what is ransomware?
Chuck's Cyber Wall
Ransomware attacks are in the news so often that it’s almost become background noise. To put some numbers to it, in 2022, there’s a new Ransomware attack every 11 seconds, and they’re responsible for a third of all reported data breaches. One of the most terrifying things about this type of attack is that because most start as phishing scams, anyone with a computer is a potential victim. Because many small businesses typically lack a robust cybersecurity stance, they are especially vulnerable.
With so much noise, I’m providing some important things to know about Ransomware, who is being targeted, and how to deal with attacks.
WHAT IS RANSOMWARE?
A type of malicious software, the idea behind it is simple – encrypt the victim’s computer to lock them out of it and demand money from them to restore access. With your personal or business files being held hostage, these hackers instruct victims to pay within a set period or risk losing that data forever. The worst part is that paying the ransom doesn’t ensure that access will be restored.
There are multiple types of Ransomware.
Coming at you as annoying popups or alerts that manufacture a sense of urgency, scareware claims to have found serious issues with your computer and demands that you pay to fix the problems. These often mimic well-known anti-virus, anti-malware, or system tools, such as Norton, Malware Bytes, or CCleaner, and usually come from infected websites.
When this malicious software infects a system, it completely locks the computer, making it inaccessible. Sometimes there is no ransom, and it just locks you out, but more often, there is a lock screen with contact information that includes whom to pay and how much. Though, as with most Ransomware, chances are that paying will not restore access. These attacks most often come from phishing scams and infected websites.
Among the more damaging types of ransomware, this targets files, folders, and hard drives, encrypting the data while leaving access to computer programs. To access their data, victims are typically required to pay ransoms in bitcoin, making the payments harder for authorities to track. Most often delivered by phishing scams, the software also accesses contact lists to spread and is especially virulent within networks.
Also known as leakware or extortionware, the purpose of this software is to force victims to pay a ransom to avoid having stolen information published online. With more people storing sensitive data on their computers, this ransomware gets very personal. At one time, the risk to small businesses was minor, but with the regulations surrounding ePHI and PII, this type of breach can cost small businesses fines that easily reach seven figures. Doxware tends to be more target based, going after people or businesses most at risk, though it can be delivered through phishing scams and infected websites.
Apple products and mobile phones are immune to these attacks, right? WRONG! There is ransomware specifically designed for these platforms, spread by phishing scams, infected apps, and USB charging. This software will most often encrypt and lock the devices requiring payment to restore access.
Known as Ransomware as a Service, this works like a structured business where cybercriminals work with ransomware developers to distribute the software, collect payments, and manage decryption keys, with each department getting a cut of the overall ransom. They are also known to follow up with victims who have paid ransoms, claiming to still have access to their systems and demanding more money. These cybercriminals actively infect websites, send out phishing scams, and target at-risk individuals and businesses, trying to infect as many people as possible.
WHO ARE THE TARGETS?
As we mentioned above, everyone is a target, but that doesn’t mean that hackers aren’t able to choose their targets. Sometimes they go after people and businesses who can pay larger ransoms, but mostly they are looking for easy targets. When identifying targeted ransomware attacks, we’ve found that they go after four particular groups:
Businesses with small or no security teams – primarily small businesses and universities who are perceived to have file sharing practices are not very secure, have simple or no passwords, and limited security protocols.
Any business that maintains sensitive digital information – all small medical practices, law firms, and real estate agencies fall into this target range because revealing this data could result in significant fines, legal controversies, and public embarrassment.
Those who will pay quickly – this includes organizations such as banks, hospitals, and government offices, which face severe consequences for not having immediate access to their data, and individuals with a large social media presence.
Corporate/Infrastructure Entities – members of this target group include not just the organizations themselves but anyone who uses their logo, which can include contractors, business associations, and franchises.
BEST PRACTICES FOR DEALING WITH RANSOMWARE
As I mentioned above, Ransomware is exceptionally profitable for cybercriminals, with no guarantee that paying the ransom will put an end to the threat. The most critical thing about Ransomware is prevention, but to prevent it, we must all realize that everyone is a target.
Once you accept that, here are some ways to deter cybercriminals and protect yourself.
- Get Security Software: if you don’t have some type of anti-virus or anti-malware on EVERY computer, you are vulnerable
- Update, Update, Update: yes, all those Windows updates, Office updates, and browser updates can be annoying, but the vast majority of the updates are security updates—if you’re not doing them, you’re leaving yourself vulnerable
- Be Wary of Phishing Scams: I talk about Phishing scams often, and these are the perfect payloads for Ransomware—think before you click on links or attachments
- Watch Out For Macros: if you do open an attachment and it says anything about macros, STOP and make absolutely sure that it comes from a trusted source – if not, cancel and immediately delete that email
- Backup, Backup, Backup: this cannot be stressed enough—if you have a solid backup, no matter what else happens, you can be back up and running with minimal downtime
- Never Pay the Ransom: one of the many things we’ve learned is that even if you pay the ransom, there is no guarantee that you’ll get your data back, and paying tells the cybercriminals that you can be exploited over and over and over, just don’t do it!
AWARENESS IS THE BEST DEFENSE
Cybercriminals are getting more advanced, and new Ransomware variants show up all the time. Remember, these hackers are looking for the path of least resistance. Don’t be an easy target – be aware, secure your data, and train your employees. The more difficult you make it for the cybercriminals, the better you and your data will be protected from being the next Ransomware target.
At Clark Computer Services, we have the cybersecurity expertise you need, whether its help with compliance, securing your network, getting security software onto your computers, and more. Contact us at 301-456-6931 or [email protected] to see how we can help you and your business get Cyber Secure!
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com