What is Ransomware and how does it work?
Ransomware is a form of malicious software that encrypts the target’s files, making the target unable to access their data. It blocks access to a system, device, or file until a certain amount is paid to the hacker. It is an illegal moneymaking scheme that can be installed through deceptive links in an email message, instant message or compromised website. A ransomware attacker will demand a fee to target the decryption key to re-access their software. Typically, fee demands are in bitcoin and can range from hundreds, to thousands, to hundreds of thousands of dollars.
Ransomware works by encrypting files on the infected system (crypto ransomware), threatening to erase files (wiper ransomware), or blocking system access (locker ransomware) for the victim. The ransom amount and contact information for the cyber threat actor (CTA) is typically included in a ransom note that appears on the victim’s screen after their files are locked or encrypted. Sometimes the CTA only includes contact information in the note and will negotiate the ransom amount once they are contacted. The demand is usually for cryptocurrency, such as Bitcoin, and can range in price. It is not uncharacteristic to see multi-million-dollar ransom demands in today's threat landscape.
How is Ransomware Spread?
Doesn’t this kind of thing only happen to large companies?
No. With larger companies getting the majority of the headlines when they suffer ransomware attacks, small businesses may believe that they’re less at risk. This is simply false. Almost 50% of small businesses have experienced a ransomware attack. That said, hackers often target small businesses due to the relative lack of internal controls and security procedures. Additionally, most small businesses are more likely to pay a ransom to get their systems up and running again.
One example is of a small start-up company in Europe sold high-end products online. Their IT security controls didn’t go beyond what came with their systems. One day, an employee errantly opened a PDF that seemed to be from someone internal. The PDF downloaded the malicious software, and the company was locked out of all of its systems. They later received an email stating that they would get their data back if they paid 15K in cryptocurrency. The hackers kept threatening the company by repeatedly sending email demands. The company ultimately didn’t pay the hackers; however, they lost just as much if not more money than the ransom. Consider the cost of their systems being down and the cost of the workforce to increase their internal controls, and it's easy to calculate why.
Is this a growing problem?
Yes. In recent years cybercriminals have been selling their software to other cybercriminals, for them to employ against the business of their choice. RaaS, or ransomware-as-a-service, is one of the reasons that this threat type has risen so drastically in recent years. It is inexpensive code that the Dark Web seller puts up for as little as $10 that can infiltrate a target business and launch ransomware onto a system.
As 2022 projects a continuation of these trends, ransomware continues to be a prevalent attacker. Organizations need a security posture that’s prepared against the increasing likelihood of a ransomware attack.
How do I stand a chance?
Some key preventative measures you can take with your company:
- Store backups off the network and test regularly to ensure integrity
- Implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g., phishing, social media)
- Run organization-wide phishing tests to gauge user awareness and reinforce the importance of identifying potentially malicious emails
- Have regular security assessments conducted by an IT professional
- Choose IT managed services from a professional IT service firm
We can help!
Cybersecurity is crucial to protecting your business from a ransomware attack. With the steady increase of ransomware attacks in recent years, evolving crypto-related scams and the proliferation of dark web services, you must find ways to keep your organization safe. Contact America One today or schedule a 10-minute call below to assess your security. Ensure that you have the right tools in place to repel and prevent a cyber attack. Call (781)-356-3535.