What Is Ransomware?

What Is Ransomware?Ransomware is a pesky type of cyberattack that has the potential to cause a large loss of data and disrupt critical business functions. Hackers use ransomware as a means of extortion and can be tricky to eliminate. Sometimes used for political coercion, but most often for personal gains, ransomware can present a really annoying problem.

Ransomware Defined: A Brief Overview of Ransomware Attacks

Ransomware is a form of malware that functions by prohibiting access to a device or dataset. A merging of the terms ransom and software, the intended purpose is to prevent a person from accessing systems or files in exchange for a ransom. Today, that ransom is typically requested in the form of electronic payment or cryptocurrency.

These “hostage” situations have become more and more costly for organizations. This is not only because of the cost of the ransom, but also the cost of replacing old systems and recovering from lost functionality and operations.

Hackers are also becoming more adept at their trade and are both demanding ransoms for renewed access and extorting funds by threatening to go public with the data they’re holding. Forbes reports that ransomware payouts more than doubled in Q4 2019, making this a more prominent threat than previously seen.

How Does Ransomware Work and Spread?

Ransomware works by infecting a system and thus limiting access to its programs or files. Ransomware can infect a system through multiple channels:

  • Spam Email: Most often, ransomware is delivered via a spam email that infects the system when a link is clicked or an attachment is opened. When users click on the offending file, the ransomware is downloaded to their systems.
  • Malvertising: This is when a user clicks on a fake ad that downloads the ransomware.
  • Chat Messages: Ransomware can also be spread through users clicking on links in chat messages in various apps or even social media messages.
  • Social Engineering: Hackers gain passwords and other information to help them access systems and plant ransomware.

Most often, ransomware is an executable file that often tries to masquerade as harmless in a zip folder or by impersonating a legitimate file. Basic ransomware requires human action, while other more sophisticated ransomware attacks are able to spread without any human intervention. Once on a machine, ransomware begins its work encrypting data to make it inaccessible or removing the user’s access to files.

Types of Ransomware

Hackers have a choice as to what they’d like to hold hostage when it comes to these infections. In general, there are two types of ransomware:

  • Crypto Ransomware: Crypto ransomware encrypts files or specific programs to block access to particular software. In this scenario, users can still access a device, but they are locked out of the encrypted program or files.
  • Locker Ransomware: Locker ransomware refers to an infection that locks access to a device or system, making all system components inaccessible.

According to Deloitte, crypto ransomware is more prevalent and accounts for 64% of ransomware attacks, compared to 36% for locker ransomware.

Subsets of ransomware include the following:

  • Scareware: Scareware is a subset of locker malware that impersonates antivirus or malware removal software. Hackers use scareware to “scare” users into believing their systems have been compromised. At that point, hackers try to solicit money to remove the fake malware and then attempt to actually infect the systems.
  • Doxware: Doxware refers to a type of ransomware attack that is successful in obtaining sensitive information in addition to locking the device/dataset. Hackers demand ransom in exchange for not posting sensitive information for public viewing.
  • Mobile Ransomware: As the name implies, this type of ransomware is targeted to mobile devices in an attempt to obtain sensitive information or prevent a user from opening their device.

Significant Ransomware Attacks: A Stroll Down Ransomware Memory Lane

Ransomware attacks can be costly. Similar to real-life hostage situations, law enforcement always recommends not negotiating. That said, sometimes it makes more financial sense to organizations to engage rather than relent.

Here are some high-profile ransomware examples:

  • BadRabbit: BadRabbit was ransomware that largely impacted Russia and the Ukraine in 2017. Distributed through a Russian media outlet, the ransomware attack seemed designed to take down corporate networks related to news.
  • CryptoLocker: First appearing in 2013, CryptoLocker distributes malware through infected email attachments. It then finds and encrypts files on one device and spreads throughout the mapped network drives. Through asymmetric encryption, the attacker holds the key to unlock the files.
  • NotPetya: NotPetya was a ransomware attack that largely affected the Ukraine. Often attributed to the Russian government, NotPetya was used during political upheaval and targeted a tax and accounting software site. It’s believed to have been an attempt to disrupt financial systems in order to gain a physical advantage.
  • Ryuk: Ryuk ransomware is unique because it targets large organizations with critical assets that are often inclined to pay large ransoms. First discovered in 2018 when it disrupted publications for Tribune Publishing, Ryuk is often attributed with abnormally high ransom payments and a fairly large success rate.
  • WannaCry: One of the most significant modern ransomware attacks occurred in 2017. WannaCry impacted more than 150 countries and upwards of 230,000 users. The health care industry was hit the hardest, with the ransomware attack affecting more than one-third of all health trust in the United Kingdom. This attack left a bill of more than $4 billion worldwide.
A timeline of significant ransomware attacks, including BadRabbit, NotPetya and WannaCry.

How to Prevent and Protect Against Ransomware: Boosting Your Protections

Many types of malware infect your systems through phishing techniques or pop ups. To prevent ransomware attacks, only open email attachments or click links if they originate with a trusted source. Also be on the lookout for spoofed email addresses. Review content and don’t respond if the message seems out of character for the sender.

Keep an eye out for social engineering tactics, a known skillset for experienced ransomware hackers. Don’t give out personal details if you have received an unsolicited email or phone call. Never give out password details, and avoid discussing personal information with unverified callers.

Other best practices for avoiding ransomware include regularly updating systems to take advantage of vulnerability patches and installing reputable virus and firewall protections. Also, avoid using public Wi-Fi networks.

Finally, a robust backup and recovery strategy can reduce the risk that comes from ransomware. While most companies have a backup plan in place, it is important for backups to be comprehensive across all devices and performed regularly.

How to Remove Ransomware: Effective Methods for Combatting Malware

Removing ransomware is no easy feat. Reversing file encryption is almost mathematically impossible without the encryption key that is held in stead by the bad guys. Occasionally a decryptor can be used to crack the offender, but more often than not, you have to take the approach of removing the ransomware with the understanding that you may be sacrificing your data.

To fully remove the ransomware, you will likely have to restore a clean backup. While you may lose data, this could be the only removal strategy to prevent the spread to other files.

What’s the Difference Between Ransomware vs. Malware vs. Social Engineering vs. Phishing?

Ransomware, malware, social engineering and phishing all encompass different forms of ill-intentioned cyberattacks.

  • Malware is a general term formed by the words “malicious” and “software” that describes different types of software intended to compromise systems, obtain sensitive data or gain unsanctioned access to a network.
  • Ransomware is a category of malware where attackers use various methods to encrypt your data, making it inaccessible, or bar you from entry to a particular system or device. Attackers then demand a ransom in exchange for reinstating your access.
  • Social Engineering, by contrast, is a method used to extract sensitive details by way of human manipulation. With social engineering, hackers connect with users while pretending to represent a legitimate organization and seek to ascertain critical information such as account numbers or passwords.
  • Phishing is a form of social engineering that involves email, phone, text or illegitimate websites. In both instances, the collected information is used to access protected accounts or data.

While our guide acts as an introduction into the threats posed by ransomware, this is by no means an exhaustive list. Ransomware and the cybersecurity world change on a daily basis, and attacks are becoming increasingly sophisticated. The best way to combat cyberattacks is to stay informed about the latest attacks.

Read more about Cybersecurity.

Tags : Cybersecurity