Ransomware
What is Ransomware?
Ransomware is a form of malicious software, or
malware that prevents a user from accessing their
devices files and demands some sort of ransom for access
to be returned. The files cannot be decrypted without a
mathematical key that is known by the attacker. Even if
the victim pays the attacker, there is no guarantee that
their data is safe and that they are even able to regain
access. Attackers have success using ransomware because
of the fear and panic that the attacker instills on the
victim to resolve the problem quickly (Fruhlinger,
2020). Individuals are not the only ones that can fall
victim to ransomware, as attackers will look to
infiltrate businesses for a potentially larger payout.
Most attackers will use phishing techniques that cause
victims to open links or other attachments that will act
as a trojan horse for the malware (FBI, 2020). More
advanced malware uses a technique called cryptoviral
extortion that encrypts the victim's files making them
inaccessible; and, it then demands a ransom payment to
decrypt them (Young &Yung, 1996). The ransomware may
also encrypt the computer's Master File Table (MFT)
(Schonfield 2016, Momoso, 2016) or the entire hard
drive. Thus, ransomware is a denial-of-access attack
that prevents computer users from accessing files since
it is intractable to decrypt the files without the
decryption key (Luna, 2016).
Types of Ransomware:
There are a number of different forms of ransomware that attackers will use, all of which have the same common characteristics. All ransomware attacks are used for monetary gain, pose a threat to the victims IT system, and all display a message demanding for ransom in return for access (Mazor, 2022). Different types of ransomware differ in their techniques for attacking victims.Crypto Ransomware:
Also known as data kidnapping and is one of the most common types of ransomware used by attackers. For this technique, the attacker encrypts data so that it is unreadable to the victim and demands a ransom in exchange for the decryption key (Mazor, 2022). While encrypting original files, the attacker will also encrypt backup files to prevent data from being restored. This will make data retrieval almost impossible for the victim.Exfiltration:
Also known as doxware or leakware and is when an attacker steals sensitive information and threatens to release it to the public (Mazor, 2022). This could result in a huge reputational and financial loss for a business and their customers, while also leading to large punishments. A business that experiences this will likely lose all of their current and potential clients because they will not be trusted to keep information secure. The company could receive fines for the data breach and receive lawsuits from customers and partnered companies that were negatively affected.DDoS Ransomware:
Distributed denial-of-service attacks are different from exfiltration and crypto ransomware because it targets network services instead of data. DDoS attacks work by flooding a network’s servers with a large number of connection requests that cause the network to not work as well (McAfee, 2023). The attacker would then send a ransom note that demands money in order for the attack to stop. Attackers will sometimes send the ransom note before the attack even happens and not even follow through (Mazor, 2022). A DDoS ransomware attack is not as dangerous because it would require the hacker to sustain the attack for a long period of time and it does not pose a huge threat to the security of a victim’s data.Locker Ransomware:
A screen locker is a type of malware that prevents a user from accessing their device until the demands of the attacker are met. A device the falls victim will display a message that demands a payment and is paired with a timer to scare the victim into paying the ransom before it gets larger or before their files are lost forever. This type of attack is an easier one to recover from as it doesn’t encrypt data and it can be removed by rebooting the device and running antivirus software.Scareware:
Scareware uses social engineering tactics to trick/scare the user of a device into thinking there is a legitimate problem that needs a quick response (Mazor, 2022). It will come as pop-ups that use legitimate logos from security organizations telling the user to buy and install software that will fix the fake issue presented. By paying for the fake service or clicking on the pop-up, the user has increased the chances of adding more malware to the device. Overall, these are easy to avoid, as the user just needs to close the pop-up.Increasing Number of Cyber Attacks
As the world sees an increase in the use and capabilities of technology, it has also seen a large increase in cyberattacks. The United States has seen a large portion of all cyberattacks as 46% of all attacks were targeted towards Americans (Watters, 2023). As internet of things becomes more popular, the amount of cyberattacks will only increase and the amount of damages will reach record numbers. In 2022, ransomware attacks increased by 41% and identifying and solving breaches took 49 days longer than the average breach (Watters, 2023). Altogether, 2022 was a big year for hackers as there was five huge breaches in the year. The first was Twitter having a data breach that affected millions of people in Europe and the United States (Watters, 2023). The second big security breach was from a carding marketplace releasing the details of around 1.2 million credit cards for free (Watters, 2023). Third, an Australian telecommunications company named Optus had a data breach that led to 11 million customers information being accessed (Watters, 2023). Fourth, a hacker posted up-to-date personal information of over 485 million WhatsApp users (Watters, 2023). Lastly, an Australian healthcare and insurance provider had 97 million people’s information stolen in a data leak (Watters, 2023).How to Prevent Ransomware Attacks
Protecting devices and networks from ransomware attacks is not very challenging if everyone knows what to look out for, following a few tips, and investing in their network’s security. The best ways to minimize or block ransomware attacks all together are to backup all data, make sure all systems and software is up to date, install antivirus software and firewalls, emphasize email protection, take security training, implement network segmentation, and run regular security testing (Chin, 2023).Taking security training is extremely important because majority of attacks occur due to human error. Focusing on security training allows individuals, businesses, and employees to learn how to make the most secure network while also learning the tactics used in email phishing and other types of attacks. Backing up data to an external hard drive or server ensures that data will not be completely lost if infiltrated by a ransomware attack. Updating all systems and software patches any vulnerabilities there may have been used by attackers to exploit. Antivirus software and firewalls are essential for security because they can detect cyber threats and are essentially the last line of defense. Implementing network segmentation splits the network into smaller networks so that malware can be easier to isolate and prevents it from spreading to the entire network. Email protection is key because majority of malware infections come from phishing attacks, and they are easy to prevent if people know what to look for. Running security tests can find vulnerabilities in a system and help the user update security to fix these holes and prevent attacks. Overall, investing minimal time and money into the security of networks and their devices will protect against cyberattacks and keep data secure.