Ransomware first appeared as a method of stealing money from individuals,
but it is now being used to restrict access to organizations such as hospitals, financial organizations, and even local law enforcement. Over the past few years, ransomware has taken hold of the cybercriminal world, and each year we continue to see its popularity grow among cybercriminals. Why? Ransomware is not only profitable but easy for an attacker to use. Simply infect the computer using a malicious link sent through an email, website, or chat message.
How Does Ransomware Work?
Ransomware is a type of malicious software that restricts access to a victim’s infected computer. The attacker demands the victim pay a certain amount of money before that software is removed and access is regained. While the average demand costs around $500, organizations have been known to pay over $10,000 to regain access to their systems. One such instance was Hollywood Presbyterian Medical Center. They paid a ransom of $17,000 after three weeks of operating without their critical computer systems.
There are two types of ransomware - lockscreen ransomware and encryption ransomware. Lockscreen ransomware will lock the user’s screen until payment is made while encryption ransomware will encrypt the files on a computer, restricting a user’s access to them.
What is an Attacker's Goal?
Payment is always the goal of an attacker. By demanding small amounts of money, infected users are more than willing to pay up rather than spend the time attempting to restore the locked data. In most instances, the attackers will actually follow through and restore access to the computer upon payment by providing an unlock code or supplying a program to decrypt the file. Unfortunately, restoring access isn't always possible - especially if it's infected by encryption ransomware.
Protect Yourself from Ransomware
Ransomware can be installed on a user's computer in several ways including:
- Tricking the user into opening a malicious attachment
- Copying a file to their machine that appears to be legitimate
- Downloading a malicious application
Implementing multiple layers of security is the defensive technique required to defend computers against the crippling effects of ransomware.
To protect yourself, make sure you:
- Consistently back up your computer. This is the most important layer of defense. It is important to have a data backup policy where system backups are stored in a location inaccessible to the infected machine, preventing the ransomware from encrypting the backups.
- Be on the lookout for anything suspicious. As with most malicious activity, the attacker often sends a malicious link or attachment through a hacked website or user account, fake email, or even chat messages. If you’re uncertain - don’t click it!
- Use malicious software detection tools. Keep in mind, while these tools are useful, they may not be able to stop the most recent versions of this malicious software. Ransomware software is constantly changing, and these tools are only able to identify known versions.
- Educate yourself and your organization. Why? Because attackers are always looking for ways to trick users into clicking on a malicious email attachment, copy a file onto their computer, or install a “Trojan horse.” Understanding how these attacks work can help prevent issues before they happen.
Small and medium sized businesses are popular targets for ransomware attacks. These organizations often don’t have the proper security measures in place, allowing attackers to easily target a user and infiltrate the network. However, that doesn’t mean attackers overlook large organizations and individuals using personal computers. If you aren’t doing enough to protect yourself and your organization, you could easily become the next victim.