When Joseph Popp wrote and released the world’s first extortion computer virus, the AIDS trojan, he set forth a wave of similar creations capable of crippling the output of even the world’s largest corporations.
Ransomware now represents a major threat for most businesses that rely on digital technology to fuel their daily processes. Cyber criminals looking to make money quickly turn to ransomware to scare victims into paying them large sums via untraceable payment methods. Most modern businesses must navigate this evolving space and actively work to keep their data secure, though it’s challenging.
What Is Ransomware?
To combat ransomware, you must first understand it. Luckily, ransomware is not a terribly tricky concept to comprehend. In fact, the FBI1 defines ransomware as malicious software that blocks a user’s access to their own digital files, systems, or networks until they pay a ransom.
Ransomware takes many different forms, largely depending on the type of system it targets. Other factors also influence its behavior and format. For instance, a ransomware program designed to infect a niche banking platform is likely to differ significantly from a program meant to make PC users forward payments to an anonymous destination.
Ransomware often remains hidden from intended targets after installation, only revealing itself when it can lock them out of sensitive or valuable data they would struggle to replace. While the exact actions of a particular ransomware may vary depending on factors like those mentioned above, most share a number of unique capabilities that differentiate them from other forms of malware.
What Does Ransomware Do?
Ransomware first breaches a user’s or administrator’s machines and networks and encrypts files and data, making them inaccessible to the user but leaving them accessible to the hacker in order to force the victim to pay a ransom to regain access and security. Attackers generally carry out these attacks using a type of computer virus known as a trojan, often leveraging obscure vulnerabilities in target systems to bypass defenses.
How Ransomware Infects a System
Ransomware may leverage many different techniques to take control of your machine. From replacing existing files with malicious ones to exploiting rare operating system susceptibilities, each unique form of ransomware finds its own way onto suitable host systems.
The most common tactics and susceptibilities used by ransomware to gain access and control of targeted systems are:
- Out of Date Software
Software that is out of date or in need of an update poses significant security risks for those who continue to use it. Ransomware designers exploit known bugs and unpatched security holes to implant and spread viruses.
In the well-known case of the “WannaCry” worldwide ransomware attack in May 2017, attackers exploited a vulnerability in an outdated Windows operating system used by the National Security Agency (NSA) to infect machines on a local network, causing billions of dollars in damages.²
- Infected Software
Infected programs can make their way onto a user’s operating system completely unnoticed. Programs obtained from unofficial sources or even from official sources that have been compromised can contain the code needed for a ransomware attack to unfold.
- Phishing
In a phishing scam, cyber-criminals trick email recipients into clicking links that execute malicious code or leak the recipient’s sensitive information. When used to spread ransomware, phishing can be quite effective.
CryptoLocker, a ransomware trojan that targeted Windows operating systems in 2013 and 2014, leveraged phishing techniques to transmit code to a large number of computers, leading to ransomware takeovers that netted fraudsters at least $3 million in extorted funds.³
- Exploit Kits
Many ransomware programs, such as exploit kits, are automated tools that find system vulnerabilities and implant viruses for monthly ransom collections.
Exploit kits like Angler, Blackhole, and Neutrino bundle multiple exploits, making it easy to inject ransomware into systems.⁴
Important Ransomware Facts and Statistics
As system administrators and IT teams adopt developing security tactics, attackers adapt to new opportunities, and ransomware continues to shapeshift. Targets for ransomware attacks have changed with time, as have attackers’ capabilities and the systems they use.
Ransomware Facts and Statistics You Should Know
You can report ransomware cases. If you or someone you know becomes a ransomware target, contact the FBI’s Internet Crime Complaint Center (IC3) to report the incident and provide details that might help fix the system.5 Reporting ransomware events helps authorities stop the virus from spreading to more victims and, in some cases, assists in tracing and detaining the criminals behind the attack.
Ransomware costs businesses much more than the ransom itself. Despite a projected average ransom cost of $6,500 in 2021, lower than in the past, the overall projected cumulative costs of the attack, from data loss and downtime, is a much higher average of $380,000!
Most ransomware spreads through user actions. For instance, ransomware gains access to new systems when a user visits dangerous websites, installs trojan-compromised software, or mistakenly clicks on fraudulent links.⁷
Ransomware Statistics for 2020-2021
In 2020, ransomware attacks decreased in number from 2019, reflecting a shift from spray-and-pray tactics to more sophisticated methods that allow attackers to home in on specific targets that they can demand higher ransoms from to generate higher payouts.⁸
It is estimated that a ransomware attack will take place every 11 seconds by 2021. This marks a substantial increase in prevalence of 20% compared to every 14 seconds as was predicted in 2019.⁹
In 2017, FedEx lost $300 million in its Q1 profit and lowered the yearly earnings due to the NotPetya ransomware attack that began destroying businesses in Ukraine before spreading worldwide.¹⁰
How to Protect Yourself from Ransomware
Although new forms of ransomware can prove to be formidable and costly to deal with, there are ways to protect your systems ahead of time and mitigate the risks they pose. The following are a few of the most common tactics organizations use to protect their systems from these attacks:
- Consistently creating secure backups. Not only should these backups be comprehensive to ensure they can restore system settings in full when needed, but they should also be stored in an offline environment to keep attackers from accessing them.
- Using powerful anti-malware solutions to detect threats quickly. Antivirus and anti-malware tools that can sandbox suspicious files help protect mission-critical systems from sneaky virus programs.
- Updating your systems regularly. Updates often contain security patches meant to protect against newly discovered threats. Installing these as they are created can go a long way toward protecting your data.
At Ciphertex Data Security®, we craft some of the most secure portable data storage systems available to help organizations safeguard their most valuable information. Both our direct and network-attached storage solutions feature stainless steel hardware and padlock protectors to effectively restrict physical access. Insulation and anti-vibration measures make up a particularly rugged storage solution that can be trusted over the long term. Reach out to our team at 818-773-8989 to learn more.
Sources:
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
- https://thehackernews.com/2018/08/tsmc-wannacry-ransomware-attack.html
- https://www.upguard.com/blog/ransomware-examples
- https://www.safetydetectives.com/blog/ransomware-statistics/
- https://www.cisecurity.org/blog/ransomware-facts-threats-and-countermeasures/
- https://pentestmag.com/ransomware-statistics-trends-and-facts-for-2020-and-beyond/
- https://dataprot.net/statistics/ransomware-statistics/
- https://www.reuters.com/article/us-fedex-results/cyber-attack-hurricane-weigh-on-fedex-quarterly-profit-idUSKCN1BU2RG