You know in crime movies where the bad guy kidnaps someone and then sends a magazine cut-out letter to the victim’s loved one that says, “Pay me $10,000...or else.” Well, ransomware, the hot data breach trend of the year, is kind of like that. Only instead of stealing your loved one and holding them hostage, they steal your data, encrypting it and rendering it inaccessible until you pay up.
Ransomware is nothing new - it’s been around since 2005. However, hackers have now moved from regular PC users to large corporations and even government entities, demanding that victims pay thousands of dollars to get back into their systems.
Over the past three months, security experts have not only seen a boom in the amount of ransomware attacks but they have also seen an increase in the sophistication of the attacks. Hacks on corporations are beginning to look like state-sponsored attacks in which hackers are able to gain entry and move around the network. Last month, a Los Angeles hospital was the victim of ransomware. The hospital completed their work using pen and paper for three weeks until they were able pay the $17,000 ransom.
The ransom is normally paid in Bitcoin, an online currency. Most of the time, the hackers set the ransom price at something the business can afford (their main goal is to get paid, after all) and they usually decrypt the files after payment has been made. They want to maintain their reputation so that future victims will be willing to pay the ransom.
No one is immune to ransomware. Large businesses, small businesses, academic institutions, law enforcement agencies, and individuals have all been reported as victims. Ransomware is particularly difficult to avoid because hackers are always changing their methods as they work to fly under the radar of antivirus software. Individuals who have been targeted in ransomware attacks have normally been Microsoft Windows users but just this week news broke of the first ransomware to target Mac users.
Businesses and individuals become victims of ransomware through many different means. Sometimes, it’s because they visit a malicious website or because they download a malicious attachment from an email. In this method, hackers are using more of a ‘spray and pray’ attack style, hoping to catch victims at random. But sometimes hackers target larger businesses directly. They research the company, look for a weak link, and slowly but surely make their way into the network where they can then encrypt the data and hold it for ransom.
Businesses, who often store client data, must protect themselves from the ravages of ransomware. They should:
Back up data. If data is already backed up, businesses can laugh in the face of criminals. Hackers will have no leverage when they steal and encrypt the data because the business will have another copy of all of their data elsewhere. We recommend storing data in three places - on-site on the server, in an on-site physical backup that is not connected to the internet, and off-site in the cloud (such as with Carbonite).
Use a good antivirus program. There’s a lot to say about simple antivirus. While it’s not perfect in keeping the bad guys out, it can certainly help. And not having it will definitely hurt. Make sure to use an antivirus from a reputable company and be sure to keep it up to date.
Use a hardware firewall. A firewall acts as a filter between what’s on the internet and what goes into the network. A hardware firewall is essential in keeping the bad stuff outside of the network.
Exercise caution when browsing online and train employees to do the same. Smaller companies often become ransomware victims just by browsing the internet and checking email. Teach employees what they should look out for - such as email attachments and links.
If already under the assault of a ransomware attack, businesses should:
Explore options before paying the ransom. If the ransomware isn’t that sophisticated, there may be technical solutions that will allow the data to be decrypted without the hacker’s key. Contact an IT company to see if this is a possibility.
Alert the authorities. Telling the appropriate authorities allows more security research to be made. Local police probably won’t be able to help but the FBI would want to know about it. It helps them keep an eye on the ransomware landscape.
Finally, pay the ransom if all other options have been exhausted. Sometimes it’s best just to pay the money and be done with it. Usually (not always) the hackers will return the files to their rightful owner.