Ransomware. We have all heard about it, seen it on the news and have heard that this is something that can massively impact our devices and organisation, but what exactly is ransomware? When and how did it begin? What can we do to mitigate our risk of falling victim to a ransomware attack?
To answer these questions, let’s look into the past, present and future of ransomware. This article will give you the information you need to be clued up on how to ensure your business does not fall prey to this malicious, cyber-criminal tactic.
Ransomware:
noun
A type of malicious software that prevents the use of a system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid.
So, who is the primary target of a ransomware attack? Well, everyone! If your business handles and processes data, then you are a target to a cyber criminal. Don’t fall victim to this tactic by thinking, “Well, we are only an SME, cyber criminals only target huge organisations, there is no chance we will suffer from an attack or data breach.” SMEs are, in fact, more at risk than any other organisation as they are less likely to have an effective cyber security strategy in place.
According to Hiscox, small UK companies are successfully hacked every 19 seconds! Don’t allow your business to become another statistic.
Past
The first known ransomware attack was before the days of publicly-used Internet and email. It was written and initiated by Joseph Popp in 1989. Popp distributed 20,000 floppy disks via postal services to 90 different countries marked as being sent from a fictious company ‘PC Cyborg Corporation’. The floppy disk claimed to contain a program that, through the completion of a questionnaire, would analyse the user’s risk of acquiring AIDs, the malware remained dormant until a PC was powered on 90 times. After the 90th start-up, the virus encrypted the PC’s files and displayed a message demanding a payment of $189 and further $378 for software release.
Ransomware attacks over the past decade:
CryptoLocker (2013)
This cyber attack targeted computers running Microsoft Windows based primarily in the UK and US. By using the CryptoLocker ransomware, it was estimated that 250,000 computers were infected by the end of 2013.
TeslaCrypt (2015)
Originally targeting gaming data on a victim’s hard drives in the US and parts of Europe, this demanded a ransom of $500 of bitcoins to decrypt the data.
Petya (2016)
This cyber attack targeted computers running Microsoft Windows by encrypting files on the hard drive and preventing Windows from starting up. Primarily targeting Ukraine, 12,500 computers had encountered the threat.
WannaCry (2017)
A world-wide cyber attack that targeted Microsoft Windows computers and affected the UK’s National Health Service. The WannaCry ransomware infected an estimate of 300,000 computers internationally.
SamSam (2018)
The SamSam ransomware was designed to infect a user’s device and remain undetected until it discovered vulnerabilities in the system. This would then encrypt data and demand a ransom to decrypt that data.
RyUK (2019-2020)
RyUK was designed to specifically target large organisations to demand a higher ransom. This ransomware was estimated to have accumulated around $150 million from ransoms.
Present
We now know what ransomware is, how it began and some of the most famous ransomware attacks over the past ten years. But how does ransomware end up on your devices in the first place? Let’s look at the various tactics cyber criminals use to install this malicious software onto your computers and networks.
Ransomware was projected to attack one business every 14 seconds in 2019 – an increase from 40 seconds in 2018. In 2020, ransomware attacks grew by 485%! Since the days of Joseph Popp, computers are more advanced and sophisticated; these can be a huge benefit to our everyday lives but, they can also pose serious security risks. What’s surprising is that some of the most common methods are incredibly simple, and with a bit more awareness, these could be reduced massively.
There are various ways a cyber criminals could infiltrate your business, some of the most common being:
With over 3 billion fake emails being sent daily, it comes to no surprise that this is one of the most successful ways a cyber criminal infects your systems with ransomware. Through the use of malicious attachments and links embedded into emails, cyber criminals personalise and brand these to look like they are from a legitimate source, which increases the likelihood of an employee clicking the attachment/link which will instantly download ransomware onto your machine.
Drive-by Downloads
This occurs when a user visits a compromised website. Cyber criminals will look for security flaws and vulnerabilities in legitimate websites and then exploit these vulnerabilities to embed malicious code onto that website. This will then begin to infect your device with ransomware.
USB and Other Forms of Portable Devices
It is not uncommon for cyber criminals to use USB flash drives or other removeable media to infect your computers and systems with ransomware. Social engineers and cyber criminals often leave these lying around your office which, when plugged in, will deploy ransomware onto the user’s computer.
Open RDP Ports
Remote Desktop Protocol (RDP) is a huge risk to businesses because so many organisations unknowingly have open RDP ports. RDP was designed to allow IT administrators to access a user’s PC for any configuration or computer issues. Cyber criminals have the ability to access these open RDP ports, deploy ransomware and compromise your business. In many instances, businesses of any size and any operation are unaware that their RDP ports are public and open to an attacker, and this is particularly common for companies that have remote workers. So, the COVID-19 pandemic has been the perfect opportunity for cyber criminals to attack your business in this manner.
Future
So, now we know the origin of ransomware as well as the current climate of ransomware attacks and the common methods cyber criminals use to try and compromise your business. But what about prevention? How do you ensure that your business has the appropriate defences and knowledge in place to reduce the risk of a cyber/ransomware attack?
One of the most effective ways you can protect your business is through awareness!
Enrolling effective cyber security awareness training across your operations is the best way to ensure you are building and maintaining a resilient, human firewall against cyber criminals. Having the knowledge to detect and defer a potential cyber attack will massively reduce your risk of a data breach. Through Mitilearn, you can educate your staff on a yearly basis, reduce your organisational risk and implement simulated phishing campaigns to keep your employees vigilant.
Make sure that your organisation regularly backs up its data, and regularly tests those backups. The last thing you want is to find that none of your backups can be used to restore your data.
As tempting as it might be to pay the ransom, it is imperative that you never do this! Even if you do pay the demand, there is no guarantee that the cyber criminals will give you access to the data or not retain the data for themselves. It is also likely that if you do pay the ransom, you are likely to be targeted again in the future.
Implement an effective cyber security strategy across your organisation’s operations to reduce the risk of a cyber/ransomware attack. Protect your organisation’s number-one asset; your data. At Mitigate Cyber we provide a number of products through the Mitigate hub that are designed to prevent cyber criminals from compromising your business.