While ransomware seems like a relatively new problem – creating splashy headlines and capturing the attention of individual users and businesses alike for the past few years – the first attacks were actually seen as far back as a decade ago.
According to Trend Micro, ransomware – which involves advanced encryption to prevent access to important files alongside a ransom demand – first emerged in Russia around 2005. Since then, these instances have only increased in severity and frequency, and ransomware continues to present a challenge for digital security today.
As a C-Suite executive, the specifics behind ransomware – including the more technical elements like the encryption being used – might be a bit out of your purview. However, this doesn't mean there aren't a few things you should know about these types of attacks. Awareness is the first step toward protection, and in that spirit, Trend Micro is here to ensure you and your executive team remains in the know when it comes to ransomware.
What exactly is ransomware?
While it'll be up to your IT admins to learn more about the nitty gritty technical elements, executives should have a base knowledge of what ransomware attacks are. Trend Micro defines ransomware as "a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid."
In other words, ransomware attacks utilize a stick-em-up approach, preventing users and businesses from accessing their important files and applications until a specific amount is paid to the hackers initiating the attacks. Oftentimes, this ransom is demanded in Bitcoin, a digital currency that helps to keep transactions in the virtual realm more anonymous.
A ransomware scenario
Just imagine it this way: You enter your office, sit down at your desk, and boot up your computer to start the day. However, instead of being greeted by the usual welcome screen or desktop home screen, you see a notification window containing a very different message. In essence, it tells you that cybercriminals have gained access to your system or network, and will not allow you to access anything – files, applications, databases, communication platforms, etc. – until they receive a ransom. The hacker or hackers behind the attack have put a sophisticated encryption program into use, and are forcing you to pay for the decryption key.
What to know: Paying off cybercriminals
As Trend Micro's Jon Clay pointed out, the consequences of this type of attack can quickly become very serious.
"At the very least you'll be forced to pay a ransom to get access back to your files," Clay wrote. "This could be a few hundred dollars but some organizations have been extorted for far more."
In one case, a medical center paid $17,000 to hackers for the decryption key that would unlock their critical systems and restore administrative functions. In a separate attack on an American hospital, hackers required a ransom of more than 9000 bitcoin – the rough equivalent of $3 million – to unlock critical files, according to International Business Times.
No guarantees with thieves
However, it's important to understand that even if the ransom is paid, this is no guarantee that hackers will reestablish access to files and essential systems. In fact, Healthcare Informatics reported in May that this situation recently took place at a hospital in Kansas.
"However, after the hospital paid a ransom, the hacker did not return full access to the files," Healthcare Informatics reported. "Instead, they demanded another ransom."
What's more, James Trainor, assistant director of the FBI's Cyber Division, noted that this is becoming more common. Several instances like this have taken place recently, where the ransom demanded by hackers is paid, but access to files isn't returned. After all, once a cyber criminal has locked an organization out of its most important data and assets, what's to stop him or her from requesting more and more money?
"Paying a ransom only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity," Trainor wrote in a blog post for the FBI. "And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals."
Limited options after an attack
However, not all experts agree with Trainor's take. In fact, IDC News contributor Lucian Constantin reported that one FBI official noted that in some cases, the agency has no choice but to advise a victim to pay the ransom. These instances also typically involve a lack of backups, meaning there are limited alternatives besides paying the ransom and hoping for the best.
While law enforcement officials have been working to quell the recent rash of ransomware attacks, even these organizations aren't immune.
"There have been some successful collaborations between law enforcement and private security companies to disrupt ransomware campaigns in the past," Constantin wrote. "In most cases, however, law enforcement agencies are powerless in the face of ransomware, especially the variants that hide their command-and-control servers on the Tor anonymity network."
Don't count on luck
Although security companies have been able to pinpoint certain coding mistakes in some ransomware variants, allowing them to develop decryption tools, this stroke of luck doesn't happen very often. What's more, hackers are quick to identify and correct these errors, and new strains of ransomware are being release on a considerably frequent basis.
As with any type of breach, it's also critical not to rely on a "it won't happen to me" approach. Small organizations as well as large enterprises across all different industries have been impacted by malware. For this reason, it's essential that executives know how to prevent attack.
How to protect your business
While ransomware is one of the most veritable and severe threats in recent memory, this doesn't mean your business is without options for protection. Trend Micro recommends taking these steps:
- Back up critical data: Hackers are powerless if your organization has backups of all the information it might be locked out of during a ransomware attack. If your users can access data from a secondary environment, there's no need to pay for access to your original files. It's best to leverage a 3-2-1 system here, where the company has three backup copies of all important assets on two different medias, one of which is kept in a protected, offline site.
- Ensure awareness: Just as it's critical for the C-Suite to be educated about ransomware, so too should your employees have an understanding of these threats. Users should know not to open suspicious links or attachments that might come in unsolicited emails. What's more, even if an email appears to come from a legitimate source, it's best to confirm before opening.
- Deploy security patches: As with any type of threat, it's essential that all system patches and updates are deployed as soon as possible. These updates often include security improvements that can prevent breaches and attacks by eliminating exploitable weaknesses in software.
Ransomware is a growing threat that has been impacting organizations of all sizes across nearly all industrial sectors. However, this doesn't mean that your company should be left unprepared. With education, layered security and critical system backups, your business will be in the best position possible to prevent this type of attack.