A long time ago in a galaxy far, far away…. Wait, was it just 30 years ago? Ransomware is so common that we tend to think that it was always with us. Well, it’s just 31 years old but has caused numerous amounts of damage already — even though there’s still a moment of stunned incredulity when people first hear about ransomware.
This blog post will walk you through basic concepts and principles: What is ransomware? How does it infect your computer? And what is the impact on your business?
So…what is ransomware?
Speaking about the definition, I would put it in simple words: Ransomware is a form of software that is created with malicious intent and puts user’s files into code. It stands to mention that ransomware works by using file encryption, one of the most crucial tools in computer security. Some ransomware actors behave differently however, such as deleting files, encrypting applications (such as SQL Server) or uploading data to extort the organization. Ransomware will typically get access through insecure remote access, OS vulnerabilities, software downloads or email attachments.
How the ransomware process works
Alright, we get it — ransomware encrypts files on computers. But how does this happen?
Apart from the code and encryption algorithm, there’s always social engineering tricks involved.
I’m a big fan of the Mr. Robot series, which talks a lot about building an emotional connection with victims first before hacking them and encrypting their data. Sometimes, attackers even get in touch with the target on a social network and start a conversation with the target there. Step by step, the hacker gains the victim’s trust and then uses that trust to get access to private, sometimes even sensitive, data, like passwords or bank account details.
Probably not in such scale, but the same logic is being used with ransomware: you open email from someone you trust, friend, any legit organization, etc.; you receive intimidating messages that your computer just got infected (still emotional connection, huh?), so you click the link and here you go. Download completed. Ransomware is on your computer! But let’s dig deeper into the ways your computer can get into this trouble — as aware means armed.
First ransomware scenario: Malicious emails
- User receives email with file attachments or links in the email body. Even though most emails like this will go to the spam folder, some of them can sneak into your inbox.
- User downloads file attachment or clicks the link. The process of ransomware installation has now started.
- Ransomware starts encrypting the data you have on the computer: photos, documents, PDFs, everything you got there.
- Now’s the time instructions show up and tell the user how to make a payment to the attacker to get the decryption — and it could be thousands of dollars!
Below is an example of spam and probably malicious email. I can’t tell for sure if the link in the email body will download ransomware, but I don’t want to tempt fate (and look at the note on “trusted sender!”).
Second ransomware scenario: Browser and exploit kits aka malvertising
- User clicks on online ads in browser and system redirects user to compromised website.
- Usually, attackers make sure to create these compromised websites to look legit, so it may take awhile for your antivirus and security system to identify exploit codes hidden there.
- Exploit kit starts examining your computer and launches some Java or Flash software to find any possible vulnerability. And if such vulnerability is found — ransomware will be placed into your computer.
- Ransomware will encrypt all the data saved on your computer’s hard disc (the same way as with the malicious email scenario).
- Instructions won’t take long, and you will have to pay the attacker again.
Always keep in mind that payment doesn’t ensure that you get access to your files back. This only ensures that ransomware attackers will get your money — and that is it!
Image by mohamed Hassan from Pixabay
Who is the target audience of ransomware?
The answer is everyone.
Ransomware can be aimed at both individuals and businesses of any size. Every organization is at risk — whether you’re a small business or an enterprise. There is no limitation and again, every industry can be damaged: education, government, healthcare, retail, finance…if you think you’re not on the list — you should know that you are, as ransomware is a real threat and can lead to negative consequences.
The impact of ransomware on businesses
What about business impact? Impact IS huge.
In Q4 2019, the average payment for a ransomware decryption key went up by 104% to $84,116, up from $41,198 in Q3 of 2019. Payment doesn’t guarantee that you will restore access to data. This doesn’t even guarantee that your computer isn’t infected anymore.
Ransomware can be devastating, and the recovery process won’t be easy and may require additional resources.
Here are the key risks associated with ransomware:
- Data loss — temporary or even permanent
- Complete shutdown of business operations
- Financial loss due to disruption and downtime
- Financial loss associated with remediation efforts
- Company’s reputation
When ransomware hits — it’s a company-wide emergency; it is a disaster which needs to be recovered.
Protection against ransomware attacks
The best way to protect against ransomware is to prevent it from happening.
Back up your data, educate your business administrators on ransomware and invest in a good cybersecurity solution.
AVM Cloud offers an array of cybersecurity solutions to help secure your business. AVM Cloud Fusion – a solution focusing on Backup & Disaster Recovery will give you peace of mind when it comes to securing both you and your customer’s data. In the case facing data loss or disruptions, AVM Cloud Fusion will restore to the previous recovery point to safeguard your data.
Aside from subscribing to the Fusion solution, AVM Cloud has other competencies as well. AVM Cloud Security Operations Center (SOC) has a group of engineers that manage and monitor the activities on your infrastructure. Incident notifications will be sent when suspicious activities are detected, our engineers will then blacklist it until its’ legitimacy is verified.
If you are ready to take your data protection to the next level or interested to know more, contact us at enquiry@avmcloud.net
