This is the first article in a two-part series on Ransomware and the Small/Midsize Business. Click through to view part two: How Can Ransomware Be Prevented?
Have you ever stopped to think about just how much we rely on data? From online banking and electronic medical records to streaming media and digital communication, nearly every aspect of our lives is dependent on data in one way or another—and that dependence is only growing. Indeed, DOMO reports that over 2.5 quintillion bytes of data are created each and every day. What’s a quintillion, you ask? 1,000,000,000,000,000,000.
Yeah, it’s a lot.
Just as our dependence on data continues to grow, so too have efforts to exploit that dependence. Widely considered to be one of the fastest growing cyber security threats, ransomware is the data equivalent of kidnapping: The bad guy takes something you love (i.e. access to your files) and demands payment to return it.
At its core, ransomware is a type of malware that encrypts data on infected systems, allowing criminals to lock down a victim’s files—or worse, the victim’s entire network. Unlike other types of malware, ransomware is distinguished in the way it demands payment, usually in the form of cryptocurrency. What’s more? The untraceable nature of these currencies makes it difficult to bring ransomware attackers to justice.
So, how does Ransomware work?
Ransomware is typically organized into families. Each family has its own unique variants, but almost all of them use an AES algorithm to encrypt a victim’s files. These files are then held in limbo pending payment. $1,000 is a fairly standard ransom, but that number can be much higher in an attack on a large organization.
Regardless of the target organization’s size, ransomware is typically distributed in one of two ways:
- Spam – Once easy to spot, spam has proved an effective method of spreading ransomware—and cyber attackers are becoming increasingly sophisticated in their tactics. One relatively new tactic is the use of social engineering, whereby attackers trick their victims by posing as a friend, colleague, or local government entity.
- Exploit Kits – Exploit kits are software packages that identify and exploit vulnerabilities in an organization’s IT environment. In this type of attack, the hacker installs code on a legitimate website that redirects victims to a malicious site, meaning that unlike spam, this method doesn’t require any action from the victim.
What’s the moral of this story? Ransomware isn’t totally preventable even when you remove the element of human error. For business owners, this is a scary thought. Scarier still is the fact that ransomware is accessible even to low-level hackers with little technological experience. With minimal barriers to entry, it’s no surprise that security experts have identified more than 16 million unique strains of ransomware.
What are the differences between all these strains? Below is a list of several of high-profile ransomware families:
- CryptoLocker – Distributed through spam and exploit kits, CryptoLocker extorted nearly $3 million from victims in 2013-14
- CryptoWall – A distant cousin to CryptoLocker, CryptoWall copies itself into Microsoft temp before it begins encoding files.
- CTB-Locker – Also related to CryptoLocker, CTB-Locker gained notoriety in the way it allowed hackers to outsource the infection process to partners in exchange for a cut of the profits.
- Locky – Distributed through a massive spam campaign, Locky was implicated in more than 5 million malicious emails over a two-day span in 2016.
- TeslaCrypt – Distributed through an Angler exploit kit, TeslaCrypt attacks Adobe vulnerabilities and installs itself into Microsoft temp.
- TorrentLocker – Employed geographically targeted spam campaigns that exploited email contact lists to spread the ransomware.
- KeRanger – Though limited in distribution, KeRanger is notable for being the first fully functioning ransomware designed for Mac OS X applications.
- Petya – Unlike other forms of ransomware, Petya does not encrypt files and instead overwrites the master boot record, leaving a system unbootable.
- WannaCry – Estimated to have affected over 125,000 organizations across the globe, WannaCry targets Windows machines through a Microsoft exploit known as EternalBlue.
The sheer amount of ransomware out there can be intimidating, but there are ways to protect yourself and your business. Contact our team to schedule a comprehensive risk and backup assessment today.