Hackers are kind of like an electrical current – they’ll generally follow the path of least resistance. The less they have to do in order to victimize their targets and turn a tidy profit, the better. Small wonder, then, that ransomware has gained such popularity in the black hat community.
It’s pretty much the golden goose for cyber-crime. Instead of having to crack through several layers of security, they can simply send their code into the wild and wait. Eventually, it’ll find its way onto a corporate system, and administrators will pay them a mint to regain access to their data.
“Ransomware is fast becoming a ubiquitous security threat, with nearly 40% of all businesses experiencing an attack in the past year, according to research from computer security firm Malwarebytes,” writes The Guardian’s Alex Hern. “Although not new, ransomware has rapidly risen in popularity as a method of attacking businesses and other organizations.”
Lately, we’ve seen a noticeable surge in both the size and severity of ransomware attacks. You remember WannaCry, right? The ransomware that infected over two hundred thousand systems all over the world.
At the time, a lot of people in the security community predicted that it was only the beginning. That we’d see more attacks like WannaCry. That it would only get worse.
They were right. In June, a new piece of ransomware named Petya started circulating. At the time of writing, researchers are still trying to find a way to shut it down.
In the meantime, you need to educate yourself. You need to understand what ransomware is, how it works, and how it’s distributed. By equipping yourself with that knowledge, you’ll come to understand what’s necessary to protect both your business and personal data.
Let’s get started.
What Is Ransomware, Exactly?
At its core, ransomware works on a pretty simple concept. If people are locked out of systems that are important to them, they’ll pay money to regain access. To that end, all ransomware follows the same basic process.
Once it infects a target, it will lock something behind nearly-unbreakable encryption. Maybe it’s a few files. Maybe it’s an entire hard drive. Maybe it’s an entire computer, or a whole network. Regardless, once the encryption’s gone through, the ransomware will send a message to the victim demanding payment.
Different stands might also do any of the following:
- Scrambling filenames and file extensions.
- Setting a time limit on ransom payments. Failure to pay within this timeframe might result in the encryption being permanently locked or the files simply being deleted.
- Exfiltrate data to an external server. Even if you pay the ransom, your data might still end up in the hands of a criminal.
- Target the ransom message to the victim’s language or geographical location.
If security researchers haven’t already cracked the particular brand of encryption that ransomware uses, the victim is left with two options. Option A is to pay the distributor of the ransomware a fee. This could be anything from a few dollars to a few hundred thousand dollars, usually in a cryptocurrency like bitcoin.
With the fee paid, the ransomware’s author will (usually) provide the victim with a unique decryption key.
Option B is to ignore the ransomware, wipe the systems, and start anew. Arguably it’s the better option. Thing is, not many people tend to choose it.
That’s because the fee is usually just low enough that the victim can justify paying it. A company that makes several billion a year, for example, won’t think much of paying a few thousand to unlock some critical files, just as an average user is likely willing to pay ten dollars to regain access to irreplaceable family photos. Here’s the problem.
The authors are under no obligation to actually give you a decryption key. Petya’s authors, for example, tied the ransomware to a dead bitcoin account. Anyone who actually tried to pay their ransom essentially threw money onto a fire.
That isn’t the only reason you should avoid shelling out if you’re hit by a ransomware attack, either.
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom,” reads a 2016 FBI advisory. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
Right. We’ve established why paying out to eliminate ransomware is a bad idea. But what’s the alternative?
To answer that, we first need to take a quick look at the different avenues through which ransomware might find its way into your network.
How Is It Distributed?
Like most malware, there are a ton of different avenues through which ransomware might find its way onto a system. It could be through an unsecured wireless network or an infected ad network. It might be through a bad app download or a phishing email. It could even be the result of a targeted attack of breach – though that last one is somewhat rare.
Generally speaking, though it’s important to apply the necessary security processes and software to your system, it isn’t through a security hole that a hacker’s going to get ransomware into your network. It’s through what is – and will always be – your weakest link: your employees.
All it takes is a single mistake.
How Can I Stop It?
Right. Enough talk about the ins and outs of ransomware. Let’s get to the real meat – how can you prevent it from rendering your systems worthless?
In a few ways:
- Use air-gapped backups. The best way to keep yourself – and your systems and data safe – is to implement automated backups of everything that’s important to your business. That includes documents, photos, videos, and audio clips – but it also includes snapshots of your operating system. These backups need to be completely isolated from existing systems in order to ensure ransomware doesn’t spread to them.
- Keep everything up to date. Outdated or unpatched systems represent one of the biggest security risks facing your organization. Be proactive about keeping things up to date.
- Educate your employees (and yourself). Human error is to blame for the majority of data breaches (and likely malware infections, as well). Instruct your employees on how to recognize stuff like phishing scams, malicious advertisements, and infected applications.
- Consider using a secure file sharing platform
- Avoid unsecured wireless connections. Whatever other security controls you’ve got in place, an unsecured wireless network can let someone walk into your network with ease – to say nothing of how readily they can infect a system connected to one of those networks. Give your employees a secure means of connecting to corporate resources, such as SSH, VPN, or RDP.
- Ensure your email server is secure. Even with education, there’s always a chance that an employee – or even you – might inadvertently click on a phishing email. For that reason, if your business has an internal email server, you should look into antispam and antivirus solutions; tools which automatically detect and block suspicious links and attachments.
- Monitor your infrastructure. Where fighting cybercrime is concerned, visibility is one of your strongest weapons. Constantly monitor your network for unexpected activity which might indicate intrusion or an infection. The more active you are, the better.
- Immediately cut off infected systems. Last but certainly not least, if one of your systems ends up with an infection in spite of your best efforts, air gap it from the rest of your network immediately. Don’t pay the ransom, and don’t leave it connected and potentially capable of infecting other systems. Even if you don’t have a backup, there’s a chance the security community might release a decryption tool – so hang tight.
. Picture this: a hacker infects a computer with ransomware, but there are no critical files present on that system. They’re all stored on an external platform – and that platform allows your IT department to remain in control of its data no matter where it is. As is the case with backups, a secure Enterprise File Synchronization and Sharing platform is the bane of ransomware developers.
Ransomware is one of the nastiest, most persistent threats facing modern businesses. If you’re interested in protecting your business’s data – and your own – it’s imperative that you take the necessary measures to guard against it. And now that you understand how it works, you’re well-equipped to do just that.