The average ransom paid by a victim, increased by 60%, rising from $111,605 to $178,254 - according to a recent report from Coveware, comparing the first and second quarters of 2020.
What is Ransomware?
Ransomware is defined as malicious software (or “malware”) that locks users out of their devices or blocks access to files, holding them hostage, until a sum of money or ransom is paid.
It comes in many variants (such as CryptoLocker, Petya, SamSam, and WannaCry) but it’s constantly evolving, making it very difficult to protect against.
Ransomware attacks cause downtime, data loss, and possible intellectual property theft, and in certain industries, an attack is considered a data breach.
How do Ransomware Attacks Work?
One of the most common ways Ransomware can get into your computer or system is via a phishing email, where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information. Typically, the email includes a malicious link or attachment, that will take you to a fake but legitimate looking webpage. Once an unsuspecting user opens the attachment or clicks the link, the ransomware can infect the victim’s computer and spread throughout the network.
Another route is using an exploit kit to take advantage of a security hole in a system or program, like the infamous WannaCry worm that infected hundreds of thousands of systems worldwide using a Microsoft exploit. It can also take the form of a fake software update, prompting users to enable admin capabilities and install malicious code.
Once Ransomware has infected the system, it generally either blocks access to the hard drive or encrypts some or all of the files on the computer. You may be able to remove the malware and restore your system to a previous state, but your files will remain encrypted because they’ve already been made unreadable, and decryption is impossible without the attacker’s key.
The ransom itself is set at a level that’s low enough to be payable, but high enough to make it worthwhile for the attacker, prompting companies to do a cost-benefit analysis of how much they’re willing to pay to unlock their systems and resume daily operations.
According to Sophos State of Ransomware 2020 “Overall, 95% of organizations that paid the ransom had their data restored.”
What are the different types of Ransomware?
Ransomware takes many forms, but they all have one thing in common - they demand a ransom in exchange for restored access to your system or files. Ransomware attacks are designed to prey on people’s desperation and fear in order to convince victims to pay.
According to the FBI, “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
Here are the most common types:
- Crypto malware or encryptors are one of the most well-known and damaging variants. This type encrypts the files and data within a system, making the content inaccessible without a decryption key.
- Lockers completely lock you out of your system, so your files and applications are inaccessible. A lock screen displays the ransom demand, possibly with a countdown clock to increase urgency and drive victims to act.
- Scareware is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem. Some types of scareware lock the computer, while others simply flood the screen with pop-up alerts without actually damaging files.
- Doxware or leakware threatens to distribute sensitive personal or company information online, and many people panic and pay the ransom to prevent private data from falling into the wrong hands or entering the public domain. One variation is police-themed Ransomware, which claims to be law enforcement and warns that illegal online activity has been detected, but jail time can be avoided by paying a fine.
- RaaS (Ransomware as a Service) refers to malware hosted anonymously by a “professional” hacker that handles all aspects of the attack, from distributing ransomware to collecting payments and restoring access, in return for a cut of the loot.
So, what should you do if you are hit by Ransomware?
- Shut down infected systems immediately
To avoid ransomware spreading, disconnect the infected device from any network it is on and turn off any wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB or external hard drives.
- Determine the strain and the scope
Ransomware usually identifies itself so understanding which strain it is can help you decide how to remove it. This is also helpful to know when reporting the attack. Next, determine how many devices were infected, as well as what kind of data was encrypted.
- Call your business insurance carrier and start a claim
At this point, we really hope you have cybersecurity insurance because this can make a difference for many businesses on whether or not their doors stay open. Most general business coverage will not cover cybersecurity events. The reason you need to involve your insurance carrier early is that they may have a set protocol and process to evaluate your claim and payout. Often if you have cyber insurance they may assist in paying the ransom. They also will have their own legal and IT experts to help you through the process.
- Report the incident
You should let your organization know about the attack but it’s also important to report it to the FBI or your local authorities depending on where you are located. This is to help them gain an understanding of ransomware and its impact on victims.
- Evaluate your options
If you don’t have a backup solution, your other options are to do nothing (lose your data) or decrypt your files using a 3rd party decryptor. If all else fails, you can pay the ransom but beware of this option as it increases the chances that you’ll be targeted again.
- Prevent future Ransomware attacks
There are numerous factors to consider, but to begin with, here are a few for review to protect yourself against a ransomware attack.
To get a more complete idea of what you can do to protect yourself download 15 Ways to Protect your Business from Ransomware.
Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
- Tri-Cities, Washington 509.396.6640
- Yakima, Washington 509.396.6640
- Bend, Oregon 541.848.6072
Questions about your IT or Cybersecurity? Give us a call today!