Ransomware is a specific type of malware or virus that locks users out of their own data by encrypting it… And then holding the decryption key hostage in exchange for a large sum of money, usually delivered via bitcoin because of its difficulty to track online.
These crypto viruses (Locky, CryptoLocker, WannaCry, etc.) spread in a variety of ways, including (but not limited to) spam emails, malvertisements, and downloaders. But most ransomware attacks depend heavily on social engineering.
The human element is the easiest to exploit. Given time and resources, hackers can (and do) trick computers and spam filters. Some attacks take advantage of known vulnerabilities, like this one from Intel, to infect computers and networks, but many still rely on just one misguided click from an end-user. And the strategies these criminals employ to trick you into being that user continues growing in sophistication, making them harder to spot.
Phishing attacks have significantly evolved from messages sent by foreign royalty in distress, and while you’ll still encounter the occasional blatant scam message rife with grammar mistakes and misspellings, the more recent ones could very easily appear to be someone in your contact book, sending an email they might normally send.
We’ve gone in-depth before once or twice about how you avoid falling for these phishing scams and becoming another victim, but here’s what happens when you do take the bait:
You’ve just opened an attachment you weren’t expecting from the accounting department at one of your vendor companies.
And nothing unusual happens… Or so it seems. Once a cryptovirus begins downloading itself, your computer might start running a little slower if you have limited bandwidth, but this is typically relatively imperceptible to your average person.
But the malware has already started its work on your computer.
Behind the scenes, the virus on your computer has started getting busy. It’s already contacted its home server and generated the cryptographic key that will hold your data.
Before you’re even aware it’s there, the ransomware has encrypted your files.
Once the virus has communicated with its base, it begins locking every file it can find with common file extensions like .doc, .xml, .jpg, and more. What’s worse? The encryption is so difficult to break, that it’s highly unlikely a third party will be able to unlock it anytime within the next, oh, hundred years or so. You’d have to know the exact method and algorithm the hackers used in order to crack it.
Now that your files are locked, you receive the ransom.
Anyone who’s watched a few episodes of Criminal Minds has an idea in mind of what a hostage situation is like. The phishers who have locked your files let you know exactly what they’ve done, and they name their price… Along with a deadline.
Typically, the hackers will give you a short deadline that will end with an increase in the cost of the ransom if you don’t pay it in time (and sometimes an increase in ransom even if you do). After a certain amount of time, they’ll say they don’t want to play ball anymore, and your files will stay locked.
At this point, you’re faced with a difficult choice.
If you aren’t running regular backups, you now have to choose between losing your data and paying the ransom. It’s easy to say you won’t negotiate with terrorists holding your company’s information hostage… Until you’re actually facing that data loss.
On top of that, every minute of unproductive downtime is costing your company even more in revenue (nearly $9,000 per minute, in fact).
Facing one of the newer viruses, like WannaCry? Then it gets worse.
Ransomware like WannaCry are virtual worms, and they can spread from one computer across an entire network in seconds. This is why it’s important to keep all of your important data and backups offsite and separate from the general network.
As experts work on disabling and blocking these threats, new ones are sure to roll out. Hackers will continue using ransomware as long as it pays… And boy, does it pay.
Be sure to think before you click. When you receive an email with an unexpected attachment or a suspicious link, be cautious. Follow up offline with the original sender. Make sure macros are disabled. Hover over a hyperlink without clicking to see if it’ll lead you where it says it will.
For business leaders, the best protection you can have against crypto viruses and other malware is to educate your employees and make sure you have good backups running on a separate network. Not sure where to get started? We can help.
About the Author – Tyler Priest is the Junior Systems Administrator at Rocket IT. His first hobby turned into his career, and so now he’s looking for the next!. He likes to collect all kinds of music from vinyl to tapes and CDs. Tyler lives in Barrow County with his fiance and a menagerie of pets.