Due in large part to COVID-19 and the increased prevalence of remote work, ransomware attacks dominated 2020, and experts predict there will be at least twice as many cases of data theft in the new year.
The U.S. Cybersecurity & Infrastructure Security Agency defines ransomware as “a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.” It often spreads through phishing emails or when a person inadvertently visits a compromised website.
Ransomware attacks, however, aren’t new; the first one dates back to 1989, and over the years, the attacks have become more sophisticated and advanced as equipment and technological capabilities have changed.
This rise in cybersecurity crime is why there’s a growing need for cybersecurity professionals to work against these threats. That includes people called penetration testers (also known as ethical hackers). Their job is to infiltrate computer systems on purpose in order to detect and address vulnerabilities that non-ethical hackers could exploit to cause havoc.
Now let’s explore the details of a ransomware attack, the most common types of attacks and how you can protect your company against this potentially crippling catastrophe.
How Does a Ransomware Attack Work?
In order to become victim to a cyber-attack, you must first allow criminals access to your computer system or network. Of course, you don’t “allow” access on purpose, but have you ever received a suspicious-looking email or pop-up advertisement? Criminals will access your system through a “vector,” some of which include:
- Email attachments
- Social media messages (example: Facebook friend requests)
These attachments and messages are designed to look real, of course, so that you’ll click on them, which allows criminals access to your files and information. Once you do so, however, the ransomware will encrypt your files.
As CNN explains, “The attacker then typically demands a ransom from the victim to restore access to the data upon payment. Users are often shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, often payable to cybercriminals in Bitcoin.”
Some have even cost millions of dollars.
Common Types of Ransomware Attacks
REvil (short for Ransomware Evil) is known as aransomware-as-a-service (RaaS) operation that extorts large chunks of money. It’s also considered the most widespread type of ransomware threat; the actor behind this type of attack also “steals business data and threatens to release it.” They also often rely on other cybercriminals (known as “affiliates”) to distribute the ransomware.
This type of ransomware — which is estimated to be responsible for more than a third of ransomware attacks in 2020 — encrypts important business files and demands a high ransom (usually millions of dollars), according to Datto. Ryuk ransomware has become more popular and is used to target companies, hospitals, government entities and more.
This type of malware “essentially holds a computer or computer system hostage,” according to Verizon. A malicious actor typically infiltrates the system through a phishing scam (or other security weak spots), encrypts the files and leaves a ransom note. If the victim pays (usually in Bitcoin), the data will be returned and the computer system will go back to normal.
This type of ransomware attack is known for “its targeting enterprises by means of gaining access through certain admin credentials and utilizing them in order to spread throughout the whole Windows network,” according to Tech Times. It’s also one of the first forms of ransomware where criminals actually call the victims and further demand payment, according to a notification released by the FBI in December 2020.
This threat spreads through a fake Adobe Flash update. When an infection occurs, users are directed to a payment page.
Notable Ransomware Attacks in 2020
Cyberattacks greatly increased as a result of COVID-19 since many people had to work from home and had less-than-secure servers and networks. You’ve most likely heard of a ransomware attack (or two) over the years; here’s a list of some of the notable ones that occurred recently.
- A string of hospitals across the country were the victims of ransomware attacks that started around the end of September 2020. In one case, a Medical Center — with 21 locations in Oregon — was infected with Ryuk and said the staff couldn’t access the computer system. As a result, radiation treatment for cancer patients had to temporarily stop.
- A university suffered a ransomware attack in July 2020 with approximately .02% of its data being affected, including employee and student information. In the end, the university paid $457,059.24 to the attackers to make sure the data and information wasn’t released.
- A ransomware attack shut down all network systems of a public school system in November 2020. The school system confirmed in January 2021 that there was no evidence that any data or information was accessed or stolen during the breach.
According to SafeatLast, about one in four companies around the world pay the ransom, but access to the information or systems is not always restored.
The Impact of Ransomware Attacks
Ransomware attacks can be costly, with organizations paying an average ransom of $233,217. But the attacks also go beyond monetary implications; they often leave companies and organizations feeling vulnerable and emotionally distressed, especially if personal information has been leaked.
According to the Cybersecurity & Infrastructure Security Agency, “ransomware can be devastating to an individual or an organization. Some victims pay to recover their files, but there is no guarantee that they will recover their files if they do. Recovery can be a difficult process that may require the services of a reputable data recovery specialist.”
One of the widespread effects of ransomware, and related cyber-attacks, is the increased demand for skilled cybersecurity professionals to serve as front-line defenders. It's expected that there will be several million unfilled cybersecurity jobs by next year.
How to Protect Yourself Against Ransomware
The Cybersecurity & Infrastructure Security Agency lists a variety of best practices to protect you and your company against ransomware. These include:
- Updating software and operating systems with the latest patches
- Being suspicious of unsolicited emails and avoiding clicking on links or opening attachments within them
- Backing up data on a regular basis
- Following safe practices when using devices with internet connections
Other best practices include creating strong passwords, choosing secure networks and keeping software current. It’s also important to report any type of ransomware attack to CISA, a local FBI field office or a Secret Service field office.
At the end of the day, ransomware attacks will never go away, especially as criminals incorporate new techniques and adapt to new technologies. But there are security best practices and steps you can take to protect your business or organization and help ensure that you aren’t the next victim of ransomware.
About the Author: Chuck Bane is academic director and professor of practice for the University of San Diego’s online Master of Science in Cyber Security Engineering program; he is a retired naval officer whose experience includes collaboration on cybersecurity projects with the Department of Homeland Security, the NSA and the DoD.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.