What is a ransomware attack?

What is a ransomware attack?
Has your organisation ever been held to ransom? No matter how large or secure your organisation is, ransomware is still a severe threat. Here’s what you, as a board member, need to know about file-encrypting malware and how it works. 

Ransomware definition

Ransomware is a form of malware (malicious software) that encrypts a victim’s computer files. The attacker then asks the victim to pay a ransom to regain access to the stolen data. 

Instructions are usually provided on how to pay a fee to get the decryption key. Depending on your organisation’s resources, it can cost anywhere from a few hundred euros to millions of euros. Cybercriminals often want to be paid in Bitcoin.

What is a ransomware attack, how does it work?

There are several ways ransomware can access a computer. A typical delivery method is a phishing spam – attachments posing as files that the victim should trust but are actually phishing emails. When they are downloaded and opened, they can gain access to the victim’s computer.

Others, such as NotPetya, exploit security vulnerabilities to infect computers without having to trick the user.

Once the malware has taken over the victim’s computer, it might do several things, but the most common one is encrypting their files. 

What is crucial to remember is that without a mathematical key only known to the attacker, the files cannot be decrypted. 

The user is told that they can no longer access their files and can only decrypt them by paying the attackers (usually in Bitcoin).

An attacker may also threaten to leak sensitive data unless they are paid a ransom. This is known as ‘leakware’.

Who is a target for ransomware?

Everyone is a potential target for a ransomware attack. Ransomware attackers may see some organisations as tempting targets because they appear more likely to pay quickly. 

Government agencies and hospitals, for example, need access to their files immediately. 

Firms with sensitive data, like law firms, may be willing to pay to keep information about an attack under wraps.

However, don’t let this make you feel safe simply because you don’t fit these categories: some ransomware spreads automatically and without a target.

How to prevent ransomware

You can take several defensive steps to prevent ransomware infections. As a matter of general security practice, following these steps will increase your defences against all kinds of attacks:

  • Make sure your operating system is patched and up-to-date to prevent vulnerabilities.
  • If you don’t know what the software does, don’t install it or give it any administration rights.
  • Install an antivirus program that detects malware and whitelisting software that prevents unauthorised applications from running.
  • Don’t forget to back up your files frequently and automatically. Even if it doesn’t stop a malware attack, it can reduce the harm caused by one.

Ransomware removal

​​Many ransomware attacks have shifted from stealing to disrupting operations. If your computer system has been infected by ransomware, you’ll have to regain control. 

First, make sure you consult with an IT expert. It’s essential to keep in mind that you can remove malware from your computer and restore it to your control, but this will not decrypt your files. 

The malware makes your files unreadable, and depending on how sophisticated it is; it will be mathematically impossible to decrypt them without the attacker’s key. 

In fact, by removing the malware, you have prevented the possibility of regaining your files by paying the attackers the ransom. So, be careful. 

Should you pay the ransom?

What should you do if you have been infected with malware and cannot recover essential data from your backup? Should you pay the attackers?  

According to the logic and advice of most police forces, you shouldn’t pay ransomware attackers since you don’t want the hackers to create more ransomware. 

The vast majority of organisations infected by malware quickly stop thinking about the ethics of the situation and do a cost-benefit analysis. What is the cost of the ransom to the amount of data they are losing?

Trend Micro research shows that 66 per cent of companies say they never pay the ransom out of principle, but 65 per cent actually do pay the ransom once they’re attacked.

If your business is attacked, you, as a board member, must keep in mind that you are dealing with criminals, and you have to make a call. 

Ransomware attacks are rising, with an estimated $350 million paid out in ransom in 2020. Here’s a good, short video by CNN explaining what you need to know and how to prepare yourself if an attack targets you.

Ransomware examples

Some of the worst ransomware attacks have been:

  • Sodinokibi targets Microsoft Windows systems and encrypts all files except configuration files. 
  • A ransomware malware discovered in January 2020 is named Thanos. 
  • At its peak, the 2013 CryptoLocker attack infected up to 500,000 machines.
  • The first widespread ransomware attack to target mobile devices was SimpleLocker.
  • EternalBlue, an exploit developed by the NSA and stolen by hackers, spread the WannaCry virus autonomously from computer to computer.
  • First discovered in 2017, Leatherlocker locks the home screen to prevent access to data rather than encrypting files.
  • In 2017, Bad Rabbit expanded across media companies in Eastern Europe and Asia.
  • SamSam was released in 2015, and mainly targets healthcare organisations.
  • Ryuk was first discovered in 2018 and targets vulnerable organisations such as hospitals.
  • The ransomware group Maze, which is relatively new, releases stolen data if its victims don’t pay to decrypt it.
  • RobbinHood is another EternalBlue variant.
  • GandCrab may be the most lucrative ransomware ever. Cybercriminals bought the program from its creators and have reaped an estimated $2 billion+ in ransoms since its launch.