The Face of Cybercrime is Changing….
But let’s get serious, the spread of ransomware is reaching epidemic proportions. In the last year alone, there was a 41% increase in ransomware attacks, costing businesses in Canada and the US billions of dollars, with the average ransom demand reaching upwards of $190,000 USD.
Yet, many users are completely unaware of the danger lurking behind every email they open and every site they visit. And many are confused about this type of malicious software. So, what exactly is ransomware?
The Real Deal About Ransomware
Ransomware is a computer hacker attack. The perpetrator infects your device with malicious software (or malware), in an attempt to encrypt all the files on your system or network, to the extent that they are no longer readable (aka. usable).
There are many types of malware that can be used, for instance, computer viruses. However, unlike a simple computer virus, ransomware takes it one step further.
After locking you out of your device or systems, the cybercriminal will then contact you, and for a fee (usually paid in bitcoin), they will offer you the encryption key, which is essentially a password that allows you to unlock your files and make them readable again.
The “fee”, or ransom, can vary from a few hundred dollars to tens of thousands of dollars, dependent upon the size of your corporation.
If you work for a company that has been victimized, you know firsthand how crippling it can be. It can lead to a loss of data, days of downtime, lost revenue, and a whole lot of uncertainty.
The Root Causes of Ransomware
So, where does ransomware come from?
First off, most ransomware attacks are “user installed”.
That doesn’t mean a user knowingly downloaded malicious software. It means the end-user is the focus. They provide the entry point that allows the ransomware to gain a foothold in their computer systems. This is often done by “tricking” the user into downloading or installing the ransomware.
There’s a common misconception that this type of attack originated from countries with little to no control over internet usage.
And while the actual attacks may originate in Nigeria, the Balkan states, China, or North Korea, the bulk of it is crafted right here on this side of the pond.
Over 50% of all malware comes from the US, which is then packaged and sold on the “dark web”.
Common Causes of Ransomware Attacks
Now that the questions, “What is Ransomware?” has been answered, how do you protect yourself from these cyberattacks?
Ransomware can show up in a number of different ways. Some are clever and some are obvious. But it is almost always unleashed by an unsuspecting user.
Here are three of the most common places where ransomware can be hidden:
#1 Email Attachments
This is how it starts…
An email arrives with an attachment or attached photo, and a message that leads you to believe it’s in your best interest to open the file. It may disguise itself as an invoice, an account statement, a document, or spreadsheet.
Ransomware generated emails often appear to come from someone you know and trust.
The message usually urges you to act immediately because you are late with a payment or need to provide information so you can receive payment.
But the attachment is the payload and the moment you click on it, you execute the program and you are infected.
#2 Phishing Links
You receive an email that appears to come from a trusted establishment, like a bank or financial institution. It urges you to follow their link to the institution’s website.
In actuality, the link is merely “baiting” you, by sending you to a cleverly disguised website where a malware script runs in the background.
Sometimes the link invites you to download an attachment, much like scenario #1. Again, the email, the website or even the attachment may seem legit. However, the end result is the same. You’re now infected with ransomware.
#3 Unauthorized Network Breach
In this scenario, a hacker gains direct access to your network through a resource such as a Terminal Server (which is remotely accessed), or poorly patched servers and internal websites.
A network breach is almost always a result of weak passwords and malicious “bots” that work relentlessly until they find a working username and password.
It can take time, but these “bots” can be extremely effective and if the attacker has an army of them, they can just sit back and wait for the results.
Be Cautious, Be Careful and Beware of Ransomware Sources
As you can see, ransomware attacks come in many forms and are often triggered by simple, innocent acts, such as opening an attachment or email link. Once initiated, ransomware can cost weeks of downtime, the loss of important data and exorbitant ransom sums that can reach into the millions.
But the best way to arm yourself is to know how to spot a potential attack. Be cautious about where and when you click and be suspicious of any link you’re sent, even if it seems to come from a trusted source.
It’s also recommended to have proper security in place, strong passwords, and regular data backups, along with a disaster and continuity plan in case your IT systems become compromised by ransomware.