A Comprehensive Guide to RansomewareSeptember 20, 2021
When was the last time you heard about a ransomware attack? Experts estimate that ransomware attacks occur every 11 seconds (Cybercrime Magazine, 2019) with 37% of all businesses hit in 2021.
Ransomware is a type of malware (malicious software) used by cybercriminals to infect a computer or network. The ransomware blocks access to the system or encrypts its data. Cybercriminals then demand ransom money from their victims in exchange for the release of data.
Although there are countless strains of ransomware, they mainly fall into two types: crypto-ransomware and locker ransomware.
Crypto-ransomware encrypts valuable files on a computer so that they become unusable. Cyber criminals that leverage crypto-ransomware attacks generate income by holding the files ransom and demanding victims pay the ransom in order to recover their files.
Locker ransomware does not encrypt files. Instead, locker ransomware goes one step further and locks the victim out of their device, rendering it inoperable other than to see the window for the ransom. Cybercriminals will then demand a ransom to unlock the device.
Some of the more famous ransomware attacks include:
- Ryuk, 2019 and 2020. Ryuk is spread mainly via malicious emails or phishing emails, containing dangerous links and attachments.
- SamSam, 2018. It is estimated that a loss of $30 million USD was paid for the SamSam ransomware attacks. In these attacks, victims were asked to make a first payment for a first key, which would unlock only a few machines.
- WannaCry, 2017. One of the most devastating ransomware attacks in history. The estimated value at the time was $4 billion USD in losses.
- Petya, 2016. Petya is ransomware that started to be propagated in 2016 via emails with malicious attachments. Petya acts by infecting the boot record of machines that use the Windows system.
In the majority of instances, cybercriminals gain access to systems through emails or phishing attacks. As with all ransomware and hacking attacks, phishing attacks have evolved into many categories. Some of these include:
- Business Email Compromise, in which ransomware pretends to be the CEO of a company, tricking victims into offering information or even money.
- Deceptive Phishing or email phishing. This is the most common type of email phishing, which usually tells the recipient there has been a compromise of their account, and they need to respond immediately.
- Vishing is voice phishing, which takes place over the phone with a message disguised as communication from a financial institution or companies like Apple and Microsoft.
- Smishing is an attack using text messaging or SMS, typically with a link attached or a phone number to call.
- Spear Phishing specifically targets high-value victims or organizations like banking institutions, government agencies, or multiple businesses simultaneously.
If you’re unsure if your business can withstand a ransomware attack, speak to one of the team members at ANATOMY_IT. today to find out how we can help you.