Ransomware
Ransomware is a malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyber attackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. Some variants have added additional functionality – such as data theft – to provide further incentive for ransomware victims to pay the ransom.
Ransomware has quickly become the most prominent and visible type of malware. Recent ransomware attacks have impacted hospitals’ ability to provide crucial services, crippled public services in cities, and caused significant damage to various organizations.
Why Are Ransomware Attacks Emerging?
The modern ransomware craze began with the WannaCry outbreak of 2017. This large-scale and highly-publicized attack demonstrated that ransomware attacks were possible and potentially profitable. Since then, dozens of ransomware variants have been developed and used in a variety of attacks.
The COVID-19 pandemic also contributed to the recent surge in ransomware. As organizations rapidly pivoted to remote work, gaps were created in their cyber defenses. Cybercriminals have exploited these vulnerabilities to deliver ransomware, resulting in a surge of ransomware attacks.
What forms of ransomware are there and what does that mean for you?
The threat posed by ransomware depends on the variant of the virus. The first thing to consider is that there are two main categories of ransomware: locker ransomware and crypto ransomware. These can be distinguished as follows:
- Locker ransomware – basic computer functions are affected
- Crypto ransomware – individual files are encrypted
The type of malware also makes a significant difference when it comes to identifying and dealing with the ransomware. Within the two main categories, distinctions are made between numerous additional types of ransomware. These include, for example, Locky, WannaCry, and Bad Rabbit.
How Ransomware Works
In order to be successful, ransomware needs to gain access to a target system, encrypt the files there, and demand a ransom from the victim. While the implementation details vary from one ransomware variant to another, all share the same core three stages:
- Step 1. Infection and Distribution Vectors
- Step 2. Data Encryption
- Step 3. Ransom Demand
Tips for Avoiding Ransomware
The best way to avoid being exposed to ransomware—or any type of malware—is to be a cautious and conscientious computer user. Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click on.
Other tips:
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organization is the victim of a ransomware attack.