Watching or reading the news today, one might come across the phrase “ransomware” coming up a lot more often lately. With recent ransomware attacks affecting infrastructure, fuel, and supply chains, it seems as if ransomware is more pervasive than it has been in the past. Early in 2021, the Colonial Pipeline—one of the largest fuel distributors on the east coast of the United States—suffered a ransomware attack that forced them to temporarily shut down their operations, adversely affecting everyone from the company to consumers. That was in May. Since then, additional ransomware attacks have hit meat suppliers, schools, hospitals, and other organizations in what seems to be becoming an epidemic. In the face of uncertainty, what can we do about ransomware and how do you prevent it from hurting your company? A lot of the answer comes down to being proactive and learning as much as you can about the issue at hand. The first step to a winning strategy for any battle is knowing your enemy. Today, we’re going to talk about what ransomware actually is, how it affects its victims, and how to attenuate the damage from a ransomware attack. Check it out below.
Ransomware attacks occur most often via phishing emails or drive-by downloads. The former is where an email masquerades as something legitimate and entices a user to click on it. Once the user does so, a dangerous malware payload gets downloaded onto the computer, sometimes containing ransomware. It can also happen through drive-by downloads when a user unknowingly contracts ransomware by visiting an infected website. There are other ways it can happen, too, such as security breaches and clicking an ad that downloads ransomware, but these are the most common and insidious. But what is ransomware? In short, it’s a type of malware that encrypts your most important files (both local and network storage), demanding some sort of payment to get the decryption for the files. It’s essentially a form of extortion and the only way to recover information without a decryption key is to restore it from a backup. Ransomware is pervasive these days and although the FBI recommends victims don’t pay the ransom so as to avoid emboldening the attackers, ransoms still get paid out and more ransomware attacks occur as time goes on.
How Ransomware Affects Its Victims
The effects of a ransomware attack can manifest themselves in different ways. You might lose access to your data temporarily in the best case or permanently in the worst case. Ransomware attacks can also shut down an entire company’s operations if it’s severe enough. Worse, if your company pays the ransom, you’re simply out that money whether they release the decryption keys or not! Financial loss can also come with a business interruption and following a ransomware attack, your company’s reputation will likely be tarnished. It’ll also force you to re-think your security measures and cause a headache of restoring your system from backups.
Types Of Ransomware
Part of understanding the ransomware threat is getting a handle on what types of ransomware are out there in the world. There are a few to know about. They are:
Symmetrical encryption – The attacker uses a single key for both encryption and decryption. This is not very common anymore.
Asymmetrical encryption – This can happen on either the client or the server-side of the attack. On the client-side, the attacker uses a public key for the encryption and a private key for the decryption. On the server-side, an attacker sends a private key to their own server, deleting it from local storage.
Hybrid encryption – This uses a mix of all three of the previous techniques to really wreak havoc on the target’s system. A symmetric key will encrypt the files. Then the software will make keys on both the client and server-side. The former encrypts the symmetric kye while the latter encrypts the client-side key and sends it to the attacker. In this scenario, the attacker is combining methods to create an intricate encryption scheme that is difficult to remedy without reversing the chain.
In the past few years, more variants have emerged. Some common attack programs from the past include WannaCry (a worm that targeted Windows 7 systems and encrypted documents), GandCrab (untargeted attacks that try to infect as many computers as possible), CryptoLocker, and Ryuk are all ransomware that’s wrought plenty of havoc over the past few years. Lately, Ransomware as a Service (RaaS) – where ransomware is sold to attackers online – is a growing problem that doesn’t show any signs of stopping soon.
The Dangers And Toll Of Ransomware
So, what kind of damage can ransomware do to its victims? The short answer is: plenty. It can cripple an entire system or business and temporarily shut down an entire pipeline. It’s especially prevalent in the healthcare, education, finance industries, and government. It hits mobile phones, too. In the past year alone, more attacks are being perpetrated this way. Ransomware attacks are happening a lot more often. In 2021, there’s a ransomware attack in progress approximately every 11 seconds. Worse, 3/4 of all ransomware victims typically lose access to their data for two or more days and 67% of all businesses affected by an attack actually lose some portion or the entirety of their data. One in five of those businesses never get their data back, even if they pay the ransom. The dangers associated with ransomware are very real and they’re getting worse over time. That’s why educating and protecting yourself is absolutely vital whether you work remotely from home or commute to an office each day.
Protection Against The Ransomware Threat
Unfortunately, there isn’t a comprehensive solution to preventing ransomware, but you can take several essential steps to prevent it from becoming a problem in the first place. Begin with getting incredibly vigilant about what you’re doing online. Only open emails from trusted sources and avoid visiting shady, unsafe websites. Install a firewall and use an antivirus that incorporates artificial intelligence and machine learning to add an additional layer of protection. Consider using multi-factor authentication for logging into your systems. Disable remote access. Use DNS-based content filtering to help identify potential threats. And finally, make backups often! Keep one copy of your backups off-site. Backups are the most important protective measure you can take against ransomware, so be vigilant and do what you can to guard against ransomware today.