What is Ransomware?
Ransomware is quite possibly the most dangerous cyber threat to both individuals and businesses trying to secure their private data. Not only are ransomware attacks becoming more prevalent, but the tactics used to implement them are becoming harder to combat. In 2022, Verizon reported a dramatic surge in ransomware attacks resulting in ransomware being involved in 25% of all data breaches. In addition to this, ransomware as a service (RaaS) is becoming an increasingly popular business model for bad actors looking to sell their services to lower level hackers. This makes the barrier of entry into cyber crime much lower.
For those unaware, ransomware refers to a tactic used by cyber criminals to extort businesses or individuals by stealing and encrypting private data to hold for ransom. Almost every ransomware attack starts with some sort of social engineering. Oftentimes, a phishing email is sent to an employee asking them to download a file or click on a link. These links download malware that exfiltrates data from a business and then encrypts it so that no one without a key can access it. The cyber criminals conducting the attack will send a message of some sorts claiming that in order for the victim to get their data back they will have to pay some sort of ransom.
Most ransomware attacks are financially motivated, but it has been known for criminals to hack businesses with the hopes of getting them to change their current practices or increase their security. However, a majority of the time these actors are looking to get rich quick.
Ransomware a Brief History
Ransomware as we know today is still a relatively new concept. Attackers are just starting to test the limits of what they can do and who they can impact. However, the very first instance of ransomware dates back to 1989 when an individual named Dr. Joseph Popp distributed his ransomware Trojan to 20,000 people attending the World Health Organization AIDS conference. The ransomware was delivered via floppy disk and demanded $189 in ransom. Despite this being the first recorded ransomware event, Ransomware.org claims that the trend never really took off until the early 2000's when it became more convenient for hackers to target a broader range of people over the internet.
From 2000 to the early 2010's ransomware continued to evolve and demand more from its victims when it came to payments. In 2013, Crypto Locker became the first ransomware to demand payment through Bitcoin. This was an important development as every attacker demands ransomware payments be made via crypto currency to preserve anonymity. Today we see high profile ransomware attacks that cost businesses millions of dollars and impact critical infrastructure that everyday individuals rely on.
Types of Ransomware
Ransomware as a service (Raas): In the past, individual hackers would code their own malware, deliver their own phishing emails, and implement their own attacks. Over the past few years we've seen larger ransomware gangs lease their services or particular strain of malware to lower level hackers to use in their own attacks.
Double Extortion: Attackers will often breach an organization and encrypt private data from within the victims systems. They'll then offer a decryption key if the ransom amount is payed. Double extortion involves hackers taking that data off the system and holding it for ransom elsewhere. This lets attackers leak information or sell data in the event a victim refuses to pay.
Supply chain attacks: It is often more lucrative for hackers to target multiple businesses within a supply chain than just focusing on a singular organization. Your company may be well secured with the best security protocols implemented, but if attacks are able to breach someone within your supply chain that has access to your data it may not matter.
What's the Cost?
What were to happen if your organization did fall victim to a ransomware attack? The first thing to consider is the financial cost that comes with a data breach of this magnitude. In 2023, the average cost of a ransomware attack is $1.85 million. For many SMB's this is disastrous and unrecoverable.
Ransomware also has the potential to bring down an organizations operations and halt business for days at a time. We saw the impacts of this with the Colonial Pipeline attack in 2021. Millions were left without gas for a week because the largest provider of gas to the East coast was shutdown due to a ransomware attack. Even a few days of downtime can kill a business.
Your business may also suffer large reputational damage as a result of losing data. If you hold personal identifiable information for clients then losing that data will break the trust you've built with them. If your organization is known as the one that lost its customers data because of an avoidable mistake, it could harm your reputation for a long time.
Colonial Pipeline Ransomware Attack
For a practical example of how dangerous successful ransomware attacks can be, look no further than Colonial Pipeline in 2021. On May 6th, 2021 a ransomware actor was able to gain access to Colonial Pipelines virtual network via an old username and password that should've been disabled. This attacker was able to access the IT infrastructure of the pipeline and wreak havoc on their systems. This forced the pipeline, which provided a majority of gas to the East Coast, to shut down for 6 days to recover and purge the systems of ransomware. The attack made national headlines and resulted in mass panic buying that led to a nationwide gas shortage just a few days earlier. This particular attacks showed critical infrastructure and everyday individuals just how dangerous ransomware can be and how easy it can impact lives.
How to Defend From Ransomware
Is there really any reliable way to defend against a sophisticated ransomware attack? Most cyber attacks can be combated by taking simple, practical steps to secure your business. Because most ransomware attacks are a result of phishing your organization must educate employees on what to look for in their inboxes and what a scam message looks like. Security awareness training helps inform your workers of the risks and how to protect themselves, and extension your business, from attacks.
Your business should also implement multi-factor authentication on every application and account used within your organization. While MFA may be annoying for some it is a very useful tool to provide a second layer of protection to all of your accounts. Even if an attacker cracks your password, you may still be protected if you have MFA implemented.
Complex password policies are also important when it comes to securing your business. Your passwords shouldn't be personal information that can be found with a quick Google search. It also should be at least 8 characters long with letters, numbers, and special characters. This will help ensure your password can't be brute forced. Where MFA is your second line of defense, passwords are your first.
Lastly, if your organization is looking to take the next step in cybersecurity you can contact CorpInfoTech to see how our managed security services can protect you from the most sophisticated of ransomware attacks. We provide firewall and vulnerability management that ensure there are no gaps in your security!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.