Posted on May 25, 2017
One of the most dangerous emerging trends in the malware world is ransomware. This hacking method has already wrought significant havoc on many businesses and individuals since becoming a credible threat a few years ago, and it seems to be growing in complexity and destructive potential with each passing day. This article will provide an in-depth look at ransomware: what it is, how it spreads, and how to protect yourself and your business from it.
As the name implies, ransomware is a type of cyber attack which holds the victim’s data hostage unless they take a specific action – usually paying a hefty sum that can range from several hundred to tens of thousands of dollars, depending on the value of the data. This has proven to be a very lucrative strategy for hackers and dark-net mercenaries, with victims of ransomware having already paid hundreds of millions of dollars in ransoms to recover their information. In fact, CNN reports that over $209 million was paid to ransomware criminals in the first quarter of 2016 alone, with the average ransom demand increasing to $679, more than double the average in the previous year. As you might imagine, falling prey to such an attack can bring financial ruin to both individuals and businesses alike. No longer content with simply destroying an operating system or spamming your email contacts, hackers have become emboldened and are now blatantly holding data hostage in an attempt to extort money from the victim.
You might wonder how ransomware even accomplishes its goal – after all, it’s not like someone is breaking into your home or business and physically holding your PC hostage. Ransomware takes advantage of encryption by turning your files into unreadable, unusable formats unless you pay the ransom demand. This means that things like financial reports, medical records, and sensitive personal information would be completely useless and inaccessible to the victim since they would be converted into an encrypted format that only the hacker can unlock. While an individual would probably not be greatly affected by their photos or digital receipts being lost, a business can be totally ruined when stripped of its access to critical data. Thus, many organizations have no choice but to pay the ransom and hope that the attacker actually keeps their word and restores the data after being paid.
Malware authors no longer operate the way they used to. Instead of forcing their way into a network with a meticulously-crafted worm or backdoor, most attackers have shifted to social engineering to infiltrate a business, as it’s much easier and less expensive than older strategies. The most common transmission method by far is email, with about 60% of all ransomware infections coming from email sources. A hacker will write up a convincing email that claims to be from a trusted contact, such as a relative, government agent, or the CEO of the victim’s company. The email will usually ask the victim to perform an action, such as clicking a link or downloading an attachment, and the malware payload will immediately execute and infect the user’s PC. Once the attack has taken hold, some attacks (including the recent WannaCry worm) have a script that will search the PC for connections to other machines, such as network drives on a business computer, and will attempt to spread to those locations as well. This can lead to an entire infrastructure environment being crippled, with filesystems, VM hosts, and e-commerce applications brought to a halt.
Unlike malicious email of the past, these messages are usually written with proper English, are well-formatted, and appear legitimate in every way. Whereas an attacker’s strategy used to be blasting out low-effort spam email to whoever would open it, today’s threats are very deliberate and strategically targeted, making it easier for victims to trust the message they’re reading. Hackers are latching on to this social engineering strategy, and in force, too: IBM reports that emails containing ransomware increased by a staggering 6,000% in 2016 over the previous year, and the number continues to rise today.
With such a devastating threat facing large and small businesses alike, how can you protect your organization from ransomware? Fortunately, there are smart steps you can take to stop these attacks before they even get through the door.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.