Put simply, ransomware is a type of malware that holds your data hostage via encryption or lockscreen. And, it’s a booming criminal enterprise.
What’s more, it’s impossible to entirely prevent a ransomware infection.
That’s because cyber criminals launch socially-engineered campaigns everywhere people connect online, including:
- Web browsers
- Internet advertising
- Instant messages
- Cloud-based collaboration tools
- Social media apps
- Online gaming apps
- And more
Even with robust data security measures in place, it only takes a single naive, distracted, or overwhelmed end user to bring an organization to a grinding halt.
Widespread versus targeted ransomware campaigns
Often, ransomware campaigns take a scattershot approach, sometimes referred to as “spray and pray.” These are high exposure campaigns that only require a fraction of the exposed end users to “bite” in order to net a financial windfall.
More recently, however, ransomware attackers have begun targeting specific industries that may feel greater pressure to pay up, like healthcare systems, government agencies, colleges and universities, and transportation systems.
While brand reputation and community confidence will be a driver for some, in the case of hospitals and law enforcement agencies, a ransomware infection could mean the difference between life and death.
Recovering your encrypted data
Regardless of the attack vector, by the time you detect a ransomware infection, it’s already too late. Whether the end user opens a malicious email attachment, visits an unsafe website, or clicks on malvertising campaign, the ransomware will spread quickly—first, infecting the end user’s local files—then spreading to any networks they’ve been granted access to.
Once infected, organizations that don’t have a clean, current backup from which to recover will be forced to decide whether they or not they should pay the ransom.
Should you pay the ransom?
Like the FBI, we encourage businesses not to pursue this option. Once you’ve paid the ransom, cyber criminals may go dark; demand a second, larger payment; or return incomplete or corrupted data.
Even if you receive a decryption key and your data is restored in-full, you’ll now have a target on your back.
The evolving ransomware threat
While ransomware has been on the scene since 1989, it has evolved significantly since that time. Now, it’s more sophisticated—and easier to employ. In fact, some ransomware variants not only evade antivirus software and firewalls today, but ransomware-as-a-service options enable unsophisticated cyber criminals to get a piece of the action, as well.
And, there’s a lot of action to be had.
The well-known ransomware variant, CryptoWall, has extorted more than $325 million from organizations around the world since it was first discovered in 2015.
Types of ransomware that should be on your radar
There are two primary types of ransomware you should be familiar with: encryption ransomware and lockscreen ransomware.
Let’s take a look.
As its name suggests, encryption ransomware leverages a unique encryption key to render infected files unusable. The ransomware virus then places ransom notes within file folders, instructing the organization to pay a ransom—often paid in Bitcoin—to receive the decryption key.
These payments are often initially $300-$500, but demands can reach tens of thousands of dollars.
It’s important to note that data security software and system restores cannot restore data once encrypted.
Lockscreen ransomware operates quite differently. Rather than encrypting the data itself, it instead denies access to your desktop and files.
Following an infection, this type of ransomware will pose as a law enforcement or government agency, displaying a full-screen message that claims you’ve engaged in illegal activity and must pay a fine to regain access to your desktop.
These fraudulent claims are socially-engineered to create shame and panic on the part of the end user, which drives some to readily share their credit card information.
While lockscreen ransomware is nothing to sneeze at, it can occasionally be defeated by exiting the application and rebooting your workstation. A Windows System Restore is another useful protocol for removing Lockscreen ransomware, as well.
While encryption and lockscreen ransomware encompass the primary “modes of ransomware operation,” there are a few variations that warrant discussion here.
With the widespread adoption of mobile technologies, cyber criminals have seized upon these new opportunities to extort money from their victims.
Given how easy it is to perform a bare metal restore and sync mobile data online or via the cloud, mobile ransomware is often not of the encrypting variety. Rather, cyber criminals trick users into installing an APK file, which may prevent access to their mobile applications or grant administrator privileges to the cyber attacker.
These attacks typically target Android devices, as the platform allows users the flexibility to install applications from third party sources. However, ransomware attacks on iOS devices are also on the increase. Here, cyber attackers exploit iCloud accounts and lock device access via Find My Phone.
There was a time that ransomware was the sole domain of cyber hackers. No longer. Now, the ransomware-as-a-service (RaaS) model empowers any criminal to extort money from businesses, government agencies, and individuals—without the once requisite tech savvy.
Using a simple wizard, these low-tech cyber criminals can now easily configure a ransomware attack, with a cut of the profits going to the RaaS provider.
Your business critical systems, applications, and data are under a constant state of threat. In fact, a recent Cybersecurity Ventures report finds that a ransomware attack occurs every 40 seconds—and by the end of 2019 an attack is projected to occur every 14 seconds. It’s clear that you need a vigilant army of end users…
There it is—the ransomware lockscreen staring you down with its arrogant gaze, just begging you to cry, “Uncle!” So much for your pleasant morning cup of coffee. So, now what? What steps should you and your IT department take to mitigate the damage and restore your data? The answer is: It depends. Here are some…
It’s a never-ending battle: Hackers relentlessly look for a way into your digital house, you work overtime, boarding up the windows. Meanwhile, your employees stand in the threshold graciously offering their up their keys. We know employees are the primary cause of data breaches—and that login credentials are almost always employed at some phase of…
This month, a Grand Canyon-sized hole in WPA2 WiFi security protocol was discovered—and, it’s a vulnerability that has the potential to spell catastrophic consequences for organizations and their mobile workforces. So, what does the threat mean to you? And, more importantly, how can you use WiFi safely? Let’s dig in. KRACKS is a threat to…