Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.
The Evolution of Ransomware
Ransomware has been a threat to businesses since the 1980s and has gained increasing popularity.
A significant historical event of its use was the infiltration of participants' computer systems at the 1989 World Health Organization (WHO) Conference. A Harvard-trained doctor distributed a malware tagged the AIDs Trojan, which infiltrated computers and encrypted the data of participants at the WHO event.
Statistics show a 585% increase in the use of ransomware between 2008 and 2009. The dramatic increase can be traced to hackers discovering new ways to cover the financial trail and proceeds from every successful incident. Between 2000 and 2015, transactions moved from making payments through online drugstores and shady websites to cryptocurrency.
The success of blockchain and Bitcoin led to the increase in ransomware as a primary hacking tool. By 2015 there were approximately four million samples of ransomware floating around the dark web. As ransomware usage grew, the term Ransomware as a Service (RaaS) was coined. RaaS meant that anyone with criminal intent could purchase a different strain of ransomware for about $40. The ease of accessing and using ransomware led to a 172% increase in its use as a hacking tool by 2016.
How Does Ransomware Work?
Ransomware is delivered through either an online medium of communication, hard drive, or malicious websites. Online mediums of communication refer to e-mails, instant messaging applications, or video chat rooms. Cybercriminals deceive victims by introducing ransomware in communications that appear authentic with links that install the executable files that encrypt its host system.
Unlike brute force hacking attempts where specific systems or IT infrastructures are targeted, ransomware attacks are rarely targeted at specific systems. Cybercriminals apply a generic mailing approach by blasting out Ransomware-integrated information with the hope that something sticks. Thus, employee negligence plays a vital role in successful ransomware attacks.
A successful attack doesn't always have to lead to a ransom payment; hackers view undetected access through ransomware as successful due to the ability to continuously capture important personal or enterprise-related data from the host.
The most important thing to know is that an encrypted host must be decrypted using a mathematical key native to the ransomware used. Other strains of ransomware such as leakware or doxware exist. In scenarios where both strains are used, the hacker includes threats to publish encrypted data on the dark web or social media platforms to pressure the victim to pay the specified ransom.
Effects of Successful Attacks on Organizations
The effects of successful cyber-attacks including ransomware on business enterprises have been documented and the statistics are worrying. Successful breaches to small and medium-sized business lead to an average pay-out of approximately $83,000. Although law enforcement advice against making payments, approximately 40% of business owners take the payment step with the hope of limiting the damage to their brand and finances before the breach becomes public knowledge.
Ransomware encryptions also mean enforced downtime as businesses no longer have access to business operations. According to statistics, small to medium businesses lose approximately $8,500 per hour to the unplanned downtime caused by successful ransomware attacks. Downtime may also be the least of an SMBs worry, as approximately 60% of enterprises go out of business months after successful breaches to their IT infrastructure. The fear of losing entire business units is another reason why executives are willing to pay $20,000 to $50,000 to receive a decryption key after an attack.
How to Combat Ransomware
Successfully combating ransomware requires two major approaches; an enterprise-wide approach and an individual approach. The enterprise-wide approach involves developing a security strategy that ensures every software application and operating system used for business purposes stays updated. The application of security tools such as security information and event management (SIEM) or SOAR alongside internet security software ensures system health can always be tracked in real-time.
Enterprises can also limit access to suspicious websites from computer assets. This ensures that employees do not stray or mistakenly click links that redirect to compromised platforms. Creating a dedicated backup system ensures that in the event of a successful breach, a business does not have to function at the mercy of a cyber-criminal.
The individual approach to combating ransomware starts with educating employees about the dangers associated with ransomware. Cybersecurity training introduces employees to the risks of going through informal channels when using a company's IT resources. Extensive cybersecurity training prepares everyone within an enterprise to follow company-wide policies when utilizing IT resources.
Additional solutions include email protection that can help filter out spam and phishing email as well as encrypt communications.
Beyond a managed SIEM solution, endpoint detection and response is a frontline defense for organizations. Companies like SentinelOne provide an endpoint solution that focuses on ransomware and offers a ransomware warranty.
Preventing Ransomware attacks is the preferable option for dealing with a successful data breach because wrong decisions can be made in the heat of the moment. Taking advantage of cybersecurity solutions such as integrating a SIEM tool with an existing security operations center ensures an enterprise keeps track of its infrastructure in real-time. In the event a successful ransomware attack occurs, the last rule is never to pay the specified ransom but to contact your security service providers and the required authorities to deal with the incident.