How Hackers are Using Ransomware in Cyber Attacks
In today's technology driven world, there is an emerging type of attack that has recently received a lot of attention in the media – ransomware. This type of malicious software (i.e., malware) locks the victim out of files on their computer and demands payment in order to restore access.
Although this type of attack has been around for nearly a decade, we saw an influx in attacks in 2015 – more than ever before. This attack showcases how attacker's goals have changed over time. Rather than looking to deface a website or embarrass a company, today's attackers are looking for money, and that's what the primary goal is for attacker's who use ransomware.
How the ransomware attack works
Ransomware infects machines (i.e., laptops, desktops, servers, etc.) using common methods, such as email attachments, bad website downloads or advertising. Once the malware has been downloaded on the target machine, it begins encrypting the user's files without the user knowing. People typically think of encryption as a good thing, but in this case it's the opposite since it's being used to “lock” the user out of their files. Once the malware has finished, a message displays on the machine announcing that your machine has been encrypted and to pay a ransom in Bitcoin, an untraceable digital currency, to regain access to the files.
There is a typical time limit of three to four days for payment to be made before the encryption key is destroyed, which renders the affected files unreadable – forever.
In early versions of this attack, the software would only encrypt the contents of the local machine where it had been installed. In the latest versions of this attack, the software will attempt to encrypt removable drives, such as USB hard drives and flash drives, as well as your network drives.
Attackers have targeted the internet at large, and the malware has affected individuals and businesses alike; public sector, private sector and the government have been notable victims. It's the attacks on individuals and small businesses that are more frequent and don't always make the news.
What can your business do to help safeguard its data?
Although there is no way to completely banish the risk of falling victim to an attack, there are a number of proven, preventative measures that a company can take:
- Train employees on ransomware and the methods by which it is distributed.
- Proceed with caution when opening email attachments even when they appear to come from someone you know; likewise, don't download software from untrustworthy or unfamiliar websites.
- Back up important files regularly and keep at least one copy “offline” to prevent that backup from being affected by the malware.
- Ensure that your operating system and third party software are properly patched (i.e., Internet browsers, Flash, Java and Adobe Reader).
- Utilize antivirus software with up-to-date definitions. It's important to note that antivirus will not catch all malware.
If your business has been infected with ransomware, it's important to take action quickly. The FBI has publicly said that they often advise people to pay the ransom. Primary concerns for a company will revolve around determining how best to recover the data (from backup or by unencrypting), ensuring that the environment is cleaned and steps are taken to prevent reinfection. While ransomware is an increasing problem for all users of the internet, the most important step to fighting back is being aware of the risks, and implementing key steps to help reduce the risk. Increasingly, we are seeing attackers targeting organizations and businesses because these entities have the ability to pay larger ransoms. This is a pressing issue in the cyber liability field. With an abundance of additional access points for hackers to breach, how can you ensure that your system remains secure?
Knowledge is power, and being informed and prepared is often the best way to ensure your business doesn't end up a statistic.