An employee gets an e-mail and downloads an attachment they think is legitimate. Next thing you know, or sometimes weeks to months later, all employees see a screen similar to the following:
You’ve just become one of the many victims to ransomware.
UC Berkley explains:
“Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.”1
This is what recently happened to a Florida city that days ago voted to pay 65 Bitcoin, approximately $600,000 USD at the time of this writing, to a hacker or hackers who seized the city’s computer systems. The grinding halt resulted in the city’s police department resorting to paper documents for everything from 911 calls to traffic citations to employee paychecks.2 Although a recent example, it certainly does not stand alone. In 2018, the FBI reported 1,493 victims of ransomware attacks with a total loss of $3.6 million dollars, not including incidental losses such as time, wages, and lost business.3 This is also just the data reported to the FBI voluntarily – the reality is likely much worse, and is often reported as such. 4
How does ransomware work?
Ransomware is malicious software with the intent to hold data ransom, which usually works where the software encrypts the user’s data and the attacker is the only one who has the key to decrypt the data. This prevents the user from simply unplugging the machine and pulling the data off the hard drive. As was the case in the Florida example above, the attacker can often encrypt files on other connected machines, such as network shares, which can completely cripple an entire networked system.
The ransom is usually elicited in Bitcoin, or some other cryptocurrency, favored for the difficulty in tracing payments made to the attackers. The unfortunate reality is that it is a roll of the dice as to whether the attacker will provide the means to decrypt your data or will instead just take your money and run. Alternatively, some will decrypt part of your data and demand money to decrypt the rest.
Attackers are getting smarter
This isn’t your typical “Nigerian prince” e-mail scam, although this year it was reported that these scams are still successful to the tune of $700,000/year.5 These attackers are infiltrating your computer systems, often playing on the need for data in targeting large corporations that have a low tolerance for downtime. This, they hope, will increase their odds at getting paid.
And indeed, this works! Also, in no small part, because the attackers will look at the documents in the systems they have taken over to understand things like the financials of the company they are targeting. When your excuse for not paying the ransom is “We don’t have that kind of money” these attackers can reliably say “Yes you do.”
Be smarter and learn how to limit your risk
So what can you do to prevent his from happening? The biggest piece is starting with the weakest link, the users (cue Tron music). Teach your users (employees or others) to recognize a phishing attack. The biggest tip here, if you aren’t 100% sure of the link you are about to click, or attachment you are about to download, DON’T DO IT! Also, keep frequent backups of all your data and store that data unattached from your networked system. Check out my friends over at LMG Security for a full ransomware guide to get yourself educated and prevent this from happening to you!
- See https://safeatlast.co/blog/ransomware-statistics/ (Ransomware cost businesses more than $8 billion in 2018)