Ransomware is a type of malicious software (malware) that is used to encrypt files, drives or entire computer systems. This includes mobile devices, laptops, desktops, servers, etc. In addition to blocking the user from accessing their now encrypted data, there is also a demand to pay a ransom using untraceable cryptocurrency. Attackers promise that once payment is made, they will provide the affected user with a decryption key that will restore their files to an unencrypted state.
Do not take the threat of ransomware lightly. While historically not as prevalent as other forms of cyber-attacks, global numbers are on the rise. The impact of a successful attack on a business or individual goes beyond the cost of the ransom itself. For example, individuals and companies may experience loss of productivity due to system downtime, the cost of replacing compromised devices, permanent loss of critical customer/personal data as well as classified or proprietary data, and data privacy fines associated with regulations such as the GDPR and others.
The very first recorded ransomware attack was known as the AIDS Trojan which demanded payment of US$189 to US$378. This attack occurred in 1989 and was executed using 20,000 infected floppy disks. This attack was spearheaded by Dr Joseph L. Popp, PhD, as an attack on the healthcare industry which today ranks amongst the top targets for ransomware attacks.
Ransomware attacks have evolved since that time and are far more sophisticated and mainly rely on remote attacks which typically combine exploitations of one or more platform-specific vulnerabilities. What this means is that present-day ransomware is capable of spreading faster through the ever-connected Internet of Things (IoT), enable obfuscations to combat reverse-engineering, evade detection, change system configurations and permanently delete encrypted data.
One of the most common methods today is through malicious emails (Phishing). These emails might include malicious attachments, such as PDFs, Word documents or links to malicious websites and will come off as legitimate messages from friends or other trusted sources to trick you into clicking the attachments or links. Other methods include physical hardware breaches and website spoofing.
While there exists no fail-safe way of preventing ransomware attacks, it is important that we stay prepared for all eventualities. The recommended strategy involves two overarching principles:
BONUS: If infected with ransomware, DO NOT PAY the ransom. It only encourages attackers to continue and helps to fund their efforts. Even if the ransom is paid, there is no guarantee they will give you a decryption key to regain access to your data.
Lomar Lilly is an Information Security Consultant who is a certified CompTIA Security Analytics and Secure Infrastructure professional. He is passionate about the field of cybersecurity and provides support on multiple IT Security augmentation projects.