Top 5 things you need to know about Ransomware

My original plan for this article was to spend the course time discussing encryption.  Our goal was to shed some light on what encryption is, what it does and all of the other great things you hear about it – especially in the world of data security.  Topics for the course were to be encryption in transmission, encryption at rest, cryptography, email and attachment security and others.  But about 2 weeks before we were to get started on the class, one of our clients was attacked with Ransomware – good encryption’s evil twin.  Which made me step back and reconsider what are the top 5 things you need to know about Ransomware.

  • Why is Ransomware so dangerous?
  • What is Ransomware?
  • Why target individuals?
  • Why target businesses?
  • What is the best defense against Ransomware?

There has been a lot of chatter recently on a technology threat called Ransomware.  Basically, a malicious piece of software is installed on the victim’s computer, which then encrypts the computers files, rendering them unreadable until a sum of money is paid.  Once the money is paid, the attackers can (or not) send the necessary decryption key to unlock the files.  There are many variations of this type of threat but at the end of the day, if you do not have a good backup, you will probably have to pay the ransom to free your data.

Why is Ransomware so dangerous?

I think it is pretty obvious why this threat is so dangerous.  Your entire data set can be rendered useless in a matter of seconds.  Personal files, business files, accounting information, client data – everything – can simply be locked into oblivion. The more sensitive the data is, the more it becomes a target.

I found a blog post on this topic that really spells it out…  Data Is a Toxic Asset.  Here are the high points:

  • ‘Big Data’ refers to the idea that large databases of seemingly random data about people are valuable. Everyone saves everything – retailers, telecom, Microsoft, Google – you get the idea.
  • Saving data is dangerous because it can contain information that is highly personal
  • Saving data is dangerous because many people want it. The more sensitive the data is, the more it becomes a target
  • Saving data is dangerous because failing to secure it can be damaging.

So as data becomes more and more valuable through research, time and other means, so does the likelihood that it will be a target for someone at some point in time.  Ransomware is an interesting tactic because it allows the victim the opportunity to decide whether or not the data is valuable (and to what extent that value is).  For example, a small business that has a few Gigabytes of files, documents and spreadsheets may determine that their data is valuable, but only to $1000.00.   But just this week, WikiLeaks reported that a hacker group known as ‘The Shadow Brokers’ breached another group ‘Equation Group’ and stole a full set of NSA cyber weapons.  The Shadow Brokers offered to sell the payload to the highest bidder, or release it publicly for 1 million Bitcoin ($568 Million).  Ransomware puts all of the pressure on the victim to either produce the payment or lose everything, forever.  And in some cases, a countdown clock simply adds to the stress.

What is Ransomware

Ransomware is Malware – (a) malicious software that is specifically developed to infiltrate or cause damage to computer systems without the owner’s knowledge or permission. It features unbreakable encryption, which means that you can’t decrypt the files on your own (there are various decryption tools released by cyber security researchers – more on that later); It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC; It can scramble your file names, so you can’t know which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom; It will add a different extension to your files, to sometimes signal a specific type of Ransomware strain;

It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back;

ransomware-pop-up-example
Ransomware Pop Up Message

So Why Target Individuals?

• Probably don’t have good backups
• Little or no cybersecurity education – they’ll click on anything
• Lack of online safety makes them prone to manipulation
• Lack baseline cyber protection
• Don’t keep their software up to date (Windows Updates)
• Most home users and individuals use Anti-Virus software to protect them from all threats, which is ineffective in stopping ransomware and other malware variants.

So Why Target Businesses?

• Because that is where the money is.
• Ransomware can cause MAJOR disruptions which increases their chances of getting paid.
• Systems can be complex and prone to vulnerabilities that can be exploited by technical means
• Humans can be exploited – social engineering tactics
• Can affect computers, servers and cloud-based file sharing systems
• Criminal know that business would rather not report ransomware attacks for fears of legal or reputation-related consequences
• MOST IMPORTANTLY- Small business are often unprepared to deal with advanced cyber attacks.

What is the best defense against Ransomware?

The best defense against Ransomware (or any other malware for that matter) follows (and in no particular order)…

  • Personal Awareness
  • Personnel Awareness
  • A comprehensive Backup solution
  • Anti-Virus, Anti-Malware and other threat detection systems
  • Operating system patches, software application patching and browser updates & patching

So to sum it up, Ransomware is a very dangerous malware threat that can bring your business to its knees.  Malicious software encrypts the computers files, rendering them unreadable until a sum of money is paid.  Once the money is paid, the attackers can (or not) send the necessary decryption key to unlock the files.  There are many variations of this type of threat but at the end of the day, if you do not have a good backup, you will probably have to pay the ransom to free your data.  Stay vigilant and be smart about what you see and open!

Until next time,

Jeff