomware attacks, some hackers are even open to negotiations. However, if you have an intention to pay a ransom, it’s critical that you bring an agency or security consultant on board to help you navigate the situation. Doing it alone could compound the situation or result in you paying more than necessary.
Ultimately, the best way to avoid ending up in a ransomware situation is to have preventative measures in place. And one of the most important preventative measures is to keep your systems up to date.
Software programs regularly release updates that address holes in their previous systems that could potentially turn into hazardous bugs. Hackers are known to exploit outdated software, infecting antiquated systems by the masses—and this is exactly what happened during the WannaCry attack. Always update your software programs when updates are available, and keep your anti-virus software updated as well.
Security awareness training is another important tactic. If you run a business, your employees should know how to recognize a phishing attack when they see one, as many of these attacks are initiated through links and attachments that are crafted to look legitimate. If you don’t have a business and simply want to protect your device and household, take an online security glass to help you stay up to date on best practices.
Another option for businesses is to work with third party security companies that offer a 24/7 cybersecurity help desk and have a dedicated, round-the-cloud staff to ensure your business is always protected.
Lastly, your data should be backed up to the cloud. In the event where ransomware appears, you may be able to wipe your hard drive, restore it to factory settings, and restore with a cloud backup.
What’s more important is that you understand ransomware doesn’t have to be the end of the world. There are always actions you can take to put yourself in the most favorable position, even when it doesn’t feel like that in the moment. Maintain your preventative measures, but educate yourself on how to respond in the event you are a victim.