What Is Cybersecurity?
Learn what cybersecurity is and understand the definitions of different types of threats.
Ransomware is a pesky type of cyberattack that has the potential to cause a large loss of data and disrupt critical business functions. Hackers use ransomware as a means of extortion and can be tricky to eliminate. Sometimes used for political coercion, but most often for personal gains, ransomware can present a really annoying problem.
Ransomware is a form of malware that functions by prohibiting access to a device or dataset. A merging of the terms ransom and software, the intended purpose is to prevent a person from accessing systems or files in exchange for a ransom. Today, that ransom is typically requested in the form of electronic payment or cryptocurrency.
These “hostage” situations have become more and more costly for organizations. This is not only because of the cost of the ransom, but also the cost of replacing old systems and recovering from lost functionality and operations.
Hackers are also becoming more adept at their trade and are both demanding ransoms for renewed access and extorting funds by threatening to go public with the data they’re holding. Forbes reports that ransomware payouts more than doubled in Q4 2019, making this a more prominent threat than previously seen.
Ransomware works by infecting a system and thus limiting access to its programs or files. Ransomware can infect a system through multiple channels:
Most often, ransomware is an executable file that often tries to masquerade as harmless in a zip folder or by impersonating a legitimate file. Basic ransomware requires human action, while other more sophisticated ransomware attacks are able to spread without any human intervention. Once on a machine, ransomware begins its work encrypting data to make it inaccessible or removing the user’s access to files.
Hackers have a choice as to what they’d like to hold hostage when it comes to these infections. In general, there are two types of ransomware:
According to Deloitte, crypto ransomware is more prevalent and accounts for 64% of ransomware attacks, compared to 36% for locker ransomware.
Subsets of ransomware include the following:
Ransomware attacks can be costly. Similar to real-life hostage situations, law enforcement always recommends not negotiating. That said, sometimes it makes more financial sense to organizations to engage rather than relent.
Here are some high-profile ransomware examples:
Many types of malware infect your systems through phishing techniques or pop ups. To prevent ransomware attacks, only open email attachments or click links if they originate with a trusted source. Also be on the lookout for spoofed email addresses. Review content and don’t respond if the message seems out of character for the sender.
Keep an eye out for social engineering tactics, a known skillset for experienced ransomware hackers. Don’t give out personal details if you have received an unsolicited email or phone call. Never give out password details, and avoid discussing personal information with unverified callers.
Other best practices for avoiding ransomware include regularly updating systems to take advantage of vulnerability patches and installing reputable virus and firewall protections. Also, avoid using public Wi-Fi networks.
Finally, a robust backup and recovery strategy can reduce the risk that comes from ransomware. While most companies have a backup plan in place, it is important for backups to be comprehensive across all devices and performed regularly.
Removing ransomware is no easy feat. Reversing file encryption is almost mathematically impossible without the encryption key that is held in stead by the bad guys. Occasionally a decryptor can be used to crack the offender, but more often than not, you have to take the approach of removing the ransomware with the understanding that you may be sacrificing your data.
To fully remove the ransomware, you will likely have to restore a clean backup. While you may lose data, this could be the only removal strategy to prevent the spread to other files.
Ransomware, malware, social engineering and phishing all encompass different forms of ill-intentioned cyberattacks.
While our guide acts as an introduction into the threats posed by ransomware, this is by no means an exhaustive list. Ransomware and the cybersecurity world change on a daily basis, and attacks are becoming increasingly sophisticated. The best way to combat cyberattacks is to stay informed about the latest attacks.
Read more about Cybersecurity.