This article was originally featured on Medium.com
Ransomware is a type of computer virus. However, unlike other computer viruses, ransomware has a very specific goal to get a ransom from the victim. Ransomware may encrypt victim’s files or may restrict access to the victim’s computer and render it useless. The former is called encrypting ransomware and later is called non-encrypting ransomware. In either case, attackers require payment of a ransom.
How does ransomware work?
Once encrypting ransomware penetrates a victim’s computer, it silently starts encrypting files on the hard disk. At this stage the victim has no idea that her files are in danger. Once the malware completes encryption, it notifies the victim and demands payment of a ransom. If the ransomware implements encryption properly, it is practically impossible to decrypt the files without the attacker’s assistance. Thus, the victim has only two choices, either to pay the ransom or lose the files forever.
Non-encrypting ransomware normally restricts access to the victim’s computer. It may display pornographic images or videos and put the victim in an awkward situation. Some ransomware can pretend to be from law enforcement agencies, police or FBI for example. Such ransomware may claim that the victim’s computer had been used for illegal activities and demand ransom. Normally, non-encrypting ransomware demands smaller ransom.
Why is ransomware dangerous?
One the one hand, ransomware authors can use strong encryption, the same level used by banks, financial institutions and government. Modern encryption with sufficiently strong encryption key is impossible to decrypt without knowing the original encryption key.
In 2018, 95% of ransomware profits went through the cryptocurrency trading platform BTC-e.
On the other hand, attackers demand money to be paid via cryptocurrency, normally Bitcoin. Cryptocurrency ensures high confidentiality to the attacker and at the same time it makes difficult for law enforcement agencies to persecute cybercriminals.
How ransomware can harm your business?
Non-encrypting ransomware can harm your business by preventing your employees from doing their job. It will also cause direct financial damage because you will have to clean up your computers from malware. It cause also indirect damage by harming your reputation.
Encrypting ransomware is even more dangerous because if you do not have backup copies of the encrypted files, the only way to recover such files is to pay the ransom. This is the major reason why encrypting ransomware often demands higher ransom than non-ecnrypting ransomware.
How are ransomware attacks carried out?
Practically all ransomware attacks use trojans and arrive as an attachment in an email. A notable exception from this is the WannaCry worm, which spreads without user interaction. Computers can also get infected with ransomware from USB flashdrives.
Key ransomware stats
Figures don’t lie. Let’s have a look at key stats related to ransomware attacks and some trends.
- Ransomware cost businesses more than $8 billion in 2018.
- 2018 saw 79% overall increase in malware-targeted on businesses.
- The average cost of a ransomware attack on businesses is $133 000.
- 25% of cyber insurance claims in 2017 were related to ransomware attacks.
- Ransomware is behind 56% of malware attacks. In 2018, the average ransom was $522.
- 95% of ransomware profits went through the cryptocurrency trading platform BTC-e.
How to mitigate ransomware attacks?
A well known rule in healthcare is that prevention is cheaper and more efficient than treatment. The same logic applies to cybersecurity. It is cheaper and more efficient to prevent ransomware attacks than to deal with the consequences. In this final paragraphs we will give some recommendations to prevent ransomware attacks.
- Always keep your computer systems up-to-date.
- Use anti-virus software on all workstations.
- Use email security software to protect all your employees.
- Examine well emails received from unknown sources.
- Don’t trust blindly even “trusted” sources.
- Disable USB drives for those employees who do not need it.
- Implement a firewall and disallow download of files for those employees that do not need it.
Educate your staff. You should invest in cyber awareness training programs along with investing in cybersecurity tech.
Humans are the weakest link in any system. This is why it is crucial to invest in cyber awareness training on a regular basis. No technology will help ignorance.
Sometimes disaster cannot be prevented but if you implement the following measures, you can minimize harm caused by a successful ransomware attack.
- Always create backup copies of all important files.
- Segment your networks and keep mission critical workstations and servers separately.
- Use filesystem security measures built into your operating system (e.g. volume shadow copy on Windows) or ZFS on file servers.
- Have readily available tools that can decrypt files encrypted by certain ransomware.
We hope you find this post interesting and useful. While ransomware attacks may look scary, you can successfully mitigate them by following the above recommendations. Don’t forget that over 90% of all cyberattacks start with an email and by adopting an efficient email security solution, you can dramatically decrease your risks.
Did you like this story? Follow us on social media for even more interesting and exclusive stories. Confused by technical terms? Check out our glossary.