Ransomware is a type of malware from cryptovirology – the study of using cryptography to design malicious software, that threatens to lock out a victim's access to or publish their personal data unless a ransom is paid.Essentially, ransomware uses encryption to hold a user or organization’s critical information at ransom. The data is encrypted in such a way that it is very difficult or impossible for the victim to access their information, files, data or even applications. In recent ransomware attacks, the malware has been designed to completely shutdown or disable an entire organization. Fujifilm Holdings Corp for example, was attacked by the REvil ransomware gang using the Qbot trojan and forced to shut down some of their servers no less than a month ago. Ransomware has become a growing threat and is more prominent in mainstream media as cybercriminals generate billions of dollars and do irreversible damage to businesses and government alike.
How does ransomware work?
Ransomware uses asymmetric encryption using a pair of keys to encrypt and decrypt files. A public-private pair of keys are generated by the attacker. The private key is stored on the attackers server and is required to decrypt the victims data. The attacker holds the private key ransom. Typically most ransomware exploits are as follows:
- The malware gains access to a device often distributed through email spam or targeted attacks
- Ransomware establishes presence on the device, it executes a malicious binary or piece of code that searches and encrypts important data on the device. It may also search for more vulnerabilities to spread to other devices or entire organizations
- After the files are encrypted, the malware demands ransom from the victim within a given time frame threatening loss of data
- If the organization does not have its data backed up, then the victim may have to pay the ransom to recover their sensitive information
What should you know about ransomware?
Both consumers and organizations should be aware that ransomware attacks are on the rise but also that there are measures you can take to mitigate ransomware as a threat. Because of cryptocurrency, it has now become more difficult (but not impossible) to trace cybercriminals than before.Over the last year, ransomware attacks were up 150% year-over-year and the amount paid by these victims increased by 300%. The costs of ransomware attacks across the globe are expected to exceed $265B by 2031.
Ransomware attacks are becoming more sophisticated, from holding entire companies' servers hostage, to shutting down the Colonial Pipeline Network. Colonial Pipeline ended up paying a $4.4 million ransom last month. JBS, a large meat supplier, ended up paying $11 million earlier this month according to Forbes.
Why are ransomware attacks on the rise?
Ransomware attacks have been increasing significantly since the start of the pandemic for many reasons. Here are a few:
- Malware kits are easily available and can be used to make new kinds of malware
- New encrypted techniques are making it easier to carry out ransomware attacks
- Ransomware marketplaces are available online making it easy for nearly anyone to carry out an attack while giving a cut of the ransom to the malware authors – in these cases, cybercriminals do not need to be tech savvy
- Cybersecurity malpractices as more employees work remotely using different or unsecure networks
- No strategy to secure business or organizational networks as new technology is implemented
- Many businesses are relying solely on backups and not putting security measures in place
How can businesses prevent ransomware attacks?
These attacks are continuing to become a headache for many companies and proper security measures must be put in place to prevent them. Here are a few tips to get started:
- As a starting point businesses “should shore up cyber defences” (Biden), and create a robust IT/cybersecurity protocol. Backing up your data is also key but should not be solely relied on
- Know where your data is and secure backups on separate servers so that your backup does not suffer from the same attack
- Use secure networks or VPNs and limit administrative rights on devices to your employees
- Keep your software up to date
- Implement a security awareness program
- Call an expert
These tips should help better your understanding and how to prevent ransomware in the future. If you do not have resources in house to set up a robust IT security or cyber security plan at your business, we suggest considering hiring a consultant who can help you build a manageable plan that works well for your business.