Ransomware Has Gotten More Sophisticated, Focusing On Specific Sectors

ransomwareIn the real world, the term “ransom” is usually used to describe an amount of money demanded for the return of a captive. In the digital world, would-be extortionists search for other means of extracting money from targets. They routinely do this by holding hostage something different, but nonetheless with a high level of perceived value: private data.

So-called ransomware attacks involve the use of malicious software to infect the computer or computer system of targets. Once installed, this malware encrypts key files, data, or systems so that they are no longer accessible. The victim then receives a message that demands a fee — usually paid in a cryptocurrency like Bitcoin — that must be paid in exchange for a decryption key. If they do not pay, they will lose access to their data.

The rise of ransomware highlights the importance of data protection for companies and organizations alike.

How ransomware works

Ransomware malware can be spread in a number of ways, often through social engineering in which the target (or a user working for that organization or business) is tricked into downloading ransomware malware by clicking a deceptive link in an email or website.

Classically, ransomware attacks have taken more of an indiscriminate “shotgun” or “spray and play” approach. That means aiming to infect as many users as possible, knowing that a small percentage are likely to pay up. However, in recent years attacks have gotten more sophisticated in their targeting, focused on attacking servers and specific sectors.

Since losing access to crucial files or data could cost companies tens or even hundreds of thousands of dollars, ransomware attackers bank on the fact that many will be willing to pay out a smaller (but still significant) amount in order to avoid being hit by such an attack.

The impact of ransomware

The effects of ransomware attacks could range from mildly disruptive to, potentially, devastating. In March 2021, it was reported that Arizona-based optometrists Cochise Eye & Laser was hit with a ransomware attack that compromised the data of 100,000 patients. In this instance, the ransomware was used to encrypt data relating to patient billing and scheduling.

It also affected stored social security numbers, diagnoses, treatments, symptoms, medical histories, financial information, and more. The attack was the result of a hack of two employee’s emails. As a result, the company had to contact both current and former patients to share news of the attack — including rebooking current appointments that were no longer accessible on file.

Over the past couple of years, a new twist on ransomware has emerged, designed to make targets even more likely to pay up. In these attacks, data isn’t just encrypted but also, in some cases, exfiltrated from the victims’ computer systems. The attackers then threaten to publish the information if the ransom is not paid. The effects of this could be significantly more damaging than even loss of access to files.

Don’t negotiate with terrorists

There are several points companies should keep in mind when it comes to ransomware. The first, and, perhaps, most important is that it’s never the right move to pay a ransom. While it might seem like the best option out of several bad options, there is no guarantee that doing this will result in access to files being restored — nor exfiltrated data being returned and deleted on the part of attackers.

Because cyber attackers don’t have to worry about building a positive reputation, once they have your money, they may simply move on to the next target rather than hang around to provide the necessary decryption key.

Paying up may also make it more likely that you will be targeted again in the future. This is because ransomware attacks, while potentially lucrative, still only result in the ransom being paid by a small percentage of victims. If you are among those who will happily pay up, you may be hit with future attacks, based on your willingness to pay in the past.

Prevention is better than cure

Rather than only strategizing about how to respond after being hit with a ransomware attack, companies and organizations should instead focus on having a preventative system in place.

This should involve making regular backups of necessary files and storing them someplace that will not be impacted by a ransomware attack. Related to this is the importance of practicing restoring data so as to be sure that it can be done efficiently. It is also important to keep software and operating systems updated to patch any vulnerabilities that might be exploited by attackers.

Last, but certainly not least, it’s a good idea to call in the cyber security experts to help. Current cyber security tools are able to detect ransomware attacks or similar suspicious activity and quarantine it before it has the chance to negatively impact on targets. Cyber security experts can also offer tools such as Disaster Recovery as a Service (DRaaS), Copy Data Management (CDM), and other measures designed to protect your data and stop it being encrypted or stolen.

By following these steps, you can greatly reduce your chances of being the victim of a successful ransomware attack.