Ransomware is one of the most destructive cybersecurity threats that can unexpectedly disrupt the work of your team at any time. But what is ransomware, and how to protect yourself from this cybersecurity threat?
Protect your business from ransomware with 24/7 AI-based SaaS cloud SolutionTry SpinOne
Table of Contents
What is Ransomware: Full Information
What is ransomware? Ransomware is a special malware that blocks access to your data or device until you pay a ransom, hence the name. Ransomware infects files or the whole system. The primary goal of ransomware is to make you pay for getting your data back.
Ransomware may lock the operating system entirely, or just critical files. Anyway, the working station is becoming non-operational until the ransom is paid, or a huge data recovery work is done by cybersecurity experts.
Types of Ransomware
There are two major ransomware types – locker and crypto-ransomware. Ultimately, their goal is the same, yet the execution is a little different.
Locker ransomware, as the name suggests, locks your devices: computers, mobile phones, and tablets.
Locker ransomware prevents you from accessing data on your device but usually leaves the data unharmed. In other words, it’s much more straightforward to recover your files in case of infection with this type.
Though locker ransomware locks your device, it’s still possible to access your mailbox from another device as long as you remember your credentials, of course.
The locker ransomware was more popular years ago, before the mass adoption of cloud technologies and services (like G Suite and Office 365). It is still harmful to individual devices and users, but not as widespread and dangerous as crypto-ransomware.
Crypto ransomware encrypts the data on your computer or in the cloud. This type may target only specific files, without blocking access to your system. However, you can not use encrypted data.
Crypto ransomware is especially dangerous for corporate networks, where the value of data is extremely high, and downtime costs are significant.
Encrypting ransomware is much harder to deal with, as you can not get access to your data simply by switching devices or finding a way to pass a screen lock. You have to restore each file, and there can be thousands of them.
Now let’s take a look at some notable ransomware examples. You have likely heard of some of them.
WannaCry was one of the major headliners in 2017. More than 150 countries were impacted and the global damage reached up to $4 billion.
Petya was a reason behind many attacks during 2016 and 2017. This ransomware spread via infected email attachments. Petya was unique, as it infected the whole system by overwriting the master boot record. Also, this ransomware served as a source for Bad Rabbit, a modified version of Petya, which disguised itself as an update for Adobe Flash Player. Running the fake installation caused the infection.
RobinHood was the ransomware behind the Baltimore attack in May 2019. The attack impacted governmental systems and held them, hostage, for nearly two weeks. The ransom demand was approximately $76,000 in Bitcoin. The total damage is estimated to be more than $18 million.
Sodinokibi (or REvil) ransomware infects computers by exploiting a vulnerability in Oracle WebLogic and using phishing emails. This ransomware is the suspect behind the Texas ransomware attack in August 2019, where more than 20 local governments were infected.
Ryuk is one of the most common ransomware of 2018-2019. Ryuk became infamous due to its high ransom demand. In June 2019, Ryuk attacked two city councils in Florida: Lake City, and Riviera Beach City. The sum paid to hackers exceeded $1.1 million.
How Does Ransomware Work?
Ransomware spreads by phishing emails (soon we’ll show you an example), infected USB devices, and many other ways you wouldn’t expect it to.
Once a computer is infected, the ransomware locks the files with a strong encryption algorithm, based on cryptographical science. The files can’t be decrypted without a special combination of symbols, called key.
There are two types of keys you need to decrypt your data –public and private keys.
Ransomware authors hold the private key and demand a ransom to share the combination with you. Ransom is usually demanded in Bitcoin or other cryptocurrencies to hide the identity of the attacker.
Should You Pay a Ransom?
Paying the ransom NEVER guarantees your peace of mind: more money could be demanded immediately after the first payment or later. In some cases, criminals do not keep their word, and the files may become encrypted forever.
Important stat: paying ransom results in data loss in 39% cases.
Who Does Ransomware Target?
Ransomware targets everyone: individuals, businesses of all sizes, and even governments. It can impact NTFS folder security, networks, cloud storage, and more. Corporate or government networks are especially hard to protect, as they have many users. A single click from any of them may be enough for a full-scale ransomware infection.
No industry is safe from ransomware. However, attackers tend to target the most valuable data. That’s why organizations in healthcare, finances and education are the most attractive targets. Even governments are targeted.
Systems Impacted by Ransomware
No matter where your data is stored, there is a chance an attacker will get it. Malware can infect files stored:
- In the cloud (including cloud-based SaaS like Office 365);
- On a computer;
- On mobile devices;
- On servers.
Each system has its own vulnerable points and flaws in security, and that’s the reason ransomware always finds a way in.
Ransomcloud: Threat for G Suite and Office 365
Ransomware authors are constantly coming up with smarter strategies. That’s how ransomcloud appeared. Ransomcloud is a sub-type of ransomware, geared towards infecting files in the cloud.
Office 365 and G Suite are the primary ransomcloud targets. Ransomcloud is not only a decrypting malware but a complex of social engineering tactics behind it.
Check out this video to see ransomcloud in action:
Ransomcloud authors use various ways to threaten you and collect a ransom. Typical features of ransomcloud attack are:
- Attackers usually infect your system by sending a phishing email to your Gmail/Outlook mail.
- The email you receive looks like it is sent by your colleague or a reputable company to make you click a malicious link with ransom infection. .
- The attackers use sophisticated wordplay to create a sense of urgency.
Ransomware Statistics: Clear Uptrend
The best way to understand the ransomware threat is to measure it. Let’s take a look at some numbers.
- By 2021, the total damage from ransomware may reach $20 billion, compared to $11.5 billion in 2019 and $8 billion in 2018. In 2015, the global ransomware damage was approximately $325 million.
- In 2017, every 40 seconds someone got a ransomware infection. In 2019, this time has decreased to 19 seconds and may continue to fall down to 14 seconds in 2021.
- Average ransom demand constantly grows. The average sum that hackers demanded has increased from $6,733 in 2018 to $36,295 in 2019.
How to Prevent Ransomware Attack
The common aftermath of a ransomware attack is data/financial/reputational losses. Naturally, companies try to learn what is the best way to resolve a ransomware threat.
Paying up is not a guarantee of data loss prevention, so it’s not an option. Hiring a team of professional cryptography specialists to decrypt the damaged files will not save you from significant downtime costs.
So what should you do? First and foremost, pay attention to ransomware protection measures. Be cautious yourself and train your employees to be prepared for ransomware attacks.
How to Detect a Ransomware Attack
The usual way to catch ransomware is by clicking a link in a phishing email. This is how 30% of ransomware infections happens. Here’s an example of a typical phishing email.
Seems suspicious? Absolutely! And here’s what may be a hint:
- A sense of urgency, which is a common social engineering tactic.
- The sender pretends to be someone reputable to make you click.
- The image with a brand name creates an illusion that this email is from a known company.
- As you know, Google always updates automatically. Many other services as well, so an email asking you for the manual update is somewhat unnatural.
The Best Ransomware Protection
There are several basic ransomware protection measures:
- Avoid clicking links in suspicious emails.
- Set up 2-Step Verification.
- Use app whitelisting to prevent unapproved programs from getting access to your system.
- Check the hardware you use.
- Give access to system settings and vital data only to trusted users.
However, these methods can only decrease the probability of ransomware infection. Antivirus programs don’t detect 100% of ransomware, and hackers are continually finding new techniques and tactics.
What is the best ransomware protection? Follow the basic rules + use a backup to recover your data in the case of an attack + use ransomware prevention tools.
According to the FBI, having a backup is recommended to prevent ransomware attacks. Backup is a copy of your data stored separately. That’s why it is safe from ransomware, even if you’ve experienced an attack. Recovery from backup restores your files in their original form.