There’s no shortage of methods of attack in the modern cybersecurity threat landscape. But there are few approaches quite as insidious as malware which sneaks onto your computer system, stealthily encrypts your files, and then holds you, hostage, by charging a ransom for you to regain access to what is rightfully yours. That, in essence, is the threat of ransomware attacks, which have become a growing scourge of users online over the past several years.
The first documented ransomware attack dates all the way back to the AIDS Trojan/PS Cyborg in 1989. However, as far as modern ransomware attacks go, the most notorious remains the WannaCry ransomware.
Although it lasted only around one month, in May 2017, WannaCry is thought to have affected upward of 200,000 computers in 150 countries, running the Microsoft Windows operating system. Damage resulting from the attacks potentially reached into the billions of dollars. It is believed that the attack was waged by cybercriminals from North Korea or those working on its behalf.
How WannaCry was able to do so much damage
WannaCry relied on a vulnerability in Windows and a hack called EternalBlue, details of which were published by a group of hackers referred to as the Shadow Brokers. While Microsoft dutifully released a security patch that protected users from this potential exploit, enough users and organizations failed to install it that they were able to be targeted in large numbers by the WannaCry ransomware.
It was spread by attacking public-facing server message ports. This allowed it to proliferate at unparalleled speeds since it did not require users to click on phishing emails or download files containing the relevant malware from dodgy websites.
In order to regain access to their files, users were told that they had to pay $300 in bitcoin. This figure was later increased to $600. If the user refused to pay up in three days, they were told that their files would be irretrievably deleted. The attack wound up affecting not just individual users and businesses, but also hospitals and other essential services. Virtually no other cyberattack has caused so much chaos in such a short space of time.
Ransomware attacks ramping up
Unfortunately, where most people came away from the WannaCry incident with a new hatred for ransomware, cybercriminals sensed an opportunity.
Since May 2017, similar ransomware attacks have continued to ramp up. It is currently the most major common security incident among computer users. Such attacks are increasingly enterprise-focused, with attackers perhaps believing that targeting businesses are more likely to yield a positive financial result for them. (This may be accurate, too. According to some sources, 73% of targeted businesses have paid a ransom demanded of them.)
One of the reasons for this could be the seriousness of losing access to files and the damage this can cause for enterprise users. Having files encrypted can mean being unable to carry out business as usual, which could be far more costly than simply paying a ransom.
Another nasty recent twist on the ransomware formula involves the malware sending copies of certain files to cyberattackers. This data may then be published online, adding an extra “incentive” for victims to pay the ransom.
Defending against ransomware attacks
Protecting against ransomware attacks is important for any organization. It is never the right move to simply resign yourself to paying a ransom if it’s demanded of you. Notwithstanding the fact that this rewards the attackers, there is no guarantee that users will get access to their files restored (and any stolen data returned to them.)
Once the cybercriminals have your money, there’s no compelling reason why they would provide after-payment support in the form of a decryption key. They could also make note of who was willing to pay a ransom and target them again in the future, knowing that that they are more likely to pay up.
Instead, proactive users wanting to defend against ransomware attacks should ensure that they create regular backups of crucial files and keep them somewhere they would not be affected by a ransomware attack. (Since ransomware attacks could spread across a network, this is particularly important.) They should also establish a plan for resuming normal service in the event of a ransomware attack. That must include practicing restoring data to be confident that this approach will work — before it’s something you need to rely on.
As the WannaCry attack makes clear, it’s additionally important to keep software and operating systems up to date. The WannaCry attack affected users who had not installed a critical Windows security update. Making sure that you are up-to-date on software updates can help defend against many of the vulnerabilities cybercriminals might seek to exploit.
Call in the experts
One of the best moves you can make is to bring in the experts. Modern cybersecurity tools can help detect suspicious ransomware activity, such as the WannaCry attack, and then quarantine certain devices before damage is done.
In the event of an enterprise attack, this can stop the ransomware from spreading to multiple users across an entire network. Such tools can also monitor data access and activities of users in order to notify administrators or others of suspicious activity. On top of this, they will be able to provide the right tools to enable security teams to better investigate and report on ransomware attacks.
By covering all these bases, organizations can do a comprehensive job of protecting against the worst that ransomware has to offer.