Ransomware Attack
Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands.
There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishingspam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in Social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like Notpetya, exploit security holes to infect computers without needing to trick users.
The importance of two-factor or multi-factor authentication as an extra step to make it harder for an attacker to break into an organization with a stolen or guessed username and password. A column from IBM’s Security Intelligence blog published after I recorded my podcast makes the same point. It also argues that multi-factor authentication has to be added to all applications that need logins, not just email or the corporate virtual private network.
There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files.
Target for Ransomware
In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim’s computer due to the presence of pornography or pirated software on it, and demanding the payment of a “fine,” perhaps to make victims less likely to report the attack to authorities. But most attacks don’t bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim’s hard drive unless a ransom is paid.
There are several different ways attackers choose the organizations they target with ransomware. Sometimes it’s a matter of opportunity: for instance, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.
There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks: keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit. Don’t install software or give it administrative privileges unless you know exactly what it is and what it does. Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.
Ransomware is big business. There’s a lot of money in ransomware, and the market expanded rapidly from the beginning of the decade. In 2017, ransomware resulted in $5 billion in losses, both in terms of ransoms paid and spending and lost time in recovering from attacks. That’s up 15 times from 2015. In the first quarter of 2018, just one kind of ransomware software, SamSam, collected a $1 million in ransom money.
*All information are property of respected publishers finding and analysis and credit being given.