It’s a nightmare scenario: Your computer, with all its crucially important information and files, is held hostage by an extortionist you can’t bargain with. All you can do is pay the ransom they’re demanding and hope that they deign to restore access to your system so that you can return to life as normal. Albeit with fewer dollars in your bank account.
A nightmare in the sense that this is the worst fear of many computer users? Absolutely. A nightmare in the sense that it’s just a bad dream you’ll wake upfrom? Sadly not. Ransomware attacks are on the rise — from headline-grabbing cyber attacks like WannaCry to smaller ones that are nonetheless capable of causing major headaches (or worse) for those that they target.
What is a ransomware attack? How do they work? And what, if anything, can you do about them?
What is a ransomware attack?
In a ransomware attack, the target’s computer or device is infected with malicious “malware” software that gains access to their data or system. It then blocks access to these files, holding them hostage by encrypting them unless the victim pays up — often via Bitcoin or another cryptocurrency — to gain access to the decryption key.
The first known ransomware attack was carried out in 1989, and is referred to as the AIDS Trojan, AIDS Info Disk or PC Cyborg Trojan. Coming years before many people got regular access to the internet, this ransomware was distributed on 20,000 floppy disks by Dr. Joseph Popp, a Harvard-trained anthropologist who worked as an AIDS researcher. The software purported to analyze a person’s risk of acquiring AIDS using a questionnaire. But it also included malware that demanded money to be paid for the program. If not, it warned that certain “mechanisms will adversely affect other program applications.”
Since then, malware has advanced in different ways. These include the approach used for spreading malware once it is installed on a computer, the sophistication of the software and its encryption abilities, the amount that is demanded as ransom, and the method by which it makes it onto a target’s computer (referred to as an “attack vector”). In some instances,BlackMatter ransomware attacks find their way onto a target’s computer through email attachments. In others, it could be pop-ups on a website, auto-downloads using a messaging app, compromised pirated software online, or more. This evolution is driven by advances in computer security systems, such as spam filters in email systems. This has prompted the rise of so-called spear phishing attacks in which messages are accompanied by personal details to make it appear personalized to one person or a small group of individuals.
What remains the same is the overall goal on the part of the attacker. It is all about holding a person’s computer files hostage for financial gain.
Ransomware attacks, broad and focused
To date, one of the largest and most devastating ransomware attacks was the WannaCry ransomware attack in 2017. This worldwide cyberattack, thought to have originated from North Korea or agencies working in the country, targeted computers running the popular Microsoft Windows operating system. Although the attack was ended within a few days when Microsoft released emergency patches and researchers discovered a kill switch to stop the malware spreading further, it nonetheless infected more than 200,000 computers in 150 countries. Total damages supposedly ranged from hundreds of millions of dollars to billions of dollars. It helped to underline just what a major threat malware can pose.
Some attacks will target particular sectors, allowing attackers to potentially specialize their ransomware in order to be particularly harmful. For instance, the Ryuk malware attacks Windows operating systems and has targeted organizations such as the Onslow Water and Sewer Authority (OWASA), the National Veterinary Associates, and more. Reprehensibly, hospitals have also been targeted with ransomware attacks, requesting tens of thousands of dollars (or even more) in exchange for restoring access to computer systems needed for patient data, communication, and more. While such attacks are not always successful in extracting the money they demand, they are particularly dangerous since they have the impact to affect lives.
Unsurprisingly, many ransomware attacks will target businesses — both large corporations and smaller businesses. These attacks frequently demand more money due to attackers’ belief that companies will place a higher premium than individual civilians on the value of their data. They may also be willing to shell out money to solve a problem rapidly so as to avoid unnecessary downtime that could impact customer loyalty or their ability to offer the services they provide.
Things get even worse
Even when ransoms are paid, however, there is no guarantee that things go back to normal. As well as helping to exacerbate the problem of ransomware attacks by proving to attackers that they can work for generating money, in many cases people who pay the money still do not gain full access to their data again.
One other recent wrinkle in ransomware attacks involves cyber criminals stealing data. In some cases, this data may be stolen discretely and used to help facilitate future attacks. In others, hackers threaten to leak stolen data unless a ransom is paid. Ransomware groups behind attacks such as Maze and Sodinokibi have demonstrated willingness to publish private information in the event that they are not paid. This tactic is likely to be increasingly commonplace — adding a horrible dose of blackmail alongside the routine extortion of ransomware attacks.
Protecting against ransomware
Safeguarding against ransomware is a must for any individual, organization or business. Proactive measures include steps like understanding what your most valuable data is and making regular backups of it, ensuring you keep systems updated with the latest security patches, and ensuring that you (and anyone who works for you) understands the type of attack vectors commonly used to install ransomware software.
But it’s also worth calling in the professionals, and doing so before you have a problem that needs solving. File protection systems that protect sensitive files and take other preventative measures to halt ransomware attacks are out there. Whichever security company you decide to go with, make sure that they have an established history of dealing with ransomware attacks and offer the solutions that you need to put your mind at ease — and your computers free from extortion attempts.