<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

What is Ransomware?

what is ransomware

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.
 

The Evolution of Ransomware

 

Ransomware has been a threat to businesses since the 1980s and has gained increasing popularity.

A significant historical event of its use was the infiltration of participants' computer systems at the 1989 World Health Organization (WHO) Conference. A Harvard-trained doctor distributed a malware tagged the AIDs Trojan, which infiltrated computers and encrypted the data of participants at the WHO event.

Statistics show a 585% increase in the use of ransomware between 2008 and 2009. The dramatic increase can be traced to hackers discovering new ways to cover the financial trail and proceeds from every successful incident. Between 2000 and 2015, transactions moved from making payments through online drugstores and shady websites to cryptocurrency.

The success of blockchain and Bitcoin led to the increase in ransomware as a primary hacking tool. By 2015 there were approximately four million samples of ransomware floating around the dark web. As ransomware usage grew, the term Ransomware as a Service (RaaS) was coined. RaaS meant that anyone with criminal intent could purchase a different strain of ransomware for about $40. The ease of accessing and using ransomware led to a 172% increase in its use as a hacking tool by 2016.

 

 

How Does Ransomware Work?

 

Ransomware is delivered through either an online medium of communication, hard drive, or malicious websites. Online mediums of communication refer to e-mails, instant messaging applications, or video chat rooms. Cybercriminals deceive victims by introducing ransomware in communications that appear authentic with links that install the executable files that encrypt its host system.

Unlike brute force hacking attempts where specific systems or IT infrastructures are targeted, ransomware attacks are rarely targeted at specific systems. Cybercriminals apply a generic mailing approach by blasting out Ransomware-integrated information with the hope that something sticks. Thus, employee negligence plays a vital role in successful ransomware attacks.

A successful attack doesn't always have to lead to a ransom payment; hackers view undetected access through ransomware as successful due to the ability to continuously capture important personal or enterprise-related data from the host.

The most important thing to know is that an encrypted host must be decrypted using a mathematical key native to the ransomware used. Other strains of ransomware such as leakware or doxware exist. In scenarios where both strains are used, the hacker includes threats to publish encrypted data on the dark web or social media platforms to pressure the victim to pay the specified ransom.

 

 

Effects of Successful Attacks on Organizations

 

The effects of successful cyber-attacks including ransomware on business enterprises have been documented and the statistics are worrying. Successful breaches to small and medium-sized business lead to an average pay-out of approximately $83,000. Although law enforcement advice against making payments, approximately 40% of business owners take the payment step with the hope of limiting the damage to their brand and finances before the breach becomes public knowledge.

Ransomware encryptions also mean enforced downtime as businesses no longer have access to business operations. According to statistics, small to medium businesses lose approximately $8,500 per hour to the unplanned downtime caused by successful ransomware attacks. Downtime may also be the least of an SMBs worry, as approximately 60% of enterprises go out of business months after successful breaches to their IT infrastructure. The fear of losing entire business units is another reason why executives are willing to pay $20,000 to $50,000 to receive a decryption key after an attack.

 

 

How to Combat Ransomware

 

Successfully combating ransomware requires two major approaches; an enterprise-wide approach and an individual approach. The enterprise-wide approach involves developing a security strategy that ensures every software application and operating system used for business purposes stays updated. The application of security tools such as security information and event management (SIEM) or SOAR alongside internet security software ensures system health can always be tracked in real-time.

Enterprises can also limit access to suspicious websites from computer assets. This ensures that employees do not stray or mistakenly click links that redirect to compromised platforms. Creating a dedicated backup system ensures that in the event of a successful breach, a business does not have to function at the mercy of a cyber-criminal.

The individual approach to combating ransomware starts with educating employees about the dangers associated with ransomware. Cybersecurity training introduces employees to the risks of going through informal channels when using a company's IT resources. Extensive cybersecurity training prepares everyone within an enterprise to follow company-wide policies when utilizing IT resources.

Additional solutions include email protection that can help filter out spam and phishing email as well as encrypt communications.

Beyond a managed SIEM solution, endpoint detection and response is a frontline defense for organizations. Companies like SentinelOne provide an endpoint solution that focuses on ransomware and offers a ransomware warranty.

 

Conclusion

 

Preventing Ransomware attacks is the preferable option for dealing with a successful data breach because wrong decisions can be made in the heat of the moment. Taking advantage of cybersecurity solutions such as integrating a SIEM tool with an existing security operations center ensures an enterprise keeps track of its infrastructure in real-time. In the event a successful ransomware attack occurs, the last rule is never to pay the specified ransom but to contact your security service providers and the required authorities to deal with the incident.

Upgrade your cybersecurity strategy click here

Topics from this Article

Endpoint Detection and Response, Cyber Insurance, Email Security, Phishing, Cybercrime, Ransomware, Endpoint Protection

Datashield
Datashield
Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are reaping the benefits of securing operating systems and deployed IT infrastructure.

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.

Datashield Announces Partnership with Bishop Fox

Two cybersecurity powerhouses partner to provide defensive and offensive security services to boost enterprise companies’ security posture. Scottsdale, Ariz.— Datashield, a Scottsdale-based cybersecurity company, recently inked its partnership with offensive security services firm Bishop Fox. Both companies are based in Arizona and provide outsourced cybersecurity services to top Fortune 500 companies.