The concept of ransom is as old as crime; ransomware is the extension of ransom to the digital world.
The first instance of a ransomware attack is thought to have taken place in 1989. This occurred when Joseph L. Popp, a biologist, sent 20,000 infected floppy disks to the guests at an International AIDS conference. When inserted into a computer, the disks compromised the machines and encrypted directories and files. To regain access, users were asked to submit $189 to a P.O. Box in Panama. Joseph L. Popp was caught. But, ransomware was just getting started.
In the 1990s and 2000s, as the Internet spread, new avenues opened to conduct ransomware attacks. In 2006, a well known ransomware virus called the Archiveus Trojan was uncovered. This attack encrypted everything in the My Documents folder and demanded payment online to decrypt the files.
Today, the ransomware industry is huge and reported as one of the most commonly seen attacks. There are no signs that these attacks are slowing.
Per Cyber Security Ventures, a new organization will fall victim to a ransomware attack every 14 seconds in 2019. And every 11 seconds by 2021. And no organization is immune—from individuals to small and large businesses to hospitals and governments.
Defining Ransomware
Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Ransomware is an advanced type of malware. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
There are two basic types of ransomware in circulation to date: encrypting ransomware and locker ransomware. Both types of ransomware are designed to deny us access to something the user wants or needs and offers to return the data on payment of a ransom.
- Encrypting, or crypto, ransomware is the most common type today. Encrypting ransomware aims to encrypt personal data and files. Encrypting ransomware doesn’t necessarily have to use encryption to stop users from accessing their data, but the vast majority of it does.
- Locker ransomware is designed to lock the computer. Locker ransomware denies the user access to the computer or device, preventing victims from using it.
How Does Ransomware Differ From Malware?
- Unbreakable encryption- users cannot decrypt the file on their own.
- The ability to encrypt different types of files, from documents to pictures, videos, and audio files.
- It can scramble file names, so the user cannot tell which data was affected.
- It will display an image or message that lets the user know that data has been encrypted and the user has to pay a sum of money to get it back
- It requests payment in Bitcoins, because this crypto- currency cannot be tracked by cyber security researchers or law enforcement agencies.
- The ransom payment has a time limit, to add another level of psychological constraint. Going over the deadline typically means the ransom will increase or the data will be destroyed.
What Are the Damages?
Ransomware could cause both payment damages and lack of data recovery damages.
According to research conducted by Cybersecurity Ventures, ransomware damages cost the world more than $8 billion in 2018.
- Global damage costs in connection with ransomware attacks are predicted to reach $20 billion annually by 2021.
- A report from Cybersecurity Ventures predicted ransomware damages cost the world $11.5 billion in 2019, up from $325 million in 2015.
Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.
Prevention is Key
- Cybersecurity Ventures predicts there will be a ransomware attack on businesses every 14 seconds by the end of 2019. This does not include attacks on individuals, which occurs even more frequently than businesses.
- Ransomware attacks on healthcare organizations are predicted to quadruple by 2020.
- 91% of cyberattacks begin with a spear phishing email, which are commonly used to infect organizations with ransomware.
Companies can examine their computer equipment, online behavior, and security tools.
Effective computer security ensures the availability of accurate data in time to meet an organization’s needs at a cost that is commensurate with the risks involved. Key elements to an effective computer security system include:
- Security policies and awareness training
- Computer and physical security controls
- Technical and administrative controls
- Security audits and tests
- Incident response plans
- Insurance for cyber risks
Organizations should consider implementing a multifactor authentication security system. Multifactor authentication requires the presentation of two or more authentication factors to verify the legitimacy of a transaction, and it is a preferred method for preventing attackers from cracking passwords. To be effective, multifactor authentication needs to be user-friendly or it defeats its own purpose. If users find it burdensome, they might resort to shortcuts that end up compromising their security, like writing their passwords on notes that are taped to their computer.
Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices; administrative security involves the use of tools to provide an acceptable level of protection for computing resources.
Ransomware is simply the age-old concept of ransom, brought to the ever-changing digital world. As always, there is the question of urgency and whether to give in to the scammers. Preventing it from happening in the first place is a wise plan of action.