Ransomware attacks are one of the most common cybersecurity threats, both for organizations and individuals. You’ve probably heard the phrase or come across it in the news more than once in the last few years. But what, exactly, is ransomware and how does it work? The answers are surprisingly straightforward, if not particularly encouraging for those who have been the victims of an attack.
Ransomware is precisely as the name implies—a type of malware, or malicious software, that grants an attacker remote access to your computer and allows them to encrypt important files, effectively locking you out until you pay a ransom in exchange for the decryption key. These kinds of attacks are especially worrisome because, even with the malware removed and/or the remote connection severed, the encryption will remain. And even relatively basic ciphers are essentially unbreakable, meaning that paying the ransom is often the only way to regain access to your files. To make matters worse, attackers typically target difficult - or impossible-to-recreate files for encryption (think large work spreadsheets, family photos, original research, academic writing, etc.) to make non-compliance even more consequential.
Unsurprisingly, the healthcare and financial sectors are frequent targets for ransomware attacks; in 2017, it’s estimated that 57% of all ransomware attacks were made against those two sectors. Given the increased stakes in those industries, it’s not hard to understand why they’re particularly tempting targets—they can ill afford to risk noncompliance because lives and livelihoods hang in the balance. More to the point, the time-sensitive nature of information in the medical and financial worlds means that such organizations have much less time to involve law enforcement before they pay, which means that attackers have virtually no exposure.
So, what do we know about ransomware so far? It’s one of the most frequently encountered types of malware, its effects are all but impossible to reverse without the appropriate decryption key, and those effects will endure even after the malware itself has been removed. In fact, removing the malware without paying for the key could lead to a worst-case scenario where your files remain encrypted, and you’re left with no means to contact/pay the attacker.
If there’s any good news, it’s that the prominence of malware has waned significantly over the last two years, down from 60% of all attacks to just 5%—though the increased number of networked devices and accompanying vulnerabilities potentially skew the real-world implications of those figures. Instead, as cryptocurrencies increase in value, malicious actors are demonstrating a preference for cryptomining malware, which co-opt computing resources from infected devices for the purpose of mining Bitcoin and other valuable currencies. The goal in those cases is essentially theft of resources rather than extortion since traditional cryptocurrency mining rigs are notoriously power-hungry and expensive to operate.
Despite the decline in ransomware prominence, the threat from this malware is still very real. Protect yourself by following common-sense cybersecurity practices—don’t open links or download files of unknown provenance, use high-quality and up-to-date antivirus protection, and be vigilant of social engineering schemes that are designed to earn attackers access to your devices.