Many of us are probably aware in the weeks following the Colonial Pipeline attack that ransomware attacks are a serious concern that all of us face. Many cyber-criminals are agnostic on who they target with ransomware, victims can range from large multinational corporations, to local hospitals, even individuals like you or I, and in this most recent instance; highly crucial U.S. infrastructure. This attack had a direct effect on millions of Americans and as a result, led to long lines at the gas pump and even gas shortages in some states along the Eastern Seaboard.
Headlines, news stories and anxiety about how soon a fix would be implemented, this was what was on the minds of many of us during the weeks after the attack. In the end, Colonial Pipeline paid the hackers roughly $4.4 million dollars in order to have their data decrypted.
However, after all of the stories, and buzz about the incident, many people may still be wondering what exactly ransomware is, how it works, and why it is becoming more popular for cyber-criminals. Our goal for this post is to provide some answers to these questions.
What is Ransomware?
Ransomware is a form of malware, or virus that encrypts data and files on a victim machine, which then prevents users from accessing their files. When ransomware infects a system, it starts searching for files and then begins encrypting them, oftentimes it will encrypt all of the files on the machine. Attackers hold the key that can decrypt the files, which they commonly will offer to give to the victim once a ransom payment has been made, but it is not always a guarantee.
Most ransomware will display a ransom notice/pop-up to users, usually by replacing their desktop background image or placing a text file with instructions in the folders it has encrypted. The ransom notice demands payment, which may be between hundreds and several thousand dollars, most typically to be paid in cryptocurrency to keep the transaction anonymous, and untraceable.
How Does Ransomware Work?
Ransomware can enter a network in several different ways, the most common of which is from being downloaded, however other means of infection can come from social engineering. These downloads can come in the form of email attachments, or programs that are disguised to perform a specific function or task, but in fact are carrying the ransomware. Once downloaded, the ransomware program then begins attacking the system and then begins encrypting all of the data and files on the system, adds a new file extension to the files and makes them inaccessible and unusable. There are even much more sophisticated variants of ransomware than can spread themselves throughout networks and systems without human interaction, much like a computer worm.
Ransomwares Rise to Popularity
Ransomware attacks have grown in popularity in recent years for several reasons, the most likely reason being that more times than not, ransomware victims will end up paying to have their data decrypted so cyber-criminals see it as an easy means to an end for making money.
Some other reasons that it is becoming more widespread:
- Use of new techniques for encrypting data (encrypting the entire drive instead of just certain files)
- Ransomware and other types of malware kits are becoming more readily available that can be used to create malware on demand
- Malware and ransomware creators are becoming more sophisticated with their design and development, many are using generic interpreters and cross platform technologies so the malware can be spread to more victims.
- Ransomware and other forms of malware are becoming easier and easier to use. Cybercriminals do not have to be tech savvy in order to use, send, or spread the ransomware.
- Ransomware marketplaces can be easily found online, offering different variants of malware/ransomware that can be purchased and used to their choosing.
There is a silver lining to this cloud. Ransomware can be mitigated and even prevented, if you would like to read more about this, check out one of our previous posts. Ransomware Prevention: Backups & Data Recovery
SME offers both Managed Backup solutions and Cloud Backup Storage solutions that ensure reliable backups of your data. For any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.