By DeVry University
Imagine instantly losing access to all of your most sensitive information, including financial account logins, personally identifiable data and your complete medical history. Now imagine that the only way to restore access to that information is by paying a faceless cybercriminal a large amount of money without even a guarantee that they will restore your data.
These scenarios represent a growing attack vector that cybercriminals use to coerce individuals and companies worldwide to meet their demands: ransomware.
This type of malware encrypts the victim's data and demands payment to provide the decryption key. These kinds of attacks are not new, but they have become more prevalent in recent years due to the rise in operational risks associated with more employees working from home, and the increase in “big game hunting” of high-profile company targets.
Read on to learn more about what ransomware is, how it works and how you can protect yourself and your organization from these types of dangerous cyber attacks.
What is Ransomware?
Ransomware is a type of malware ("malicious software") used by cybercriminals to exploit weaknesses in cybersecurity to penetrate computer systems and restrict the victim's data by encrypting it and then demanding a ransom payment in exchange for access to the data again. This costly cybercrime has seen a significant uptick in recent years, particularly with the increased use of cryptocurrencies and the mass work-from-home migration of employees since the pandemic hit in 2020.
- The U.S. Cybersecurity & Infrastructure Security Agency (CISA) reports that ransomware attacks in January through July 2021 have increased by 62% from the year before.
- The FBI’s 2020 Internet Crime Report states that it received nearly 2,474 complaints identified as ransomware attacks in 2020 alone, resulting in $29.1 million in losses.
Since 1989, ransomware, in conjunction with Big Game Hunting (BGH) of high-profile cyber targets by cybercriminals, has become a growing concern for businesses and organizations of all sizes. Ransomware attackers are expanding their ransomware campaigns to include blackmail and other extortion techniques, according to the 2021 Global Threat Report by CrowdStrike.
How Does Ransomware Work?
This kind of cyberattack is particularly devastating because while it takes only a short while for a cybercriminal to access a system, it often takes much longer for a company or organization to realize that they've been breached.
Ransomware typically propagates as an attachment in spam emails or zipped folders sent as email attachments that exploit known computer vulnerabilities and then encrypts the data stored on the computer. The victim then receives a message demanding a ransom payment in order to access their data. Some ransomware types use a countdown timer, giving the victim a short period of time to pay the ransom before the price increases or the files are permanently encrypted or leaked. In some cases, it may be manually installed by exploiting security holes in programs downloaded from cybercrime websites.
Cyber attackers can deploy ransomware in a number of ways, including:
- Social engineering, where cybercriminals use phishing and exploitation of trust to trick users into downloading malware under hidden pretenses
- Drive-by downloads, where malicious websites automatically exploit vulnerabilities in web browsers or plug-ins to install ransomware onto systems without user knowledge
- Malicious email attachments, which often masquerade as innocuous files or links from legitimate sources
- Hacker forums and marketplaces which house downloadable software packages called "exploit kits" are a common source of vulnerabilities that hackers can utilize to target a victim's machine remotely
Extortion is a tried-and-true tactic and cybercriminals infrequently get caught, making ransomware attacks devastatingly effective. Their reliance on cryptocurrencies for ransom payouts avoids traditional financial tracing, making for a “clean escape” after the damage is done. Unfortunately, the dynamic battle between ransomware targets and attackers is an ongoing "cat and mouse" situation. There is no perfect solution, only continued cyber security protocol improvements to be made.
Primary Targets of Ransomware Attacks
Most ransomware operations are opportunistic in nature, meaning cybercriminals cast a wide net, knowing only a small percentage of the campaign will bring a payout. However, sometimes companies are targeted by cybercriminals, including those that:
- Do not regularly update their servers or software systems
- Cannot shut down their systems to update or repair servers or networks due to the nature of their work (hospitals and manufacturers)
- Would suffer the most from disruptions to their operating systems
- Have sensitive or prized data stored within their network systems
Governments, organizations and average users are all potential targets for ransomware attacks. The health, education and manufacturing sectors are frequent targets due to the size of their data packages and the probability that they'll have to pay up.
How Big of a Threat is Ransomware Today?
Ransomware is a harmful form of malware that encrypts data on the target’s machine or network, rendering it inaccessible by encrypting it with strong cryptography and hiding it behind a key that can only be unlocked with a decryption tool. Once the criminals are inside your system, there’s not much you can do.
A significant difference between ransomware and other malware is that ransomware operates under an explicit threat: if the victim doesn't pay up, they won't ever see their files again. This approach has made ransomware one of the most successful forms of malware out there today.
Common targets for this type of attack are small-to-medium businesses since they don't have the same anti-malware protection as their larger counterparts. Smaller enterprises may also be more likely to pay the ransom because they don't have the time or resources to invest in costly IT security measures or tolerate the downtime in production.
There are no guarantees that victimized companies will get their files back after paying the ransom or that authorities will catch the criminal. It creates a lose-lose scenario for the victims of these kinds of malware attacks, forcing them to comply if they want access back to their data, systems and networks.
Ransomware is a threat to businesses everywhere, regardless of size. World cybersecurity leaders at a recent International Counter-Ransomware Initiative event held at the White House have called ransomware "...an escalating global security threat with serious economic and security consequences.
How to Protect Yourself and Your Organization From Ransomware Attacks
When it comes to protecting your data against ransomware, it's about proactiveness, early detection, prompt response and resilient recovery. You can learn how to defend yourself or your organization from ransomware attacks by implementing basic cybersecurity techniques recommended by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), including:
- Understanding what ransomware does and how it works
- Backing up your data to external hard drives or trusted cloud providers
- Installing antivirus software on all machines and computers in your organization
- Keeping your software systems and networks up-to-date
- Only installing trusted programs
- Being wary of suspicious emails, attachments or links
- Ensuring that you have backups of essential files regularly updated at all times
- Monitoring your network traffic for any signs of an intrusion
Businesses and larger organizations can protect their data from ransomware targeted attacks by taking measures to increase their defensive protocols and preparing for a ransom attack, just in case. CISA shares how they can accomplish this goal with their ransomware prevention guide by utilizing tips such as:
- Creating multiple layers of systems to deter criminals
- Taking advantage of data farm backups and cloud storage duplication
- Creating a detailed, proactive cybersecurity plan
- Using multiple authentication layers on every platform
- Training your employees to recognize and avoid ransomware phishing
- Seriously considering cyber insurance, especially if you're in a more commonly targeted sector
If you have up-to-date antivirus software, the program will often detect most ransomware before it has a chance to do any harm. If you are not sure whether your system has been infected, there are some signs you can look for. Many ransomware variants will create a text file with ransom notes and leave them on the victim's desktop or in one of their folders. It may also change your wallpaper with a message demanding payment for the decryption key.
Some people mistakenly think that they need to submit the payment immediately to speed up the process of restoring their system. According to the FBI, this is unwise. When ransomware victims quickly pay the ransom, cybercriminals see that their campaigns work and it encourages them to plan more attacks. Additionally, there's no guarantee that victims can trust cybercriminals not to re-attack in the future or publish stolen data even after they’ve received the ransom payment.
Instead, if you suspect that you have been a victim of a ransomware attack, a better course of action is to bring the incident to your company (if you are an employee) or cybersecurity provider (if you are a business owner) first. Together, you can work to resolve the issue, and then contact the appropriate government agencies to report the cybercrime and receive guidance.
Ransomware Prevention Starts with You
You don't have to be a cybersecurity officer to follow standard cybersecurity protocols, prevent ransomware attacks and keep your data safe. These tips will help you protect your data and prevent it from being ransomed:
- Always keep your network systems and software up-to-date to decrease vulnerabilities
- Never click a link or install software unless you know exactly what it does and that it’s coming from a safe source
- Use an antivirus software program to help you detect ransomware before it’s too late
- Frequently back up your data to reduce damage in case you are attacked by ransomware
Cyber Security Programming Careers
Remember that "cat and mouse" game we mentioned above? If you find the challenge of outwitting cybercriminals by staying one step ahead intriguing, then pursuing a career in the field of cybersecurity may be the right fit for you.
Knowing particular career paths exist also enables you to understand how to pursue them. There are a wide range of cyber security jobs with various specialties out there.
Whether you’re already an active information technology professional or just a curious individual who wants to get involved in this dynamic field, DeVry University has a range of IT and cybersecurity-related certificate programs, degree and degree specializations that can help prepare you to pursue a career in cyber security, such as our Undergraduate Certificate Program in Cyber Security, our Bachelor’s Degree in Information Technology and Networking with a Specialization in Cyber Security or our Bachelor’s Degree in Computer Information Systems with a Specialization in Cyber Security Programming.
Learn more about the latest technology and industry insights from experienced faculty, and develop skills to help you prepare for the future of global cybersecurity.