What Is Ransomware?

Today the world has become increasingly aware of the threat of cyber attacks and data breaches, but not all organizations know how to defend themselves against them. Systems breaches great and small have more than doubled in the past five years, and the attacks have grown in both sophistication and complexity. 

From DDoS to ransomware attacks, a cyberattack can have devastating consequences for a brand. Not only does it lead to a loss of consumer confidence, but the manner in which a company handles an attack can also have a significant impact on the business’s bottom line and reputation.

In this article, we’ll take a bird’s-eye view at what ransomware is, who it targets, and how it works so you can work to defend you and your organization from future attacks.

What Are Ransomware Attacks

Ransomware is a type of malware that encrypts data, making it impossible for the owners of that data to access it unless they pay a hefty fee. In March 2017, the WannaCry virus spread independently through the networks of unpatched Microsoft Windows devices, leaving thousands of computers infected and making off with a total of 327 payments.

Ransomware has cost businesses more than $75 billion per year in damages (Datto), Ransomware remains the most common form of cyberattack. By the end of 2016, 12.3 percent of global enterprise detections were ransomware, while only 1.8 percent of consumer detections were ransomware worldwide. By 2017, 35 percent of small and medium-sized businesses had experienced a ransomware attack of some kind.

According to a Kaspersky Labs report, cybersecurity statistics show ransomware attacks were launched from within more than 190 countries, with financial services the second most targeted industry after healthcare.

Not only are banks at high-risk, but cities and municipalities are as well. In August 2019, 23 local government organizations in Texas were hit by a coordinated attack, likely from a single threat actor. In June 2019, the state of Florida was also hit hard by ransomware attacks, and in just one month no less than three Florida municipal governments were attacked by Emotet, TrickBot, and Ryuk ransomware.

How Ransomware Attacks Happen

Phishing is a common type of cyberattack that’s often used to steal user data, including login credentials and credit card numbers. Phishing occurs when an attacker tricks an unsuspecting victim into opening a malicious link, leading to an installation of malware which then freezes the system as part of a ransomware attack. This can have devastating results on a business.

One of the major news stories of 2013 was the Target data breach that affected 110 million users, including 41 million retail card accounts. It turns out that cybercriminals did not attack Target directly. They targeted a third-party HVAC vendor, which had trusted access to Target’s servers. Upon compromising FMS’s servers, gaining complete access to Target’s was simple.

Types of Ransomware Attacks

As far as ransomware goes, there are three primary kinds of ransomware. Each ranges in severity from mildly to code-red dangerous. Let’s break them down now:

Scareware Attacks

Scareware is actually not as scary as it sounds. This kind of attack is primarily supposed to seem scary when in reality the victim is safe until it provides unwarranted access. Scareware usually includes rogue security software and tech support scams, such as pop-up messages claiming that malware was discovered and the only way to get rid of it is to pay up. 

If an individual does nothing, they’ll likely continue to be bombarded with pop-ups while all files remain essentially safe. A legitimate cybersecurity software program would never solicit customers this way. If you don’t already have this company’s software on your device, then it would not be monitoring you for ransomware infection, plain and simple.

Screen Locker Attacks

When lock-screen ransomware gets access to a device, it means the user is frozen out of their PC entirely. Usually, when victims turn on their computer a large window appears, accompanied by an official-looking US Department of Justice seal stating illegal activity has been detected and the user must pay a fine. 

However, any official department who suspects illicit activity would simply not freeze someone out of their computer or demand payment. If they suspected piracy, child pornography, or other cybercrimes, any official office would go through the appropriate legal channels.

Encrypted Attacks

Encrypting ransomware is the type of ransomware that can cause real harm and lasting damage. Commonly deployed against small businesses and other larger organizations, the attack works by snatching up large sets of files and encrypting them, demanding payment in order to redeliver. 

The main reason this type is so dangerous is that once cybercriminals get a hold of sensitive data, no security software or system restore can get them back unless the ransom is paid. Even if an organization does decide to pay up, there’s no guarantee cybercriminals will provide the files back safely.

Conclusion

As we have already seen, 2020 will have many cyberthreats to contend with - many due to COVID-19. Trojans such as Emotet and TrickBot had successful runs last year and we can expect them, or other multi-purpose malware like them, to make a comeback.

While it may seem hopeless and at times even impossible, the good news is it’s not. There are a few key steps every organization can take to protect its digital landscape.  To protect sensitive digital assets, it’s good to start with the basics, like getting organized, understanding attack and breach implications.

But protecting digital assets comes with its own set of unique challenges and proper preparation is required to thwart off and defend against these kinds of attacks. By having safely guarded cryptographic keys and organizational data - and a proper programmable HSM and KMS in place to protect them - organizations can protect themselves against incoming ransomware attacks by preventing them from happening in the first place.