THE RISK OF RANSOMWARE

Ransomware is one of the biggest cybersecurity issues on the Internet and one of the biggest forms of cybercrime facing businesses today. It involves the creation of malicious software that encrypts files and documents on a PC up to an entire network and its servers. Those affected are left with few options: They can either pay a ransom to get their encrypted files back, restore the data from their backups, or hope that they can decrypt them themselves. 

Ransomware attacks start very quickly, sometimes even with someone in an organization clicking on a seemingly innocuous attachment and then encrypting the system's files. Much larger ransomware campaigns, however, use software exploits and vulnerabilities in software to access files. The attackers secretly scan the network until they can control as much as possible before encrypting all the data they can.

Some attackers also publicly announce that they are holding corporate data hostage. They even publish the data on the Internet until the company pays the ransom to get it back. Because of the simplicity and multitude of these incidents, ransomware is now considered the most immediate cybersecurity threat to businesses and a problem that needs to be taken more seriously. 

How did ransomware evolve? 

Early ransomware was a relatively simple construct, using a simple code that mainly changed the names of files, making it easy to defeat. However, this evolved into a new form of cybercrime that slowly developed into advanced code that targeted corporate networks and ordinary Internet users. One of the most successful types of ransomware at the time was police ransomware, which attempted to extort victims by claiming that the PC had been encrypted by law enforcement. This way, victims were supposed to be tricked into paying the ransom, thinking that it was the police who demanded the ransom. Meanwhile, they were actually criminals who took advantage of innocent people. However, at that time, their systems were not that good, and users could simply restart their computers, after which the message disappeared. However, criminals have learned from this approach, and most ransomware programs now use advanced cryptography to truly lock down a PC or network and the files on it. 

How much will a ransomware attack cost you? 

The immediate costs associated with ransomware depend on the hackers themselves. But after those initial costs, which can run into the millions, money is also lost if the company can't do business. Every day, perhaps even every hour, revenue can be lost if the network is unavailable. If the company decides not to pay a ransom, hiring a security company would also incur additional costs. In some cases, these costs may be even higher than the ransom demand, but companies would rather give their money to security companies than to criminals. There is also a risk that customers will lose trust in the company due to poor cybersecurity and look elsewhere. 

Why are small businesses targeted by ransomware? 

Smaller businesses are more likely to be targeted because they tend to have poorer cybersecurity practices than larger organizations. Many people believe that because they are so small, they are less likely to be targeted. However, for cybercriminals, any money they can capture is good money. 

What do Bitcoin and other cryptocurrencies have to do with the rise of ransomware? 

The rise of cryptocurrencies like Bitcoin has increased the activity of cybercriminals, as they can use this type of malware to receive payments secretly. This way, there is no risk of authorities identifying the perpetrators. Many cybercriminal ransomware groups even offer "customer services" to teach victims how to use cryptocurrencies. This is because many victims do not know how to transfer the ransom to the perpetrator. Some companies even hoard some cryptocurrencies in case they get infected and need to pay quickly in Bitcoin to get their files back. 

How can you prevent a ransomware attack? 

Most hackers start by exploiting insecure Internet ports and remote desktop protocols. Therefore, one of the most important measures an organization can take to prevent this is to ensure that ports are not opened to the Internet if they are not necessary. However, if they are necessary, the company should ensure that they are protected with complex credentials. Applying multifactor authentication to these accounts can also serve as a barrier against attacks. Ensuring that the network is updated with the latest security updates should also be done, as hackers will attack commonly known vulnerabilities. Employees should also be trained on how to recognize attacks via email, as many attacks target employees who don't know any better. Antivirus software can also be downloaded to the PC to avoid potentially malicious files. 

Ransomware and the Internet of Things  

As much as the Internet of things improves connectivity, they have a bad reputation when it comes to security. As more and more of this type of technology comes to market, it also creates more attack opportunities for cybercriminals. This can lead to hackers taking your connected home or even your connected car hostage. The shocking thing is that even medical devices can be hacked, putting human lives at direct risk. There are also constant warnings that the growth of smart cities could be tempting for cyber attackers. 

Because ransomware is constantly evolving, it's vital that your employees understand the threat it poses and that organizations do everything they can to avoid infection. This is because ransomware can be crippling and decryption is not always possible. 

In the ever-changing world of InfoSec, Franklin Fitch ensure that we have the main areas of focus covered in terms of our technical expertise and experience, please click here to find out more information about the current vacancies available.