What Is Ransomware? This Information Security Menace Explained
We live in the age of information, and information is power. While the latter adage has been a part of our vernacular for quite a while, it takes on new meaning today. Cyberattacks are now so common that news of them is hard to avoid. The COVID-19 pandemic and its related surge of online activity has created an even larger field of targets for virtual criminals.
“These types of attacks are increasing daily,” says Sarah McAvoy, managing director of Cyber Unlocked. “Given that we all use multiple devices every day, everyone should have basic cybersecurity training these days.”
Now is as good of a time as any to dig a little deeper into how these attacks function. In this article, we’ll explain what ransomware is, how it works and what people can do to avoid falling victim to ransomware attacks.
What is ransomware?
Ransomware is a type of cyberattack that often launches on an enterprises’ computer network, according to McAvoy. “In such an attack, a cybercriminal hacks into a network and encrypts all of the files and data in the network.” This way, no one else can access the data until a ransom is paid. If the victim does not pay the ransom, the attacker threatens to keep them locked out, destroy the data or release the information to the public.
It is important to note that paying a ransom does not guarantee that cybercriminals will give back the stolen data. The FBI advises any individual or company under the threat of ransomware to not pay the ransom but rather report the attack to the Internet Crime Complaint Center.
Who is at risk for a ransomware attack?
The simple answer is this: pretty much everyone. Any computer user is vulnerable and needs to understand ransomware attacks, according to Hector Ruiz, president and cybersecurity consultant of Corporate Shields. “Ransomware attacks are the most prominent and successful types of attacks due to their design,” Ruiz says. “Attackers are finding new and better ways to introduce these attacks into systems.”
Since individuals still stand to lose if they get locked out of their devices or if their photos and files are stolen, they remain vulnerable to attack. That said, businesses and organizations are often higher-value targets for criminals as they have more resources—and often more to lose—which may increase chances of a payout.
“In my opinion, the average person, and especially businesses, should be aware of ransomware and the damage due to loss of data as well as loss of revenue while recovering from an attack,” says Andrew Pantaleon, senior systems administrator at Forthright Technology Partners. Ransomware can cause expensive damage to a company in many different ways, making it foolish to ignore.
What types of ransomware are there?
“In the most general terms, there are two kinds of ransomware attacks: targeted and nontargeted,” says Pantaleon. In both cases, the end goal is locking files and extorting payment—but the steps leading up to ransomware deployment will be very different.
A targeted attack is more of a precision operation, like surgery, according to Pantaleon. “Targeted attacks involve an attacker actively looking for targets to launch ransomware on and will be much more sophisticated in how the attack is run.” In these cases, attackers may have access to a company network for weeks before they launch the attack. They learn about the systems, eliminate security measures and backups, and generally do all they can to make paying a ransom the only way out.
“The attackers will target things like financial data, personnel data—including social security numbers of employees—as well as possible trade secrets of a company,” Pantaleon explains. “They will leverage this stolen data, along with the ransomware, to further try to coerce companies into paying using the threat of leaking or selling this data on the dark web.”
Nontargeted attacks are more about casting a wide net and hoping to catch a target. Pantaleon says attackers can attempt this in many different ways, but phishing emails and fake advertisements are most effective. “An attacker will send thousands of generic emails to random people hoping that a handful of users will click a link or download an attached file that is malicious and will start the ransomware attack.”
Attackers use phishing emails with messages like “You just won $1000! Click here to claim your prize!” or more official-sounding things pretending to be your bank, your boss or the IRS to try and trick users, according to Pantaleon.
As for the actual software itself, ransomware can come in many forms. Some of the most common types of ransomware include:
“In this type of attack, the cybercriminal encrypts all the files and data on a computer or network. The files and data can only be recovered by a decryption key that is provided on paying a ransom,” McAvoy says.
Attackers use social engineering to trick a user into thinking their computer is infected with a virus, then they suggest downloading and paying for a software that will “remove the virus,” according to McAvoy. “In reality, the removal software encrypts the user's computer.”
Rather than simply encrypting valuable files, locker-ransomware locks users out of their devices altogether. A user will be unable to access anything on locked-out devices until the criminal allows them to.
As the name implies, this method is all about leaking potentially sensitive personal information into the public domain unless the ransom is paid. Leakware attackers increasingly target organizations with very private information, such as hospital/healthcare networks and law firms.
Ransomware as a Service (RaaS)
Ransomware as a service is a type of targeted attack where ransomware companies/groups support hackers with tools, infrastructure and more to make the ransomware process easier. Talented hackers can then breach a target, deploy the outsourced ransomware and split the profits with their RaaS backer.
These attacks can be very sophisticated and even occur on geopolitical levels, with terrorists and nation-state actors targeting national repositories of information or critical systems.
How to protect yourself from ransomware
One way to protect yourself from ransomware is to understand the threat it poses. Just by reading this article, you’ve come closer to defending yourself against a ransomware attack! Beyond that, the best protection is prevention, according to Casey Crane, cybersecurity expert and researcher at TheSSLStore.com. Crane recommends the following steps to make yourself (or your business) as safe as possible:
1. Use network security measures
While this may not be a massive revelation, email filters, firewalls and antivirus software should be the starting point for everyone.
2. Keep software updated
Constant update notifications on our devices are no one’s favorite thing, but they are a key to making sure that your device is ready for any new attacks and won’t fall prey to pre-discovered security flaws.
3. Educate yourself
Teach yourself about the types of phishing attacks ransomware attackers might use. Keeping an eye on how they are evolving is the most effective way to limit your exposure.
4. Implement multifactor authentication
On the business side, there’s no reason to leave important information accessible to anyone in your company who doesn’t need it. Individuals can enable two-factor identification and similar processes to make things harder for attackers.
Level up your cybersecurity game
If the above steps are already in your review mirror, you might be interested in the field of cybersecurity. Cybersecurity and IT professionals combat ransomware by both prevention and mitigation (in case an attack breaks through), according to Pantaleon. Prevention means antivirus software, user training and strengthening access to systems. Mitigation involves backups secured away from the main system with as much vigorous monitoring and security as your primary system.
If that sounds interesting to you, consider this field as a potential career option. The world will certainly need more cybersecurity professionals. “Nowadays, it’s not a matter of if you’re going to sustain an attack—it’s a matter of when it will occur,” Crane says.
But the rising demand is only the beginning. Check out “Is a Cyber Security Degree Worth It? Analyzing the Facts” for a breakdown on what a degree in this field can offer.