You’ve probably seen articles about a recent cyber attack on LinkedIn or while scrolling through your social media news feed, and think that ransomware is limited to email scams like phishing.
But in this article, we’re going to address different types of ransomware attacks, how they’re growing in complexity and demand, and how you can protect yourself from these increasingly clever and potentially business-ending cyber attacks.
What Is Ransomware?
Ransomware is malicious software that holds files or devices hostage using encryption and malicious software to block user access until the victim pays a ransom in exchange for a decryption key. Ransomware has been a prominent threat to enterprises and individuals since the mid-2000s. According to Cybersecurity Ventures, global ransomware damage costs are predicted to exceed $5 billion in 2017, which is up from $325 million in 2015.
Norton Antivirus, a powerhouse protection organization that works to fight ransomware attacks, defines ransomware in layman’s speak as this:
The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.
Ransomware is the online form of the bully’s game of keep-away. The bully could hold your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, right in front of you, but they’re encrypted now, making them unreadable. In 2017, the average ransom demand was US $522 — a high price to pay for getting your own property back.
Ransomware can come in many shapes and sizes. Some variants may be more harmful than others, but they all have one thing in common: a ransom. The five types of ransomware are:
- Crypto malware. This is a well-known form of ransomware and can cause a great deal of damage. One of the most familiar examples is the 2017 WannaCry ransomware attack, which targeted thousands of computers around the world and spread itself within corporate networks globally.
- Lockers. This kind of ransomware is known for infecting your operating system to completely lock you out of your computer, making it impossible to access any of your files or applications.
- Scareware. This is fake software that acts like an antivirus or a cleaning tool. Scareware often claims to have found issues on your computer, demanding money to resolve the issue. Some types of scareware lock your computer, while others flood your screen with annoying alerts and pop-up messages.
- Doxware. Commonly referred to as leakware, doxware threatens to publish your stolen information online if you don’t pay the ransom. As more people store sensitive files and personal photos on their computers, it’s understandable that many individuals panic and pay the ransom when their files have been hijacked.
- RaaS. Otherwise known as “Ransomware as a Service,” RaaS is a type of malware hosted anonymously by a hacker. These criminals handle everything from distributing the ransomware and collecting payments to managing decryptors — software that restores data access — in exchange for their cut of the ransom.
Given the advancement of ransomware and attack campaigns, it’s not surprising that the most significant ransomware attacks have occurred in recent years. Ransom demands are also increasing, with reports indicating average demands hovered around $300 in the mid-2000s, but are averaging about $500 today. Usually, a deadline is assigned for payment, and if the deadline passes, the ransom demand doubles or files are destroyed or permanently locked.
CryptoLock was a profitable ransomware participant around 2013. Between September and December 2013, CryptoLocker infected more than 250,000 devices and earned more than $3 million for its creators before the Gameover ZeuS botnet, which was used to perform the attacks, was taken off the internet in 2014.
Its encryption model was eventually dissected; now there’s software available online to recover encrypted files compromised by CrytoLocker. CryptoLocker’s decease led to the rise of several other ransomware variants, including CrytoWall and TorrentLocker.
The latest step is the emergence of ransomware as a service or RaaS. CrytoWall, one of the most sophisticated ransomware strains has brought in $325 million in profits, according to the Cyber Threat Alliance.
RaaS is designed to be user-friendly and deployable by anyone with minimal hacking knowledge. These users download the virus, set a ransom and payment deadline, then try to trick someone into infecting his or her computer. If the victim pays the ransom note, the original scripter gets a cut.
This cut is usually around 5% to 20%, and the rest goes to the “Script Kiddie” who set the bait for the attack. As a result of making software that is free and easy to use, the creators of a RaaS attack can profit off of a large number of attacks by taking a small cut from every infection. This is a win-win for both parties.
Another unique ransomware variant is Jigsaw. One of its most standout features is its dramatic and daunting imagery that pops up on the infected device’s screen. The ransomware features an image of a puppet, from the Saw film series, with the instructions on how to pay the ransom in bitcoin.
Jigsaw is also set apart by its ability to delete files at intervals. This ransomware works on a timeline, after every hour that the ransom is not paid, Jigsaw will delete more files. If you try to shut down your system or stop the process in any way, Jigsaw will delete 1,000 files, thus making it very difficult to recover the system without paying the ransom.
Cyber criminals are recognizing that smaller attacks can be replicated easily and can be used against larger corporations to demand more substantial amounts of ransom. While not every attack is profitable, it only takes a small percentage of successful attacks to produce plentiful revenue for cyber criminals.
How To Protect Yourself
The best ways to protect yourself from malicious ransomware attacks is to:
- Back up your data regularly.
- Make sure all of your software is up to date.
- Know what phishing emails look like.
- Recognize ransomware bait. Check out our webinar: The Fundamentals Of Cyber Security And How You Can Protect Yourself to find out how.
- Have an IT Support company proactively protecting you from ransomware.
Businesses and users should consider automated data backups and software updates and learn about various ransomware distribution tactics — such as phishing attacks. Everyone using an internet-connected device today should be aware of these fundamental cybersecurity practices.
The bottom-line: Partnering with a Managed Service Provider is an excellent way you can take a proactive approach of protecting your business. Knowing you have someone who specializes in data breach prevention and protection can give you the piece of mind you need to excel in your business.