The cybercrime game can be faddish at times, with cyber crooks all briefly piling on the “flavor of the month” attack before collectively moving on to the next big thing. One thing we can be certain of after the past year, however, is that ransomware has been added to the regular menu. It’s here to stay.
How Ransomware Works
It’s no wonder the dark underbelly of the internet is so taken with ransomware attacks. For keyboard-based ne’er-do-wells it really is the gift that keeps on giving.
A ransomware attack begins much like any other cyberattack. The bad guys get into the target system by the usual methods; most frequently via a phishing email or a spear-phishing email. This opening is used to plant the malware, and it is the nature of this malware package that sets ransomware apart.
The malware, once it gains access to the system, encrypts all the data it can find with an encryption key known only to the bad guys, who then demand lots and lots of money in exchange for getting the data back.
To Pay or Not to Pay?
A business that has been hit with a successful ransomware attack usually has only 2 options: say goodbye to the data, or pay the money.
No business can afford to lose all their data, so most companies end up paying the ransom, but this has unintended consequences. Now that the bad guys have access to the system, it’s trivial for them to get back in at a later date – some even go so far as to install a backdoor into the system so they can come and go as they please. Having walked away richer the first time, what’s to stop them from going back to the well a second or even third time? They know that the company is willing to pay, and so they make the company pay.
Thankfully, while the consequences of a ransomware attack can be more dire than other types of attack, they are no more difficult to prevent, or to deal with afterwards – given a certain amount of preparation.
The first line of defense is prevention, and this involves solid email security that can detect and remove email-based threats before they reach the recipient. Another key part of prevention, or at least mitigation, is implementing a multi-layered security solution so that breaches can’t compromise the entire system.
Finally, under preparation and aftermath, companies need to establish and follow a business continuity plan that incorporates real-time backups of all important data.
Real-time backups can allow companies to more or less ignore ransom demands. If infected with ransomware, they can simply roll back the clock to a point before the malware hit the system and continue on, as if nothing had happened, with minimal data or productivity loss.
According to the FBI, ransomware attacks in 2015 were responsible for ransom payments of just over $1.5 million. In 2016 that amount was almost a thousand times more – close to $1 billion. This huge increase is because of two factors: ransomware attacks are hard to stop, and the bad guys are almost impossible to catch.
If the numbers above are any indication, it will be almost impossible for most businesses to avoid a ransomware attack in 2017. Given an environment where ransomware attacks are an inevitability, being properly prepared is the only viable option.