Ransomware Basics
What is Ransomware?
Ransomware, or ransom malware locks users out of their device or just certain files which can only be decrypted in exchange for a ransom. Back in the 1980s when ransomware attacks were just beginning to appear, cybercriminals would accept payment by mail. However, today payments are made via cryptocurrencies like Bitcoin. In the early days of ransomware, cybercriminals mostly targeted individuals, but gradually shifted to targeting businesses small and large which offered a higher pay out. You don’t even need to be especially technologically talented to become a ransomware attacker now with the growth of ransomware-as-a-service (RaaS).
In order to stage a ransomware attack, cybercriminals first need to be able to gain control of your files or network. This can be done via social engineering and phishing tactics where a cybercriminal would impersonate someone in a position of authority or a trusted organization in an attempt to have you disclose vital confidential information that will grant them access to your or your organization’s network. Ransomware gangs can also exploit existing system weaknesses and gain access this way. Once they have found a way in, they are able to move throughout your network undetected, which is why it’s essential that you encrypt your data and have a backup that’s not located on your network.
Types of Ransomware
Cybercriminals use three types of ransomware for most attacks: scareware, screen lockers and encrypting data. Each type is more dangerous than the last, which is why we have provided a brief description of each along with the tell-tale signs associated with them.
Scareware uses security software and tech support scams. Targets usually will receive pop-up messages explaining that their device has been infected with malware which can be fixed for a fee. This ransomware attack is mostly harmless: if you’re willing to put up with multiple pop-ups your data is safe. For this attack, cybercriminals are depending on your fear of malware so you’ll pay the ransom without checking to see if your device has been infected.
Ransomware gangs can sometimes impersonate cybersecurity software that you have purchased in an attempt to trick you into paying the ransom. However, keep in mind that a legitimate cybersecurity software provider will never demand a fee in exchange for a service – you’re already paying for them to protect your device - so if your device IS infected, it’s their job to fix it based on the fee you initially paid in order to have the software set up.
If you don’t already use a cybersecurity software, these pop-ups are a clear indication of a scam. Cybersecurity software that you haven’t purchased won’t monitor your network – they will never send you a message explaining that a threat has been detected – and they will never demand a fee to fix that threat outside of initially purchasing the software.
Lock Screen is used to lock you out of your device or deny access to certain programs or files. Once a cybercriminal gains access to your device or network, they won’t let you access it, often using a full screen message imitating an FBI or official-looking seal which claims that due to illegal activity, your device has been frozen and in exchange for a fee it can be unlocked.
Something to keep in mind should you receive this kind of messaging: the FBI or other jurisdictional bodies will not lock you out of your device and demand a ransom. They will pursue formal legal action should illegal content be found on your device or network.
Encryption is the type of ransomware you’ve probably heard of before since it’s the most effective and promises the greatest payout if it’s successful. It involves encrypting files and demanding payment in exchange for the decryption key. The problem is, once a cybercriminal gains access to your files, there is no course of action that would guarantee their return or that the cybercriminals cooperate with you. Even if you pay a ransom, the criminals aren’t obliged to return your data to you.
To learn more about how encryption works, check out our blog Data Encryption and Ransomware.
Ransomware Cyber Threat Landscape for Businesses
As ransomware groups become more organized and methodical in their attacks, the threat for organizations continues to grow. With the increased availability of RaaS, more cybercriminals are able to conduct sophisticated attacks. RaaS authors are able to recruit ransomware gangs to implement the attacks, creating two distinct groups of ransomware cybercriminals: those who create it and those who implement it.
SMBs are targeted specifically because they may lack a robust security team or the funds to protect them from an attack. But it’s not just SMBs that need to worry about ransomware attacks – ransomware groups target organizations that they believe may be slacking or have less developed security measures – which also includes large organizations and enterprises. We have only to look back at some of the most detrimental ransomware attacks this year to see that ransomware gangs are not concerned so much with the size of the business as with the potential pay out and lacking security measures.
Ransomware groups may not even target your organization directly but may attack a supplier or subcontractor. In July of this year, the IT solutions developer, Kaseya, was targeted among many other organizations in a ransomware attack conducted by REvil. While the CEO reports that “less than 0.1% of the company’s customers were [affected] in the breach,” it’s estimated that 800 to 1,500 SMBs may have been affected as a result of their affiliation with Kaseya.
Ransomware Attacks Timeline 2021
2021 was a record year for ransomware attacks, and some ransomware groups were more prolific than others. We created a timeline listing the bigger attacks as well as the ransomware groups responsible for committing them.
What Can Businesses Do to Prevent Ransomware Attacks?
Phishing Simulations: One of the top ways ransomware gangs gain access to your network and confidential files is through phishing attacks. Our research shows that while people often know what a phishing attack is, they struggle to identify one in practice. Phishing simulations that resemble real phishes that your organization has experienced train teams to recognize and report those threats before they become a real issue.
Encrypt Your Data: As discussed in our last blog, if your data has already been encrypted, cybercriminals can’t steal it. While they can encrypt it using their own algorithm, your confidential information is safe from their prying eyes.
Keep a Backup: Even if you have followed the first two steps, ransomware gangs can still encrypt your files and lock you out of your confidential information. Keeping a backup is a great way to still have access to these files in the event of a ransomware attack. A backup that is stored in a network separate from the one used by your organization is an even more secure step in keeping your information safe and accessible.
Did you find this blog helpful? Make sure to share it with your teams and colleagues to foster a positive and knowledgeable cybersecurity culture.