Ransomware is a form of malware that restricts users from accessing their own system and usually also encrypts important files. This forces the victim to make a decision: either make a ransom payment (within the stated timeframe) or risk permanently losing all of their files and/or system access forever.
It should be noted though, that making a ransom payment may not necessarily recover encrypted files. There have been documented cases where decryption keys have not been provided, even when the ransom was paid.
Over recent years, ransomware has been steadily gaining popularity with cybercriminals.This increase has in part, been facilitated by the emergence of cryptocurrencies, such as Bitcoin. The main impediment with early forms of ransomware was the lack of an anonymous way to collect payments, so some demanded prepaid gift cards, or SMS messages.
Nowadays, nearly all forms of ransomware request payment in Bitcoin, since it’s the most popular cryptocurrency, easy to use, transactions are irreversible and the currency is global. The drawback for cybercriminals, though is that a record of every transaction is publicly available. To get around this, they use money laundering services that conceal their identity before cashing out. As a result, these attacks end up being incredibly difficult to trace, even for law enforcement agencies.
One of the most well-known ransomware attacks is the WannaCry attack that occurred in May 2017. Over 230,000 computers worldwide were infected, including major organisations such as the National Health Service (NHS), FedEx and Renault. The computers targeted were running on an old version of the Microsoft Windows that had not been updated with a security patch released two months previously. Many users had not installed the patch by the time of the attack.
Most of the time, the main goal of ransomware is to raise money, not to cause damage to the user’s system. Because of this, the requested ransom amount is usually reasonably small, typically around £500 or less, making it manageable for most targets of infection.
If the cybercriminals wanted to cause as much damage as possible, more than likely, they would choose other forms of malware, unless they wanted to disguise the attack, which seems to be the case with the Petya ransomware attack in June 2017, that suspiciously focused on targeting Ukrainian government institutions.
Users should make sure their operating systems and applications are kept up-to date, in particular any anti-virus programs. As new viruses and malware are being developed all the time, updates and patches are constantly being released to plug exploits. Being even a day or two behind on installing a new patch could make your system vulnerable. Keep inventories of the software and systems you use, to ensure you are not missing any.
If you are concerned about missing out, most software companies will send an email to alert you to new updates. Make sure to check if this is the case, and that you are definitely a subscriber.
Always avoid clicking on suspicious hyperlinks or email attachments. These are common methods used by cybercriminals to spread malware. Unsolicited emails from organisations you don’t deal with should always be treated with suspicion. There are online tools available that can actually check if links are safe, without you having to actually click on them.
If you have up-to-date copies of the files that have been encrypted, then there is no need to pay the ransom fee. Set some time aside to back up files on a regular basis. Overnight is often a good choice, as systems are not being used. There are many programs and plugins available that can make automatic backups for you.
Make sure your employees and colleagues understand best practice when it comes to cybersecurity, have a set routine everybody follows for backups and updates. Even one weak link in an organisation can enable an attack with serious consequences.
If you’re interested in a secure and powerful business process management platform, book your free no-obligation SwiftCase demo today.