“What is ransomware?” Let us show you.
Imagine, a few days ago you received an email like this.
Looks a little suspicious, doesn’t it? In fact, it’s an obvious ransomware attack. And that’s how you can detect it:
- The call-to-action [WARNING] gives you a sense of urgency.
- Gmail as a sender is super strange.
- The image looks really odd. Besides, why should it be in the email?
- Google asks you to update your system. But as you know, Google always updates automatically.
- Gmail client version is written unnaturally.
This is what ransomware looks like.
What Is Ransomware?
Ransome is a special malware that threatens to perpetually block access to your data unless you pay a ransom.
The primary goal of ransomware is to make you pay a ransom, hence the name. Usually, cyber-attackers decrypt your files after they receive the payment. Ransom is usually paid in Bitcoin to keep hackers anonymous.
How Does Ransomware Work?
Ransomware has a public/private key encryption to make your data unreadable. To decrypt the data, you need both public and private “keys” (a key is a combination of symbols). The author of ransomware holds the private key you need to access your data again. Unless you pay a ransom, hackers will not give you the key to decrypt your information.
How Does Ransomware Spread?
The most common way to catch ransomware is to click a link and download an infected file/app. Usually, the links are contained in phishing emails (we have shown you an example). Spam filters can never guarantee that you won’t get such an email.
Not all ransomware is spread through email. Petya and Ryuk, new types of ransomware, exploited system vulnerabilities, Spora dropped ransomware copies in network shares, Locky corrupted images, and Bad Rabbit used brute force to move across a network. Even hardware like flash drives or RW disks may be the source of infection.
The point is, ransomware authors are constantly looking for new ways to spread their creations.
What Files Does Ransomware Target?
In theory, ransomware may encrypt a file of any type. The targeted files depend on the ransomware design. However, some files on your computer are encrypted more often than others. The usual targets are:
- Word and Excel documents.
- Images in JPG, PNG, and other formats.
- Files in the PDF format.
- Text files.
Ransomware is not only an on-premises problem. Cloud services, such as G Suite and Office 365, are also vulnerable to attacks. Ransomcloud is a special ransom malware, designed to encrypt cloud emails and attachments. For example, ransomcloud can encrypt your Outlook emails.
Who Does Ransomware Target?
Ransomware targets everyone: individual users, small and medium businesses, huge corporations, and even governments. Corporate or government networks are especially hard to protect, as there are many employees. A single click may be enough for a full-scale infection.
There is no industry unaffected by ransomware. However, attackers tend to target the most valuable data. That’s why organizations in healthcare, governance, finances, and education are the most attractive targets.
The Most Dangerous Ransomware in 2019
Even though the year is not over yet, several notable ransomware attacks had already happened. Let’s take a closer look at the most dangerous ransomware in 2019.
Ryuk is a type of ransomware which was originally detected last year. In the second quarter of 2019, Ryuk became the prevalent ransomware, hitting a 23.9% share of all ransomware attacks.
Usually, ransomware attack happens immediately after an infection. Ryuk can stay hidden for days or weeks after the infection, searching the system for critical data. When the search if completed, ransom protocol activates to encrypt the files.
The most notable about Ryuk is the sum it demands. In June 2019, Ryuk attacked two city councils in Florida: Lake City, and Riviera Beach City. The sum paid to hackers exceeded $1.1 million dollars.
RobinHood ransomware got a spotlight after the Baltimore attack in May 2019. This ransomware seized government computers for almost two weeks. The ransom demand was approximately $76,000 in Bitcoin. The total damage of this attack is estimated to be more than $18 million, including lost revenue.
Sodinokibi (or REvil) ransomware, first detected in April 2019, has the 12.5% ransomware market share. To infect computers, this ransomware exploited a vulnerability in Oracle WebLogic and used phishing emails.
Sodinokibi is said to be behind the Texas ransomware attack in August 2019. The ransomware infiltrated more than 20 local governments. So far, the total damage is yet to be announced. However, the scale of Texas ransomware attack is extreme, compared to other attacks this year.
Ransomware is constantly changing, as well as its impact on the world. That’s why being up-to-date is vital for being safe from ransomware. Let’s take a look at the most recent trends.
- Hackers come up with more sophisticated social engineering tactics. Ransomware may look like an email from tech support or colleagues. If your files were encrypted, hackers pressure you to pay a ransom by threatening to delete your files.
- Ransom demand grows tremendously. Сompared to 2018, the average sum hackers demanded has almost doubled in the first quarter of 2019, from $6,733 to $12,762. In Q2 things have got even worse, with a surge to $36,295.
- The rise of malicious apps. Hackers create apps with the purpose to spread ransomware. Giving “fake” apps permissions to access your data may lead to infection.
- Paying hackers is hardly an option. According to CyberEdge, paying a ransom resulted in data loss in 39% of cases. The risk of data loss is unacceptably high.
- Age-old tactics still work. Phishing may sound like a very primitive method, yet it is still effective, being responsible for nearly 30% of ransomware infections.
What about the future of ransomware? Likely, the global ransomware cost will continue to rise. By 2021, the total damage from ransomware may reach $20 billion, compared to $11.5 billion in 2019.
Another trend that will likely go on is the increase of ransom demand. Data loss leads to severe consequences, especially for big organizations. Ransomware authors will take the opportunity and ask for a higher ransom to decrypt the data.
What Is The Best Way to Resolve A Ransomware Threat?
Ransomware strikes when you least expect, so don’t forget about basic rules of ransomware protection:
- Do not click suspicious links.
- Update your cybersecurity software regularly.
- Use application whitelisting to prevent unapproved programs from connecting to your system.
- Check the new hardware.
- Give access to system settings and vital data only to trusted users.
However, these methods can only decrease the probability of ransomware infection. Antivirus programs don’t detect 100% of ransomware, and hackers are constantly finding new methods and tactics.
What is the best ransomware protection? Follow the basic rules + use a backup to recover your data in the case of an attack.
According to FBI, having a backup is recommended to prevent ransomware attacks. Why backup is the best way to recover files damaged by ransomware? Backup is a copy of your data, stored separately. That’s why it is safe from ransomware, even if you’ve experienced an attack. Recovery from backup restores your files in their original form.
Spinbackup Is The Best Protection Against Ransomware
- Up to 3 automated daily backups.
- Safe data storage in Azure, GCP, or AWS.
- At-rest and in-flight data encryption to keep your data secure in both storage and transit.
- Indefinite data retention.
- Reports to monitor the status of your protected data
- Point-in-time restore to give you a variety of versions to restore from.
- 100% accurate recovery using the same folders hierarchy from any point in time
- …And much more.
- Identify the source of the ransomware attack.
- Block the ransomware source and stop the encryption process.
- Identify encrypted files.
- Run a granular recovery of damaged files from the last successful backup.
Back up your data, and be sure you’ll recover it in the case of emergency!
478 total views, 37 views today