Unfortunately, WannaCry is only one of a dangerous new class of cyberattacks known as “ransomware.” As this article was going to press, in fact, a variant of the Locky ransomware had sent more than 20 million emails in 24 hours, trying to infect unsuspecting users’ computers. So what exactly is ransomware, and why does it have the potential to be so damaging for businesses?
What Is Ransomware?
The term “ransomware” is a hint at the methodology of this particularly frustrating cyberattack. In short, ransomware is a form of malware that essentially holds data hostage. Once it gains access to a computer system, ransomware encrypts users’ files in order to prevent them from being accessed. The software then displays a message on the screen informing users that they can only regain access to their files if they pay a ransom to the attacker.
Usually, victims must deliver this ransom via an anonymous payment method such as Bitcoin, preventing law enforcement from tracing where the payment goes. In addition, the amount of the ransom typically continues to increase if it’s not paid by certain deadlines, until finally users’ files are made permanently inaccessible.
The idea behind ransomware is not new. In 1996, two security researchers, Moti Yung and Adam L. Young, introduced the idea of “cryptovirology,” using cryptography to lock up information and extort innocent users. However, it’s only in the past few years that ransomware has really hit the mainstream. Network security firm SonicWall estimates that there were 638 million ransomware attacks in 2016, an incredible leap from only 3.8 million attacks the year before.
Some of the most infamous ransomware attacks are:
- Reveton: Perhaps the first modern ransomware, Reveton terrorized users during 2012 by claiming that they needed to pay a fine for performing illegal activities on their computer.
- CryptoLocker: This malware of Russian origin received global attention and ultimately extorted more than $3 million from its victims.
- WannaCry: The most devastating ransomware attack to date, WannaCry infected a variety of major organizations, including FedEx and the British National Health Service.
What Risks Does Ransomware Pose for Businesses?
Ransomware can be a serious hardship for individual victims, let alone organizations. According to a report by Symantec, the average ransomware demand was $1,077 in 2016. Multiplying this amount by the number of computers in an office shows just how quickly a ransomware attack can devastate an SMB’s operations.
Organizations that rely on their systems being continuously available, such as healthcare and finance, are among those that are most susceptible to ransomware. Every minute of downtime means a greater amount of lost revenue and greater damage to their reputations. As a result, these businesses are particularly inclined to pay the ransom right away, which makes them a highly appealing target for attackers.
For example, Hollywood Presbyterian Medical Center in Los Angeles fell victim to ransomware in February 2016, showing the potentially catastrophic effects of such an attack. Once inside the hospital’s systems, the Locky malware was able to shut down a number of machines, preventing the use of radiology and oncology equipment. The hospital was forced to declare an internal emergency, and it had little choice but to pay over $16,000 to regain use of their systems and continue treating cancer patients.
How Can Businesses Protect Themselves?
Not only does ransomware show no signs of slowing down, attacks are becoming more common and sophisticated. This is likely due to the massive financial gains that attackers can obtain from ransomware.
Some of the biggest ransomware trends include:
- New ransomware variants: Ransomware is constantly evolving in order to evade detection and counterattacks. For example, the Locky variant mentioned in this article’s introduction is different from, though related to, the variant that infected the Los Angeles hospital.
- Ransomware creation kits and “ransomware as a service”: Seeing the appeal of using ransomware, many malicious actors are trying to get a piece of the pie, even with limited technical expertise. In the past few years, cyber criminals have distributed “ransomware creation kits” and offered “ransomware as a service” to allow even novice attackers to start extorting while the authors keep a cut of the profits.
To confront the growing ransomware threat, businesses need to take several commonsense steps to protect themselves:
- Don’t open email attachments or other files from suspicious or unknown senders.
- Learn how to detect phishing scams that masquerade as a trusted company or individual.
- Update company systems and applications as soon and as often as possible.
- Maintain online backups. In addition to recovering from disaster and data loss, cloud-based backups can be a lifesaver by restoring encrypted data and removing the need to pay the ransom.
Businesses who are concerned about the availability of their data in the face of ransomware attacks should contact a managed security services provider so that they can better understand the risks that they’re up against and the options available to them.
If you’re looking for a way to improve your backup and disaster recovery software or offer more comprehensive backup and disaster recovery solutions, please go to our MSPs page to learn more about how to protect your business. Our managed IT, backup disaster recovery and cloud services are designed to help your business improve its endpoint protection, enhance its management capabilities and adapt to the challenges of an ever-more-complex online world.
Contact us today to get answers to your questions or to find out how our managed IT services and more can help your brand grow.