When Joseph Popp wrote and released the world’s first extortion computer virus, the AIDS trojan, he set forth a wave of similar creations capable of crippling the output of even the world’s largest corporations.
Ransomware now represents a major threat for most businesses that rely on digital technology to fuel their daily processes. Cyber criminals looking to make money quickly turn to ransomware to scare victims into paying them large sums via untraceable payment methods. Navigating this new, evolving space and keeping data secure at all times is a must for most modern businesses, but this is easier said than done.
What Is Ransomware?
To combat ransomware, you must first understand it. Luckily, ransomware is not a terribly tricky concept to comprehend. In fact, according to the FBI,¹ ransomware is simply malicious software designed to block a user’s access to their own digital files, systems, or networks until they pay a ransom to do so.
Ransomware can take many different forms, depending largely on the type of system it is designed to infect. However, other factors may play a large part in deciding the behavior and format of ransomware. For instance, a ransomware program designed to infect a niche banking platform is likely to differ significantly from a program meant to make PC users forward payments to an anonymous destination.
Ransomware is also known to remain hidden from intended targets when it is first installed, only appearing when there is an opportunity to lock them away from particularly sensitive or valuable data they would have a hard time replacing. While the exact actions of a particular ransomware may vary depending on factors like those mentioned above, most share a number of unique capabilities that differentiate them from other forms of malware.
What Does Ransomware Do?
Ransomware first breaches a user’s or administrator’s machines and networks and encrypts files and data, making them inaccessible to the user but leaving them accessible to the hacker in order to force the victim to pay a ransom to regain access and security. Such attacks are generally carried out using a type of computer virus known as a trojan, and many of these leverage obscure vulnerabilities in target systems to bypass defenses.
How Ransomware Infects a System
Ransomware may leverage many different techniques to take control of your machine. From replacing existing files with malicious ones to exploiting rare operating system susceptibilities, each unique form of ransomware finds its own way onto suitable host systems.
The most common tactics and susceptibilities used by ransomware to gain access and control of targeted systems are:
- Out of Date Software
Software that is out of date or in need of an update poses significant security risks for those who continue to use it. Ransomware designers can take advantage of known bugs and unpatched security holes through which a virus can be implanted and propagated.
In the well-known case of the “WannaCry” worldwide ransomware attack in May 2017, a vulnerability within an outdated Windows operating system being used by the National Security Agency (NSA) was used to infect machines exposed to a local network, resulting in billions of dollars in damages.²
- Infected Software
Infected programs can make their way onto a user’s operating system completely unnoticed. Programs obtained from unofficial sources or even from official sources that have been compromised can contain the code needed for a ransomware attack to unfold.
In a phishing scam, cyber-criminals trick email recipients into clicking links that execute malicious code or leak the recipient’s sensitive information. When used to spread ransomware, phishing can be quite effective.
CryptoLocker, a ransomware trojan that targeted Windows operating systems in 2013 and 2014, leveraged phishing techniques to transmit code to a large number of computers, leading to ransomware takeovers that netted fraudsters at least $3 million in extorted funds.³
- Exploit Kits
Many ransomware programs like “exploit kits” are automatized software that look for vulnerabilities of a compromised system and implant viruses allowing hackers to automate a monthly ransom collection process.
Exploit kits such as Angler, Blackhole, and Neutrino gather many different exploits into a single solution, allowing criminals to inject ransomware code onto many different types of systems with ease.⁴
Important Ransomware Facts and Statistics
As system administrators and IT teams adopt developing security tactics, attackers adapt to new opportunities, and ransomware continues to shapeshift. Targets for ransomware attacks have changed with time, as have attackers’ capabilities and the systems they use.
Ransomware Facts and Statistics You Should Know
Ransomware cases can be reported. If you or someone you know has been targeted by a ransomware attack, you can contact the FBI’s Internet Crime Complaint Center (IC3) to report the incident and provide details that could help fix your system.⁵ Reporting ransomware events can help authorities stop the virus from spreading to more victims and, in some cases, could even assist in tracing and detaining the criminals behind the attack.
Ransomware costs businesses much more than the ransom itself. Despite a projected average ransom cost of $6,500 in 2021, lower than in the past, the overall projected cumulative costs of the attack, from data loss and downtime, is a much higher average of $380,000!
Most ransomware spreads through user actions. For instance, ransomware gains access to new systems when a user visits dangerous websites, installs trojan-compromised software, or mistakenly clicks on fraudulent links.⁷
Ransomware Statistics for 2020-2021
In 2020, ransomware attacks decreased in number from 2019, reflecting a shift from spray-and-pray tactics to more sophisticated methods that allow attackers to home in on specific targets that they can demand higher ransoms from to generate higher payouts.⁸
It is estimated that a ransomware attack will take place every 11 seconds by 2021. This marks a substantial increase in prevalence of 20% compared to every 14 seconds as was predicted in 2019.⁹
In 2017, FedEx lost $300 million in its Q1 profit and lowered the yearly earnings due to the NotPetya ransomware attack that began destroying businesses in Ukraine before spreading worldwide.¹⁰
How to Protect Yourself from Ransomware
Although new forms of ransomware can prove to be formidable and costly to deal with, there are ways to protect your systems ahead of time and mitigate the risks they pose. The following are a few of the most common tactics organizations use to protect their systems from these attacks:
- Consistently creating secure backups. Not only should these backups be comprehensive to ensure they can restore system settings in full when needed, but they should also be stored in an offline environment to keep attackers from accessing them.
- Using powerful anti-malware solutions to detect threats quickly. Antivirus and anti-malware tools that can sandbox suspicious files help protect mission-critical systems from sneaky virus programs.
- Updating your systems regularly. Updates often contain security patches meant to protect against newly discovered threats. Installing these as they are created can go a long way toward protecting your data.
At Ciphertex Data Security, we craft some of the most secure portable data storage systems available to help organizations safeguard their most valuable information. Both our direct and network-attached storage solutions feature stainless steel hardware and padlock protectors to effectively restrict physical access. Insulation and anti-vibration measures make up a particularly rugged storage solution that can be trusted over the long term. Reach out to our team at 818-773-8989 to learn more.