Ransomware has been around for decades with the first reported example being versions targeting the medical sector in the late 1980s. This sector remains a target to this day with hospitals and other medical facilities being impacted almost daily.
What is Ransomware?
Ransomware is a type of malware that is designed to hold your data to ransom, typically by encrypting the data with a secret key that only the attacker has.
After encrypting the data on your disk, the attacker then shows a prominent message that reveals how you can pay and the amount required to release the data, typically within a time period that requires an urgent response.
Failure to pay results in the key used to encrypt the data being deleted and no amount of financial compensation can recreate the key.
The First Wave
The first versions of ransomware were created by attackers who used their own tools and techniques to encrypt the disk. The effectiveness of these attacks was reliant upon the skills of the attacker and whilst crude, most were successful over the years and with a proven business model in extracting money from the ransomware, a new variant on the technique evolved with the attackers using ‘as a service’ encryption tools that were purchased on the hidden or ‘dark’ web.
As a result, the attacks have become harder to defeat and one of the most successful was the ‘Petya’ ransomware variant in 2016. Petya encrypted and locked essential operating system files that would render a PC unusable unless the ransomware was paid. Petya was used by cybercriminals extensively, however, it is only one of many in the class of ‘as a service’ ransomware attacks.
Ransoms are typically paid for in Bitcoin, a digital currency that is hard (but not impossible) to trace. It is often reported that the criminals who perform this activity have excellent customer service skills and will respond to requests for help on how to pay with response times that leave many customer services companies to shame.
However, whilst some attackers have excellent service, paying a ransom is no guarantee that you will receive the key and leaves you with the doubt that if the attacker was able to encrypt the data once, that they can do it again.
Whilst paying the ransom may look the most attractive option, the United States takes a dim view to paying ransoms for data and has recently restated the penalties for doing so, in part because some of the criminal gangs are associated with or are located in, countries that are part of a sanction’s regime. Paying a ransom is seen as an act that provides material support for terrorism.
As organisations have become better at defending against ransomware, attackers have adopted another approach. In addition to locking your data away, they can also export the data out of your organisation and threaten to release it. Whilst for many, this is not a concern, it can result in loss of reputation or fines if personally identifiable data is released to the public.
Recent attacks have included Garmin in the US, where services were not available for an extended period of time and Toll Freight in Australia who reportedly suffered two attacks within a month. Whilst customers may have short memories, and the system unavailability may only cause a short period of reputational damage, the financial impacts of addressing the attack can last far longer. The costs associated with rebuilding, recreating or starting from scratch can be ruinous.
Delivery and Defence
Ransomware is delivered in a number of ways, the most common method being a user clicking a link or opening an infected email. Defending against it requires both a technological and personnel driven approach.
Whilst people are our most valuable asset; they are often thought of as the weak point in any IT security review. This can be turned around with repeated training and exposure to the techniques that attackers use. A good cybersecurity training platform can help train and guide staff on the correct actions to take when they receive an unexpected email or locate a discarded USB thumb drive, for instance.
Endpoint protection on every system should be able to detect threats and nullify them at the point of infection. The very best systems should be able to rollback attacks that evaded initial detection and use machine learning and artificial intelligence to identify threats as they take place and not rely on the experiences of others to detect new threats.
Finally, should our people and endpoint protection be defeated, a resilient backup system that is impervious to attacks and does not rely on humans for remote offsite backups should be able to restore your systems in seconds and not hours. Using a combination of all three will protects a business against the rapidly evolving threats from cybercriminals.
Start protecting yourself today!
It’s never too late to seek a good Managed Service Provider, especially one who specialises in Cybersecurity Services. We are sure the last thing you want is to be caught out wishing you had of done something sooner! Talk to Future Computers today to see what we can do for your business!Contact Us Now