Put simply, ransomware is a type of malware that holds your data hostage via encryption or lockscreen. And, it’s a booming criminal enterprise.
What’s more, it’s impossible to entirely prevent a ransomware infection.
That’s because cyber criminals launch socially-engineered campaigns everywhere people connect online, including:
- Web browsers
- Internet advertising
- Instant messages
- Cloud-based collaboration tools
- Social media apps
- Online gaming apps
- And more
Even with robust data security measures in place, it only takes a single naive, distracted, or overwhelmed end user to bring an organization to a grinding halt.
Widespread versus targeted ransomware campaigns
Often, ransomware campaigns take a scattershot approach, sometimes referred to as “spray and pray.” These are high exposure campaigns that only require a fraction of the exposed end users to “bite” in order to net a financial windfall.
More recently, however, ransomware attackers have begun targeting specific industries that may feel greater pressure to pay up, like healthcare systems, government agencies, colleges and universities, and transportation systems.
While brand reputation and community confidence will be a driver for some, in the case of hospitals and law enforcement agencies, a ransomware infection could mean the difference between life and death.
Recovering your encrypted data
Regardless of the attack vector, by the time you detect a ransomware infection, it’s already too late. Whether the end user opens a malicious email attachment, visits an unsafe website, or clicks on malvertising campaign, the ransomware will spread quickly—first, infecting the end user’s local files—then spreading to any networks they’ve been granted access to.
Once infected, organizations that don’t have a clean, current backup from which to recover will be forced to decide whether they or not they should pay the ransom.
Should you pay the ransom?
Like the FBI, we encourage businesses not to pursue this option. Once you’ve paid the ransom, cyber criminals may go dark; demand a second, larger payment; or return incomplete or corrupted data.
Even if you receive a decryption key and your data is restored in-full, you’ll now have a target on your back.
The evolving ransomware threat
While ransomware has been on the scene since 1989, it has evolved significantly since that time. Now, it’s more sophisticated—and easier to employ. In fact, some ransomware variants not only evade antivirus software and firewalls today, but ransomware-as-a-service options enable unsophisticated cyber criminals to get a piece of the action, as well.
And, there’s a lot of action to be had.
The well-known ransomware variant, CryptoWall, has extorted more than $325 million from organizations around the world since it was first discovered in 2015.
Types of ransomware that should be on your radar
There are two primary types of ransomware you should be familiar with: encryption ransomware and lockscreen ransomware.
Let’s take a look.
As its name suggests, encryption ransomware leverages a unique encryption key to render infected files unusable. The ransomware virus then places ransom notes within file folders, instructing the organization to pay a ransom—often paid in Bitcoin—to receive the decryption key.
These payments are often initially $300-$500, but demands can reach tens of thousands of dollars.
It’s important to note that data security software and system restores cannot restore data once encrypted.
Lockscreen ransomware operates quite differently. Rather than encrypting the data itself, it instead denies access to your desktop and files.
Following an infection, this type of ransomware will pose as a law enforcement or government agency, displaying a full-screen message that claims you’ve engaged in illegal activity and must pay a fine to regain access to your desktop.
These fraudulent claims are socially-engineered to create shame and panic on the part of the end user, which drives some to readily share their credit card information.
While lockscreen ransomware is nothing to sneeze at, it can occasionally be defeated by exiting the application and rebooting your workstation. A Windows System Restore is another useful protocol for removing Lockscreen ransomware, as well.
While encryption and lockscreen ransomware encompass the primary “modes of ransomware operation,” there are a few variations that warrant discussion here.
With the widespread adoption of mobile technologies, cyber criminals have seized upon these new opportunities to extort money from their victims.
Given how easy it is to perform a bare metal restore and sync mobile data online or via the cloud, mobile ransomware is often not of the encrypting variety. Rather, cyber criminals trick users into installing an APK file, which may prevent access to their mobile applications or grant administrator privileges to the cyber attacker.
These attacks typically target Android devices, as the platform allows users the flexibility to install applications from third party sources. However, ransomware attacks on iOS devices are also on the increase. Here, cyber attackers exploit iCloud accounts and lock device access via Find My Phone.
There was a time that ransomware was the sole domain of cyber hackers. No longer. Now, the ransomware-as-a-service (RaaS) model empowers any criminal to extort money from businesses, government agencies, and individuals—without the once requisite tech savvy.
Using a simple wizard, these low-tech cyber criminals can now easily configure a ransomware attack, with a cut of the profits going to the RaaS provider.
The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray…
If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical…
Once again, cyber attackers are proving no one is safe from a ransomware attack. This time, it’s the City of Atlanta that has fallen victim. So, what do we know? Experts suggest Atlanta may have been infected by a variant of SamSam ransomware; the same family deployed against governments and hospitals since 2015. In this…
Like a terrible foot fungus, and not nearly as pleasant, SamSam ransomware just won’t go away. This customized ransomware strain first entered the scene in 2016 and, today, it’s powering the types of targeted cyber attacks that should give all of us pause—especially those in the healthcare industry. Just consider this: In the past three…