Cyber threat: ransomware

So what is ransomware? For £5,000 I’ll tell you…

That’s the key principle – it’s about holding information of value to you and only releasing this information in exchange for money.

This is what Symantec (provider of security products and solutions to protect individuals and businesses from threats, malware, and other cyber attacks) say about ransomware:

The idea behind ransomware, a form of malicious software, is simple: Lock and encrypt a victim’s computer or device data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since malware attacks are often deployed by cyberthieves, paying the ransom doesn’t ensure access will be restored. (Norton).

Ransomware typically invades your computer or network and holds the information on it (photos, documents, contacts, financial details, etc) to ransom. ‘The files are still located on your computer or network, but access to them that is encrypted, stopping you from accessing them. Once the ransom is paid access is, hopefully, restored.

Types of ransomware

Ransomware comes in different types; some variants may be more harmful than others, but they all have one thing in common: your data is being held to ransom. The five types of ransomware are:

• Crypto malware. This is a well-known form of ransomware that causes a great deal of damage. One of the most familiar examples is the 2017 WannaCry ransomware attack, which targeted thousands of computers around the world and spread itself within corporate networks globally.
• Lockers. This type of ransomware infects your operating system to lock you out of your computer, making it impossible to access any of your files or applications.
• Scareware. Scareware will make itself look like an antivirus or cleaning tool and often claims to have found issues on your computer, demanding money to resolve the issue. Some types of scareware lock your computer, while others flood your screen with annoying alerts and pop-up messages.
• Doxware. This is also known as leakware and will threaten to publish your stolen information online if you don’t pay the ransom. As more people store sensitive files and personal photos on their computers, it’s understandable that many individuals panic and pay the ransom when their files have been hijacked.
• RaaS. ‘Ransomware as a Service’ is a type of malware hosted anonymously by a hacker. The RaaS host will act as a broker for the hacker, handling everything from distributing the ransomware and collecting payments to managing decryptors – software that restores data access, in exchange for their cut of the ransom.

Ransomware remains a popular means of attack, and new ransomware families are discovered every year. Reported attacks in the US dropped from 2,673 in 2016 to 1,783 in 2017 (Norton). However, the threat of ransomware remains, so you should take precautions to help avoid becoming a victim.

Whatever the ransom type, the problem is essentially the same: as a manager, when this situation arises, you need to consider how you will respond. Or perhaps a better approach is to know it will happen and therefore plan your response before it happens.

There are many things that can be done, including ensuring you keep software patching up to date, ensuring your layers of security protection (AVS) is up to date, and educating employees – ransomware is often introduced to the network via a phishing email (we talk about phishing in the next step), or through compromised websites.

References

_{Al-rimy, B., Maarof, M., and Shaid, S. (2018) ‘Ransomware Threat Success Factors, Taxonomy, and Countermeasures: A Survey and Research Directions’. Computers & Security 74, 144-166}

_{Johnson, T. (2015) Cyber-Security: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare. 1st edn. CRC Press}

_{Collier, P., and Friedman, A. (2014) Cybersecurity and Cyberwar: What Everyone Needs to Know. 1st edn. New York: Oxford University Press}