Ransomware has been a big trend in computer attacks. It’s a very effective means of disrupting systems and networks, but it has a huge benefit that many previous attacks like viruses and other malware didn’t: ransomware is a money-maker.
Ransomware is an infection of a computer, stealthily encrypting files and folders without the user’s knowledge. Once the encryption is complete, thus locking away the ability to access or open the files by the user, the ransomware can hold the files hostage and extort a ransom payment to allegedly unlock the encrypted files.
Ransomware will typically also spread rapidly to other computers on the same network once it is launched. This can bring whole companies or hospitals or governments to a halt, forcing the staff to cope with work demands and no access to computer files or email or other vital tools.
The city of Atlanta was crippled by ransomware in 2018 and spent nearly $2.6 million to restore systems instead of paying the $52,000 ransom. This is because there is no guarantee paying the ransom will unlock the encryption, as many victims have found out the hard way. Riviera Beach, FL city government did pay the $600,000 ransom in 2019 to restore its systems, after being hit with ransomware via an email link. A week after Riviera Beach, the town of Lake City, FL paid $460,000 to ransomware hackers.
Digital Dental Records and PerCSoft were hit with ransomware in 2019. Grays Harbor Community Hospital and Harbor Medical Group of Washington, too. And DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center of Alabama.
To add insult to injury, ransomware infections are largely considered data breaches under HIPAA as well.
How is ransomware delivered? The most common method is via email or email attachments. These emails are designed to trick the user into opening a malicious email attachment or clicking a link that delivers the ransomware to the computer silently. These emails and attachments are often carefully crafted to look legitimate and disguise their true purpose.
The user will often not realize the ransomware has begun after opening the malicious attachment or clicking the malicious link since the ransomware is designed to infect quietly until the damage is done with encryption finished.
Modern ransomware variants also attempt to destroy backups and create as much pressure as possible to pay the ransom. Worse still, newer variants are fileless, meaning they run in the computer’s memory as a very effective means of slipping past security software like filters and anti-virus programs.
The methods employed of bypassing anti-virus software are why security teams tell staff over and over to not open attachments and not click links in unknown emails. Staff may feel a false sense of security thinking the protections of filters and anti-virus will keep them safe, but with ransomware that is increasingly not the case.
Prevention truly is the best cure when dealing with ransomware. You are the key to that prevention, along with a healthy dose of cautious skepticism. Always ask yourself: is this safe to click?