What is Ransomware?
How to Protect Yourself and Your Business
What is ransomware?
Ransomware is a form of malware, or malicious software, used to encrypt sensitive files held in business and personal devices, essentially locking users out of their own data or networks. Once deployed, the ransomware encryption restricts access to files and the victim receives a notice that a “ransom” must be paid to unlock the data or device. The ransom request often requires payment by Bitcoin or other types of anonymous cryptocurrency. Access to data is supposed to be restored once the ransom is paid and the hacker provides a decryption key. However, as is the case more often, the data is also stolen and exposed by the cyberthief who intends to cash in by selling it on the Dark Web.
Recently, there has been an escalation of ransomware attacks in the news, increasing by a staggering 715% during the pandemic. With the rapid shift to remote work by millions of Americans, and a 350% surge in phishing scams and fake websites, consumers and business are all at increased risk of ransomware attacks.
Why is ransomware increasing?
Ransomware is increasing in use because it works. One slip up by one user on a network will expose an entire organization to the malware attack. People and organizations will pay the ransom to “get it over with”, giving criminals a very easy way to make money without the hassle of breaking into bank accounts. But they may do that, too, if they obtain your financial or personal information during a ransomware attack.
Ransomware is another way for cyberthieves to get their hands on your Personally Identifiable Information (PII) while also extracting payment from organizations and individuals urgently trying to get back access to their data. Not every ransomware attack is labeled a data breach, but many do result in exposed data on the Dark Web. Likewise, not every data security incident is a reason to panic, even when research shows that nearly half of all companies around the world have experienced some type of data breach in the last 12 months. Breaches come in a variety of sizes, and personal data breach risk levels, and it is the total of this activity over time that paints a picture of your identity for cyberthieves that can impact your personal identity.
Ransomware attacks have cost U.S. businesses over $7.5 billion in losses, while also netting untold gains for hackers who sell the stolen data to other cybercriminals. Once your PII is in the hands of an identity thief, you become susceptible to more than a dozen types of identity theft and fraud.
How does a ransomware attack work?
- Infiltration. A ransomware attack often begins with spam or phishing emails that include an attachment disguised as a trustworthy file. Nowadays, the attack is easily disguised with COVID-19 messaging, holiday offers, and other current events where the recipient is more likely to click on the link. Ransomware is also spread through social engineering attacks (such as baiting or scareware), malicious downloads from fake websites, or by clicking on “malvertising,” a fake ad that contains the ransomware.
- Encryption. Once downloaded, the malware grants the hacker access to files on the devices. The hacker can then snoop around and search for valuable business and personal files, and encrypts them, leaving the victim with restricted access.
- Extortion. The files cannot be recovered without a decryption key known only by the attacker. When attempting to gain access, the victim will then find a message warning of the ransomware attack with instructions on how to complete the ransom payment, typically with a countdown of only a few days to heighten urgency and prompt victims to pay quickly.
- Removal (Maybe.) Even paying the “fine” doesn’t completely stop ransomware, because the malware remains on your device or computer until it is manually removed.
Who do hackers target with ransomware?
Both individuals and businesses can fall victim to ransomware, but hackers will often focus their attention on larger companies with large amounts of data and who need access to their files at all times. Organizations that have the ability to pay a high ransom, local government agencies, universities, and healthcare organizations are favorite targets of ransomware attacks. Businesses suffer a financial loss whether they pay the ransom or not. In 2019, 1 in 5 Small to Mid-Sized Businesses (SMBs) were targeted with ransomware, losing an average of $141,000 in business downtime alone. Victims who pay the ransom may lose between $84,116 and $1.4 million on average, depending on how much data is held hostage.
In October of 2020, in the midst of the coronavirus pandemic, the Federal Bureau of Investigation (FBI) released a warning that cybercriminals are increasingly targeting U.S. healthcare organizations in a wave of ransomware attempts. This not only puts medical patients’ health at risk, as it causes serious disruption of healthcare services but also puts their sensitive information at the mercy of cybercriminals.
Is a ransomware attack the same as a data breach?
Ransomware is the third most common malware attack, but ransomware attacks are not classified as a data breach until the data is maliciously exposed. A ransom payment may keep cyberthieves pacified, releasing their grip on an organization’s files without exposure. Data encryption may prevent a hacker from being able to download files at all, keeping them secure in the infected system but also unobtainable by the ransomware victim.
A ransomware attack does not immediately mean Personally Identifiable Information (PII) is exposed to identity thieves. However, more and more often security researchers are discovering that databases of PII and other sensitive information belonging to targeted organizations are posted for sale on the Dark Web, whether or not the ransom is paid to the hackers. This malicious act puts ransomware victims at risk of identity theft, tax fraud, medical identity theft, account takeover fraud, and more.
5 Ways to Protect Against Ransomware Attacks
- Always, always validate a link before clicking on it. Seriously, always. Even though online surfing can take you from news stories to kitten videos in mere seconds, build some time and deliberation into your quick-click tactics. Attackers rely on users who click on links in suspicious emails or fraudulent links on websites. Stop ransomware by making sure those links are legitimate before you surf.
- Back up your data regularly. If malware becomes so malicious that your device or computer will take time or professional help to remove, it’s useful to have your data accessible in a “clean version.” That way, if you have to wipe your entire device and start from factory settings, you won’t lose everything.
- Fine-tune your email spam filters. Common ransomware arrives in emails with attachments that have “.EXE” or “PDF.EXE” as a file extension. If you can filter files by extension, you can block email that includes that designation. If you use these types of executable files in your business, arrange for clients and colleagues to use password-protected ZIP files instead.
- Update your software. Just like you should always validate links, you should always install software updates and patches when they’re available. Security experts are constantly developing ways to stop ransomware, but those efforts won’t do you much good if you skip installing security patches that can close software vulnerabilities discovered by hackers.
- Use security tools. PC protection comes in many forms, from anti-virus to anti-phishing and antikeylogging, all designed to keep you safe from hackers and scammers. Worried about mobile security? Look for tools such as Mobile Attack Control that can warn you of rogue apps, spyware, fake networks, and other mobile risks. Consider a Virtual Private Network (VPN) for your mobile device to further enhance personal and financial safety online.
Protect Your Organization Against Ransomware Attacks
In addition to the personal protection guidelines to stop ransomware attacks as described above, follow these additional tips to reduce the risk of a successful ransomware attack on your business by way of your employees.
- Train employees to distinguish malicious emails. Employees are the first line of defense. Through continuous educational and engaging training, practice how to spot potentially malicious links, attachments and websites, and understand how to report issues to your IT department or InfoSec team.
- Keep software updated. Check for updates regularly on all your connected devices, and send reminders to remote employees, as software security patches are released often and can help to keep hackers out of your system and your accounts. All it takes is a single vulnerability in an outdated piece of software for a cyber thief to gain access to your computer or mobile device.
- Isolate infected devices immediately. Don’t give malicious code the opportunity to propagate across your business network, systems, and servers. Once a device has been identified as infected, disconnect it from the network immediately. Watch for infected mobile devices as well, with a service such as Sontiq’s Mobile Defense Suite that mitigates threats for the individual digital footprint and the enterprise. Mobile Defense Suite includes Mobile Attack View for IT and InfoSec teams, and Mobile Attack Control at the user level. Plus, Mobile Attack Recovery provides remediation steps and identity restoration services if a security incident leads to identity theft for your business, your employees, or your customers.
- Create a continuity plan. Have a disaster recovery plan in place along with a solution for backing up all business data on all systems and devices. Determine the data and systems that are vital to your business operations, and prioritize a backup and recovery plan accordingly. When you understand how a ransomware attack will affect your business and plan for contingencies, you can reduce the severity of an attack and recover that much quicker when it happens.
- Report the incident. If you are targeted by ransomware, be sure to report the incident to authorities, regardless of the outcome, such as the FBI’s Internet Crime and Complaint Center IC3 or the United States Computer Emergency Readiness Team (US-CERT). Also note that the FBI does not advise any person or business to pay a ransom in response to a ransomware attack, as there is no guarantee that you will get any data back from the cyberthieves.