What Is Ransomware?
- 20th May 2021
- Michelle Pace
- Cyber Crime
What is Ransomware?
Malware is MALicious softWARE, that once downloaded onto your PC, tablet or mobile can cause untold damage, from encrypting files and damaging devices to stealing your data.
Ransomware is a form of malware and is a critical threat to your data done in an effort to extort money. It is designed to block any access to your data until you pay a requested sum of money to the cybercriminal(s) involved. This sum can range from a few hundred dollars to thousands and is generally paid in cryptocurrency, such as Bitcoin, to keep a level of anonymity for the criminals.
Once the ransom is paid, the cybercriminals can show you how to access a decryption key so that you can regain access to your files.
This type of cyber attack can happen to anyone, whether it’s your personal data and files or business data. Ransomware is easy to develop and is extremely lucrative for criminals because most organisations will pay the ransom to have their data returned to them and these factors make it incredibly effective.
Types of ransomware
There are two significant types of ransomware. The first is Locker ransomware which effectively ‘locks’ your data and Crypto ransomware which encrypts your data.
Much of this software can have built-in ‘social engineering’ which dupes users into allowing administrative access.
One of the most common examples of using social engineering to extort money is by using ‘phishing’ scams. The victim is sent an email that looks, for all intents and purposes, like a legitimate email from a genuine company. These emails contain a malicious link that once clicked on or downloaded by the unsuspecting recipient, allows their device to be consumed by the virus. It may also happen if someone visits a malicious or compromised website.
The victim may see a pop-up ad banner telling them that their PC has been infected and that they must urgently click the ad to remove the malware. In panic and haste, they click the ad and now their computer really is infected. This is also known as scareware or adware. This is the least destructive and all files are likely to be safe if you don’t click on the ad, but the subsequent barrage of pop-up ads will be rather irritating!
There are many notable cases of ransomware attacks such as these below-
CryptoLocker
CryptoLocker was one of the first notorious ransomware attacks. Launched in 2013, the malware affected an estimated 500,000 devices at its peak and allegedly obtained $3 million dollars during its reign.
CryptoWall
This followed on the heels of CryptoLocker, from April 2014. The FBI estimated that within just 14 months, this malware had amassed over $18 million.
TeslaCrypt
TeslaCrypt became known in 2015 and demanded ransoms paid in cryptocurrency and even PayPal. It is estimated the hackers netted just under $80,000.
Petya and NotPetya
Petya began in March 2016 and targeted Windows servers, laptops and PCs. Although the attack was felt around the world, it primarily attacked Ukraine. The ransomware is said to spread via phishing or spam emails. NotPetya is a variant of the original Petya discovered in June 2017 but uses different methods of encryption.
Locky
Locky was launched in 2016 and similar to other ransomware attacks, it comes via an infected file within a fake email. It is estimated that the Locky ransomware sent over 23 million spam emails in 24 hours and is a multiplying variant of the ransomware family.
WannaCry
In 2017, WannaCry was seen in over 150 countries, with over 125,000 organisations affected.. By exploiting a weakness in Windows Operating Systems, the attack managed to lock a third of NHS hospitals out, costing an alleged £92 million. The global impact was $4 billion in financial costs. This attack is considered the biggest in history.
SimpleLocker
This was the first Android-specific malware that worked by scrambling your data and files on your mobile phone. The majority of those affected were in the States, but the software is said to have originated in Eastern Europe.
BadRabbit
2017 saw another ransomware attack that used ‘drive-by’ attacks. The ransomware attacks and compromises insecure websites and is disguised as an Adobe Flash download. The victim downloads the install and the software begins to lock the victim’s device. Cases appear to be located mainly in Ukraine and Russia
Should I pay if it happens to me?
Any law enforcement department highly recommends that you don’t pay the ransom, but this appears to be more about stopping the spread of ransomware by making it less profitable by not paying up.
It’s not so black and white in the real world. You or your organisation need that now-unobtainable data and certainly don’t wish it to be made public either. You may need to assess the cost of paying up versus the cost of damage to your files and financial repercussions if you don’t.
There is no clear-cut answer to this question.
- You may be covered in part by insurance if you choose to pay out, but you may leave yourself open to a second attack once they know you’ll settle their request.
- There is no guarantee that your files will be returned or that the decryption code will restore them.
- You may find yourself with legal fees if it becomes a data breach.
- Yet, having said that, settling the demand can be cheaper to settle than not giving in and dealing with the financial aftermath.
If you absolutely cannot afford to lose the data and have exhausted every other avenue, payment may be the only choice left to you.
Ransomware Stats (from PureCloud)
Ransomware attacks cost the UK approximately £346 million per year.
Over half of those targeted companies did not receive their data and files back after paying the ransom.
Small and medium businesses are more likely to be targeted because they are thought of as less well defended.
47% of UK businesses have been affected by a form of ransomware
Nearly 60% of ransomware is delivered via email
58% of businesses comply with the ransom demands although advised not to
How to protect yourself
- Ensure that any devices have the latest antiviral/ anti-malware software installed, such as McAfee Total Protection
- Don’t run free antivirus software because they are not up-to-date on the latest malware
- Keep up to date with any serenity and system updates, these contain the latest security updates and patches. Set the updates to automatic if you can
- Don’t open any emails that look suspicious and never click on a link. Using a search engine, find the company the email is allegedly from and contact them to ask if it is legit. No company will ask for passwords etc by email.
- Regularly back up your file and data, again, automatically where possible.
- Sign in to your Notty Account regularly for any updates about breaches and any notifications regarding your information being available on the Dark Web.
- Take out McAfee and CyberCareDNA to fully protect yourself with an exclusive offer for all Notty Account holders
- Use common sense - if it seems too good to be true, or appears a little ‘off’, it probably is.