Ransomware – When Cybercriminals Hold Your Data Hostage
What is ransomware?
If you've spent any time keeping up with current affairs you've probably come across the term "Ransomware".
Ransomware is a malicious software designed to deny legitimate users access to data or systems until a ransom is paid to the attackers - often through cryptocurrency.
Once executed, the malware will automatically begin encrypting sensitive files rendering them completely inaccessible to the victim.
The WannaCry ransom attack made the headlines in May 2017 which crippled the UK's National Health Service. I don't need to tell you how serious of a problem being unable to access patient data is.
As tempting as it may be to simply pay the ransom - unfortunately there is no guarantee that the attackers will provide the encryption keys once this is done alongside the added moral dilemma of knowing you are funding and encouraging organised crime groups.
Stuck in between a rock and hard place.
How does it work?
Most ransomware attacks tend to follow a similar pattern.
The attacker commonly gains access to a system through one of several methods:
Phishing emails
Compromised credentials
Unpatched vulnerabilities
Malicious downloads
Other attack vectors
Once the attackers gain access, they will often spend time moving through the network, identifying systems of interest and attempting to escalate their privileges.
Files are encrypted, systems become unavailable and a ransom note explaining how to pay the attackers for the encryption keys is presented.
Attackers may even start a countdown, explaining that for every day the ransom is not paid - some data will be made publicly available - typically through the dark web.
This is an evolution from early ransomware attacks which typically focused on encrypting files.
This increases pressure on organisations by creating both operational disruption and the risk of a data breach.
Why is ransomware so effective?
Simply put it targets an organisation's most valuable asset: it's data.
Consequences include:
Business disruption
Financial losses
Reputational damage
Regulatory penalties
Loss of customer trust
For many organisations even just a few hours of downtime or negative press can directly affect their bottom line.
Reducing the risk
As with most cyber related threats there is no single solution that can prevent ransomware attacks but organisations can significantly reduce their exposure through a layered security approach.
Regular security awareness training
Multi-factor authentication
Timely patch management
Network segmentation
Backups
Vulnerability assessments
The chief amongst these is maintaining regular backups. If systems can be restored quickly from backup, the impact of a ransomware attack can be significantly reduced.
Should you pay the ransom?
The million pound question no pun intended.
This is often discouraged for reasons laid out earlier but some companies still opt to do this. Late 2023 two casino giants on the Las Vegas Strip were hit with ransomware attacks.
Caesars Entertainment and MGM.
Caesars paid the ransom while MGM did not.
MGM lost close to $100 million in revenue alongside being filed with multiple lawsuits.
Final thoughts
Ransomware continues to be one of the most significant cyber-security threats facing organisations today. Attacks are more targeted, sophisticated and disruptive than ever before.
Organisations must handle this threat with the attention and resources it deserves.
