- November 3, 2021
Ransomware is a constantly evolving form of malware that infects a computer system and encrypts all the data on a device to render them unusable. The attackers then demand ransom for the decryption key. In recent years, ransomware attacks have frequently made headlines. The present-day targets of ransomware attacks include global industries, international government entities, and critical infrastructure.
The evolution of ransomware can be traced back to December 1989, when a biologist named Joseph L. Popp attempted to extort other researchers via malware delivered on floppy disks. The earlier versions of ransomware targeted a single host or a small number of hosts. These unsuccessful attacks did not cause extensive damage to the compromised network.
The infamous ransomware attacks at the beginning of the internet era were GPCode and Archievus. These attacks focused more on quantity over quality, targeting multiple entities and demanding low ransom fees. Additionally, ransomware attacks use encryption technology to cut off user access to files. With the gradual advancement of encryption methods over the last decade, ransomware attacks are becoming more sophisticated. Cybersecurity Ventures have predicted ransomware incidents to cost organizations $265 billion by 2031.
The Evolution and Impact of Ransomware Attacks
In the 2010s, ransomware attacks started picking up the pace. The first locker ransomware, WinLock, surfaced in 2011 and wholly locked victims out of their devices. This malware did not encrypt any files and infected users through malicious websites. In 2012, the first Ransomware-as-a-Service (RaaS), Reveton, emerged. With this, cybercriminals having limited technical skills could purchase ransomware on the dark web.
Reveton is also the first ransomware attack that demanded payment in cryptocurrency—that is, bitcoin. The 90s ransomware attacks asked the victims to send the ransom amount by post, making it traceable. But the advent of cryptocurrencies changed the game and made it untraceable. In addition, CryptoLocker, containing both locker and crypto properties, attacked the masses in 2013, representing another evolution in ransomware.
Typical Ransomware Targets
Earlier, the primary target of ransomware was PCs, owing to Microsoft’s popularity and large user base. However, by 2014, new ransomware emerged that could attack Windows, Android, Mac, and Linux devices with the same code. Finally, the infamous WannaCry ransomware attack of 2017 showed the potential. Affecting industries from banks to healthcare to law enforcement in over 150 countries, WannaCry exploited the vulnerability present in the legacy version of the Server Message Block Protocol.
The frequency of ransomware attacks has increased dramatically in the last few years. The ransom demands are increasing, and if any victim refuses to pay, the attacker sells the sensitive information on the dark web. Small and mid-sized businesses often make the mistake of thinking of themselves as safe from these attacks. However, according to Datto’s Global State of the Channel Ransomware Report, ransomware is the number one malware threat to these businesses.
A ransomware attack can affect businesses in several ways. While the downtime results in revenue loss and interrupts business operations, the recovery time can range from a few hours to a few weeks depending on the severity of the cyberattack. In addition, a data breach from any ransomware puts a question mark on the cybersecurity measures of an organization. It affects reputation adversely and leads to a loss of customer trust.
With access to critical-operation applications and data cut-off, productivity takes a hit. On top of all this, businesses also face legal consequences regarding cybersecurity compliances and pay fines if applicable.
Best Practices to Prevent Ransomware Attacks
The best way to prevent cyberattacks like ransomware is by spreading cybersecurity awareness and implementing security protocols across the organization. In addition, federal and state governments have passed various laws and recommended several measures to reduce the risk of ransomware attacks.
Here are some of the best practices for businesses to follow and improve their security resilience:
- Use strong passwords: users must use passwords containing a combination of alphanumeric and special characters for all account logins.
- Multi-factor authentication: The CISA, FBI, and NSA urge organizations to use multi-factor authentication for all services to make it difficult for hackers trying to gain access.
- Update systems: one of the best practices to prevent ransomware attacks is to keep all operating systems and software up-to-date. Timely patching is a cost-effective step for an organization to minimize its exposure to cybersecurity threats.
- Limited access: businesses must remove unnecessary access to critical systems and services. They should restrict privilege to essential user accounts to effectively monitor any anomaly. Using a network monitoring tool can help identify and detect lateral traffic movement activity on a network.
- Backup: businesses must enforce backup and restoration policies and procedures across the organization. It is also necessary to maintain regular backups and ensure all backup data is encrypted.
The CISA, FBI, and NSA recommend preparing and exercising a basic cyber incident response plan and procedures following a ransomware attack. It is also necessary to disable or block server message block (SMB) protocol and remove outdated versions. Implementing cybersecurity awareness and training programs is also helpful for identifying and reporting potentially malicious emails.
Ransomware attacks are not going to slow down anytime soon. These attacks are becoming more sophisticated with other technological advancements. The evolving attack techniques are making it difficult to detect the cyberattack in its initial state. As we wrap up cybersecurity awareness month in 2021, it is imperative for small to midsize businesses to formulate a preventative posture to combating ransomware attacks.
Therefore, one surefire way to prevent successful ransomware attacks is by implementing robust cybersecurity policies and best practices to help reduce human error across the organization. All in all, installing continuous security monitoring of log files, corporate networks, and other business-critical assets is critical in discovering and stopping ransomware attacks before they result in a breach or service interruption.