Ransomware attacks have become a new threat for small and medium-sized businesses. Government facilities and large companies aren’t immune, either. Though security breaches like data leaks are still a significant concern, hackers now focus their attention on ransomware attacks instead. That’s because ransomware attacks have proven to be far more lucrative. Because of how severe ransomware attacks have become, we have decided to write a multi-part blog series with the hopes of explaining what ransomware attacks are, why they are so costly, and what you can do to help prevent them in your business.
Table of Contents
What is Ransomware?
Ransomware is a broader term for cryptovirus. At this moment, a cryptovirus and ransomware are the same things. Though ransomware itself may evolve to be a much more general category of malware now, this type of attack has proven to be so useful.
A cryptovirus is a virus that infects a computer and encrypts its data. Once that data is encrypted, it cannot be used. Data must be unencrypted before it can be usable again.
Crypto viruses were made popular with the Wannacry attacks. Wannacry was one of the first crypto viruses that spread en masse. It used exploits from the EternalBlue NSA leaks that allowed the virus to spread through the SMB 1.0 protocol in Windows. The SMB protocol is the primary protocol in Windows that enables file sharing through a Windows network. Many of the crypto viruses since Wannacry have worked with similar exploits.
Wannacry is a ransomware attack that hijacks your computer and demands you pay the hacker bitcoin.
How Can Ransomware Attacks Affect You?
A piece of ransomware doesn’t stop at encrypting the files on a computer. Once a PC is infected, that virus will attempt to spread itself through the network, attacking other PCs. As each PC is infected, the virus will send a message to a primary server telling that server that it could attack another PC.
Ransomware attacks happen all too often when you’re not careful. To avoid ransomware attacks, we suggest using SentinelOne and educating your staff.
After the PCs are encrypted, the server will send a message back to them requesting a ransom. This ransom request usually comes in the form of Bitcoin or another cryptocurrency. If that ransom is paid, attackers will typically send the encryption key back to the infected PCs to recover the files.
The ransom amount will depend on the size of the business and the encrypted amount of data. Some facilities were only asked to pay $50,000, while others were asked to pay millions. The amount of ransom requested can vary greatly, but it is almost always above $20,000 for businesses.
If I Am Infected, What Should I Do?
Unfortunately, paying the ransom has proven to be a reliable tactic for recovering data encrypted by ransomware. Hackers have a motivation to make sure they deliver once payment has been paid. Otherwise, if it became known that paying the ransom did not recover data, no one would pay the ransom. Ransomware insurance companies have only exacerbated this issue. It was often found that these companies would pay the ransom rather than recovering data.
Initially, ransomware attacks would target simple files like documents, spreadsheets, pictures, music, and videos. Ransomware makers have learned a lot in the past few years, though. Today, ransomware viruses will encrypt all known datatype files, including databases and CAD files. A cryptovirus now has the power to bring web apps and IT systems entirely down.
Attacking Our Government
Unfortunately, many businesses and government facilities have learned how devastating ransomware can be the hard way. The city of Baltimore was hit with a catastrophic ransomware attack at the beginning of 2019. Most functions of the city became unusable. Properties were not able to be sold or transferred. Local market values plummeted because of that. Police officers were not able to use their computers in their cars to issue tickets. In another instance, a medical office named Brookside ENT & Hearing Services was forced to close after being hit with a ransomware attack. All that office’s files were lost, and the business was not able to recover.
These cases are not uncommon, either. In 2017, it was reported that 1 in 5 businesses was forced to close after being hit with a ransomware attack. That number most likely increased since ransomware attacks have skyrocketed the past two years. Doing a Google search for ‘businesses that closed because of ransomware’ will yield more than 19 million results with some very terrifying stories.
The sad truth is that ransomware is a straightforward problem to mitigate. Most businesses do not take the proper preparation or steps to avoid it, though. In the case of that medical office mentioned above, with the right training, they might have only suffered a few days of being closed rather than being forced to shut down.
In subsequent articles, we will further discuss what you can do to prepare for and prevent ransomware attacks. It has become a necessity of business to prepare for such attacks, and with a little planning, being attacked by ransomware may be nothing more than a nuisance.