Ransomware is a type of digital extortion that essentially follows the template for kidnapping – with critical data standing in for a human victim.
Attackers blackmail their targets into paying a ransom – threatening to release the data if they fail to pay before the deadline.
This means, organizations are put in a tough position – facing the threat of reputational damage, fines, or litigation if they refuse to play along.
Advances in technology not only support the citizen data scientist and the citizen developer, but the citizen cybercriminal, too. Which means, ransomware is a growing threat.
In this article, we’ll break down the basics of ransomware and explain why it’s a growing threat that must become an urgent priority for all businesses in the digital age.
What Exactly is Ransomware?
Ransomware is a type of malicious software (malware) that “infects” a device and encrypts its files, rendering them unusable.
Cybercriminals will then demand a ransom in exchange for decryption — blocking users’ access until they receive payment – along with the threat of leaking or selling stolen data or log-in credentials if the payment is not received within the specified timeframe.
Ransomware itself is code that when inserted into a system encrypts the files on the system/server. It’s important to understand that this isn’t “basic” encryption, it’s far more sophisticated.
This encryption blocks the user/administrator/owner from accessing the files. Without the encryption key, the data will never be accessible.
Typically, the malware uses a custom or specialized form of encryption, which makes it a lot harder to crack the code. And it’s this particular quality that makes ransomware such a threat.
If the code followed a more predictable pattern, you’d presumably be able to hire an expert to decode your files for a lot less than the cost of paying the ransom. Unfortunately, it would take far too long to crack the code — if it happens at all — and you’d miss the deadline.
Types of Ransomware
Crypto. The most common type of ransomware, crypto (as in encryption, not crypto currency) attacks encrypt files, rendering them inaccessible without a decryption key.
Locker. Locker attacks lock users out of their system, preventing them from accessing files. Here, users will be presented with a lock screen that displays the ransom demand, often with a countdown clock to give users a sense of urgency.
Scareware. Scareware attacks use false claims – think pop-ups that claim there’s a virus or some other problem with your device and direct you to a second location where you can solve the problem. Some scareware attacks lock you out of your device, others hit you with a ton of pop-up spam, without causing serious damage.
RaaS. Ransomware-as-a-service (RaaS) allows malware developers to monetize their creations using a subscription-based billing model (get it, like SaaS) or by requiring customers to register an account to access the ransomware. This means that bad actors don’t need to have tech skills to launch the infections — they simply give developers a cut of the proceeds. The developers themselves face few risks, as the customers are the ones launching the attacks and making the threats.
Doxware/leakware. These types of attacks threaten to leak personal information or IP to the public, prompting victims to pay the ransom to prevent sensitive data from falling into the wrong hands.
Who Does Ransomware Target?
First of all, ransomware doesn’t necessarily need a specific target to spread across the web. However, the real money comes from human-operated ransomware, where hackers deploy hands-on attacks targeting victims based on potential impact.
In some cases, attackers seek out organizations that are more likely to have small security teams or a distributed user base, making it easier to penetrate their cyber-defenses. Think — government agencies, universities, and small businesses.
According to a 2021 World Economic Forum report, government and education are at the greatest risk of experiencing a malware attack – this is likely due to the fact that public sector institutions have fewer resources for fending off cyber attacks than their private sector counterparts.
Another report estimates that 82% of ransomware attacks target SMBs (orgs with fewer than 1000 employees).
But it’s not just these groups that are vulnerable. Here are a few key things bad actors look for in a target:
- Orgs in possession of sensitive data. Cybercriminals often look for organizations with a lot to lose – think orgs that handle sensitive data or valuable IP. This is a key reason why professional services firms are among the industries most at risk. Here, the idea is, the victim is likely to pay the ransom ASAP to avoid legal and reputational ramifications of a data leak.
- Companies with fewer security protections. Cybercriminals often target organizations they perceive as having weak security measures and smaller teams. This includes small businesses, companies with outdated websites or legacy technology, even universities — which are vulnerable due to their high volume of file-sharing.
- Businesses in Western markets. Corporations operating in the US, Canada, the UK, and Western Europe are often targets due to their wealth and reliance on cloud-based tools and devices. While these companies often have stronger security protections than SMBs and public sector entities, attackers are likely to get a larger payout if they succeed.
- Organizations that are likely to pay quickly. Attackers also look for targets that have the means and the motivation to pay the ransom right away. This group includes government agencies, hospitals, banks, and utilities — orgs that need immediate access to the compromised files and will worry about the financial impact later.
Keep in mind, these are just some general factors cybercriminals might use to pick their next target. All organizations, public or private, SMB or enterprise, regardless of industry can be the target of a ransomware attack.
Another factor is motive. Ransomware attacks are typically financially motivated, but sometimes it’s about politics or beliefs — aka “hacktivism.”
In some cases, it’s about social justice, whereas others are acts of terror or war. As an example, Microsoft has detected instances of malware targeting Ukrainian organizations.
The Business Impact of Ransomware
Organizations that fall victim to ransomware attacks can lose thousands of dollars (possibly more, depending on the target) by paying the initial ransom.
Some businesses can afford the financial hit. And in certain cases, cyber insurance claims can help businesses recoup some of their losses. In others, law enforcement is able to recover at least some of the ransom.
But, even in those best case scenarios, ransomware attacks can have a negative impact on the business long-term. We’re talking: reputational damage, diminished revenue, and the loss of customers, talent, and strategic partners. In some cases, the business is forced to shut down altogether.
Typically, ransomware is designed to infect a device and spread throughout the entire network – encrypting file servers, databases, and connected devices and apps – quickly shutting down an organization’s operations. So, there, you’re potentially taking a serious hit to productivity and potential earnings that can impact the bottom line for months, even years to come.
In some cases, ransomware attacks can lead to legal or regulatory actions — serious fines, class action lawsuits, etc. that can easily bankrupt a company.
And then, there’s the issue of trust and public perception. If customers feel that they can’t trust you to keep their data safe, they’ll take their business somewhere else. This loss of trust was a big deal for retailers like Target and TJ Maxx, but imagine a data breach on that scale if you’re, say, a wealth management firm or a healthcare provider.
Ransomware represents a serious threat to individual users and businesses alike.
Just as the rapid pace of change is driving digital transformation and reshaping customer expectations and market conditions — it’s also exacerbating the frequency and severity of ransomware attacks.
Orgs need to be aware of this threat and take proper action in order to arm themselves — or else they could be dealing with serious damage — to the bottom line, of course, but also to physical infrastructure and even human lives.
Microsoft offers several security solutions that help companies get ahead of ransomware and other cyberthreats — from AI threat detection and identity management to security solutions that span all devices and workloads.
As a certified Microsoft partner, Velosio helps clients evaluate their security environment, identify risks, and implement the right protections.
Contact us today to learn more about our services.