What is ransomware?
Ransomware attacks remain one of the most costly information security risks. Not just in financial terms but reputationally too. Here, we explain both how ransomware works and how you can best defend against it. Jump to each section using the following links:
- Basics
- Who’s at risk from a ransomware attack?
- Why do ransomware threats matter?
- How does ransomware get into PCs and networks?
- How can you best mitigate against a ransomware attack?
- Summary
Back to basics
Ransomware is, as the name implies, a type of malware designed to hold a network and its data hostage until a fee is paid to the criminals responsible. That, however, is too simplistic a definition, especially as ransomware techniques and tactics have changed over the years.
The basic premise of compromising a network to access and encrypt the data within remains. However, both the methods of compromise and the nature of the extortion have evolved to make avoiding payment a harder and costlier option for the victim organisation.
It’s unusual for the encryption of data to be the only impact of a successful ransomware attack anymore. Instead, that data will likely have been exfiltrated by the attackers before encryption, adding the threat of publication or sale to the extortion equation. This is sometimes known as double-extortion ransomware.
In addition, ransomware groups may subject victims to denial of service attacks of still-operational websites and services to further add to the pressure to pay.
Who is at risk from a ransomware attack?
Going back in time, ransomware was aimed mostly at individuals. That’s when the ransoms were relatively small and people’s cybersecurity awareness likewise.
While individuals aren’t immune to the ransomware threat today, the criminal groups behind this business target the most “profitable” of organisations. Not profit in terms of their profit-and-loss, but who are the most vulnerable and likely to pay a big ransom.
This is why you hear of hospitals, government agencies and legal firms being hit with alarming regularity. Medical targets are likely to pay up fairly quickly as access to their data can be either life-critical or, in the case of government and law, the data accessed could be highly sensitive.
But any organisation can be a victim, from universities, charities, public services, and even small businesses. The prime driver for ransomware attackers is a double-whammy of how valuable the data is and how likely the target will be to pay up. Larger enterprises will likely have costly ransomware insurance than smaller ones, while smaller businesses may have less robust defences.
Why do ransomware threats matter?
Ransomware attacks matter because they cause both financial and reputational harm to an organisation. The latter more so if the attack becomes headline news. Financial harm isn’t just limited to ransoms, if paid, but comes by way of productivity hits and even litigation from impacted customers.
How does ransomware get onto PCs and networks?
One of the main ways ransomware gets onto PCs is through emails. A user opens one, clicks on a link and is sent off to a malicious website that delivers its payload. You used to be able to spot such dubious emails through bad spelling and dodgy English, but with the help of AI the cyberattackers behind ransomware have become much more convincing.
All this means that you must be vigilant at all times when opening emails, clicking links on Facebook (another route is to duplicate someone’s account and then attempt to befriend all their existing friends) and social media in general.
How can you best mitigate against a ransomware attack?
Let’s deal with the elephant in the mitigation room first: data backups alone won’t protect your business against ransomware attacks.
Backups can still help individuals, whose access to systems isn’t mission critical, but that’s about it. But this doesn’t mean businesses shouldn’t be backing up according to the 3-2-1 rule: three backups across two different media, including one offsite.
Dual-extortion ransomware attacks confirm that proactive defence is the best mitigation. Cyber-insurance policies will likely demand the same before providing cover. Measures including endpoint protection, patch management, penetration/vulnerability scanning, and identity & access management are all recommended.
Experts to follow
We’ve put together a short list of 5 experts in the field of cybersecurity that we believe you should follow. Here are their Twitter handles:
Summary
- Groups target everyone from small businesses to large enterprises and government departments.
- Data is usually stolen before networks are encrypted, with threats to publish or sell.
- Financial harm isn’t limited to ransoms: productivity loss, legal action, and reputational damage all hit the bottom line.
- Backing up data alone doesn’t help; proactive security measures trump reactive ones.
Davey Winder
NEXT UP
Slow buyers cause tech firms to rethink sales approaches as tough Q1 hits home
New research suggests tech sales were slow in Q1, with buyers of technology and professional services taking their time before committing to any solutions.
ByteDance says it has no plans to sell TikTok and refuses to bow to US pressure
ByteDance, the Chinese company that owns TikTok, stated that it “doesn’t have any plans to sell TikTok” on Toutiao, a social media platform that it also happens to own.
Solace Kidisil, Group COO of Nsano: “The difference between traditional finance and fintech is the questions we ask”
We interview Solace Kidisil, Group COO of Nsano, a fintech company from Ghana, offering digital payment solutions across Africa