Ransomware is any malicious program that locks you out of your own system or files and restores access in return for a ransom payment. It relies on high-end encryption to work, scrambling the order of data chunks stored in your hard drive through a complex algorithm known as a cypher. Businesses of all sizes are vulnerable to ransomware attack if precautions are not taken to safeguard data-bearing assets.
If infected, your computer operating system (OS), files, or folders will be hidden behind a splash screen containing details of where to send a payment to obtain a unique, decrypting unlock key. Ransomware payments are usually demanded as a lump sum of an online, untraceable cryptocurrency such as Bitcoin that can be sent anonymously between computers. The average payment demanded per machine is usually between £300 - £1,400. Discounted payments are sometimes offered for those who pay up quickly or who live and work in low-income countries.
How To Deal With A Ransomware Attack
Firstly, we strongly recommend NOT paying the ransom, as this only serves to encourage more cybercrime. Contact the police as soon as you notice a ransomware attack on one or more of your corporate devices. Some older, encrypting malware has now been fully cracked - as the key used to generate the encryption is known it is now effectively useless. Check online to see if the algorithm for any variant you encounter has been broken.
You should also act to identify the data compromised by the attack and any customers, employees or suppliers affected. The files or the device will be inaccessible until the program decrypts the scrambled data. Removing the program via an anti-malware package, reverting the OS, or reinstalling the OS will not recover your data unless it was backed up externally. If restoring local data isn't a priority, we recommend full data sanitisation of all infected devices, followed by an OS reinstallation and restoration of data from backed up files.
Scareware is a very similar type of malware that imitates ransomware and also demands a Bitcoin payment to 'unlock' your files. In reality, it doesn't actually do anything. The ransom is paid to get rid of an annoying pop-up. It can be easily detected and removed with a good anti-malware program – but we recommend thorough data-cleansing for any infected device used to carry sensitive data, followed by the changing of any compromised passwords.
Ransomware and scareware are often combined with damaging psychological tactics to exert pressure on organisations, similar to a classic 'boiler room' scam. Programs often claim to have exclusive knowledge that the user has committed illegal acts online when they haven't in order to quickly solicit a discreet decryption payment. Some ransomware threatens the user with being exposed for viewing (illegal) pornography or pirating software to play on common fears of prosecution or public embarrassment.
How Does Ransomware Spread?
Ransomware is distributed by email, malicious websites, and fraudulent links through a process known as Phishing. Some variants can also travel from computer to computer via OS backdoors and local networks. An exploit called EternalBlue is often used to gain entry through an unsecured port.
Who Is Targeted?
Professional ransomware is increasingly targeted at disrupting the running of large organisations, but SMEs are also vulnerable. Quickly disabling life-or-death and sales-focused IT services has proven extremely lucrative for the propagators of programs such as WannaCry.
Healthcare providers and high-profit businesses (such as banks) are at particular risk from ransomware, simply because they're considered much more likely to pay up for the sake of convenience and smooth running.
Should I Be Worried?
As of mid 2019, yes and no. Ransomware has actually declined in popularity since 2017. It's always been a serious gamble as to whether ransomware victims will actually pay up. A huge string of 'hit and run' malware attacks where an encryption key was not delivered after payment was made has also lowered an already weak level of trust in ransomware-using cybercriminals.
Cybersecurity also moves quickly. The infamous EternalBlue Windows backdoor exploits that made the first generation of WannaCry so effective at spreading itself in 2017 have (largely) been patched, neutralising huge swathes of once cutting-edge malware.
Individual PC ransomware attacks on businesses have also significantly declined. Downloads have fallen from a 60% global share of malware downloads (c.2017) to 5% (c.2019). Cybercriminals have gradually realised that the financial returns, sentences, and risk of detection from person-to-person blackmail are far higher than with old-fashioned credit card fraud or illegitimate cryptocurrency mining!
Nevertheless, it's still a major industry by virtue of the volume and variety of 'self-install' CryptoLocker clones aimed at first-time phishers that were built and distributed between 2012 and 2018. Ransomware is now in the hands of a far greater number of far less technically savvy criminals. Ransomware is sold as an easy-to-use 'off the shelf' attack kit on dark websites. Millions of PCs across the globe run an outdated and unpatched version of a popular Windows OS, making small businesses especially vulnerable.
Steps To Counteract Ransomware
If you're running a company or corporate IT team, it really depends on how good your strategy for countering it is and how sensible your employees are online as to how much you should (personally) panic. If you store sensitive data or have a lot of money flowing through your business, you should be concerned about the active targeting of disruptive, focused ransomware.
Try to keep your installations and anti-virus/anti-malware programs up to date, discourage employees from installing unauthorised and unverified software, disable administrator privileges where you can, and create regular backups of critical data. Old and ‘recycled’ IT assets represent a dangerous back door into your business for ransomware-using criminals. To counter this, use an ADISA-certified secure IT asset disposal business to completely shred old laptops, HDDs and server tapes – thus removing personal data and passwords from circulation.
For help and advice regarding ransomware, contact Absolute IT today.