Ransomware and digital extortion 101
Written by Dr. Christine Izuakor
Since the first documented ransomware attacked occurred in the late 80s, the attack method has increasingly become a threat to organizations and individual consumers. One cybercriminal may lock up a family’s computer and hold their precious photo memories hostage with the threat of deleting them. Another may cripple a business by locking up their primary revenue generating application database, costing the company thousands of dollars in lost sales by the minute. Whether you are an individual consumer, business, or other type of entity, ransomware has the capability to impact us all. Learn more about what ransomware is, how it works, how it’s affecting the industry, and what you can do to protect yourself.
What is ransomware, and what are conventional approaches?
Also termed digital extortion, ransomware is a form of cyber -attack in which criminals block access to prized digital possessions or resources and demand payment for their release. While the industry generally associates the term ransomware with malicious encryption software, there are numerous tactics cyber attackers use to launch ransom related attackers online. These attacks can generally be categorized based on three attack approaches.
· Encryption: The first and most common approach is to encrypt the victim’s data so that they are unable to view or access it. The attacker holds the encryption keys and thus the power to reveal the data or throw away the key, making it virtually impossible to unencrypt and retrieve.
· Account Hijacking: The second approach is simply blocking a victim’s access to a valued resource. An example of this would be hijacking a social media account password in exchange for payment. In this case, the victim may try to log into an account only to find a message that says the password has been changed. Upon trying to reset the password, they may learn that the attacker has also changed the email address associated with the account so that the password can no longer be reset by the owner. Next, the user gets a separate message from the attackers with instructions for payment in order to learn their new password.
· Blackmail: The third approach is blackmail. Cybercriminals may access systems looking for sensitive or private, sometimes even embarrassing, information that they can threaten to make public if the ransom is not paid. For example, in a past scheme, an attacker was able to remotely turn on the webcam on computers and take photos of the target. The criminal would then present those photos with often fictitious evidence of inappropriate sites the users were visiting. The cybercriminal then asks for payment to prevent the release of this information to friends, family and the general public
The bottom line is that ransomware is a way that malicious individuals, typically motivated by financial gain, coerce individuals into paying money to regain access to their prized possessions or save their reputations.
What are the common ransomware attacks, and how are they delivered?
For an attack to be successful, the criminal must be able to get the malicious program to the target. Most attacks then require some form of human action to execute. The attacks usually get delivered to a user in the form of a malicious link or file through email messages and pop-up windows. Once a user clicks, the malware gets downloaded, and the damage begins. After launching, most variations of ransomware can replicate and spread through systems automatically.
There are many variants of ransomware out there today. Some of the biggest names often discussed, especially within the last few years include Crypto Locker, CryptoWall, WannaCry, Petya, NotPetya, TeslaCrypt, and countless others. In most cases, once a user accidentally enables these, they begin encrypting files and any storage areas connected to the initially infected device to spread as far as possible through the network.
How is ransomware impacting the cyber security industry?
There are a few trends to be aware of when it comes to ransomware in 2019. The attacks have grown in popularity, so much so that Ransomware-as-a-service or RaaS is a growing industry on the dark web. Cybercriminals are able to purchase or subscribe to ransomware attack technology that they can then use against their targeted victims. While research shows a decline in the volume of ransomware attacks occurring over the last year, the latest attacks tend to be more targeted and impactful. Cyber attackers are applying the principle of “quality over quantity” when selecting their targets and planning attacks. Additionally, the impact of these attacks tends to exceed the direct financial damage that potentially results from paying a ransom. The cost also includes lost productivity, time spent on investigation and response, and potential reputational damage if the incident is made public.
What should you do if you are hit by a ransomware attack?
The first step in addressing the threat of ransomware is prevention. Before focusing on how to respond, take measures to limit your exposure to such attacks. A few ways that you can do this are through maintaining a healthy organizational security posture and following general security best practices, including regularly backing up data. Training and awareness of employees is also a proven way to prevent attacks when done consistently. The success of an attack usually requires action from a user to execute the malicious code. The more end users are aware of the risks of clicking on links or attachments that can launch ransomware in your environment, the higher chances you have of avoiding the successful introduction of the malware in your network. Next, focus on detection and response. There are tons of network monitoring tools and technology that can be used to detect suspicious events that can lead to attacks. I’ll be sharing a quick guide to ransomware response soon!