What is ransomware and why take action against it
Through Kyriacos Nicolaou
A comprehensive report from cybersecurity solutions provider and consultants Check Point has provided surprising but informative insight into the world of cybersecurity over the past year.
One of the key aspects of the report is the increase, proliferation and devastating impact of ransomware attacks, with the report estimating that they have inflicted a cost of around $ 20 billion on businesses worldwide alone. in 2020.
The report includes a detailed account of the top cybersecurity threats, attacks and events during the year, as well as predictions of what is expected to happen in the current year in the cybersecurity landscape.
He stressed that businesses and organizations should not rest on their laurels in the event that they have already deployed measures to detect threats and then execute a remediation plan. It is crucial that organizations also consciously adapt their planning so that it also incorporates strong elements of threat prevention.
What exactly is ransomware?
While all forms of malware (malware) are unwanted due to the potential damage they can cause to your devices, network, work and personal life, not all are designed the same and are not created to behave the same way.
This is because even though malicious entities can proliferate viruses and other forms of malware to extract information that may be useful to them at a later stage and perhaps pending some sort of modification (e.g. a goal) much more short-term and immediate in mind: extracting as much monetary value from their victims in the fastest and most efficient way possible.
This is the purpose of ransomware, a very specific form of malware. Ransomware infects your device, mostly computers, as these are the devices most of us do our most critical file-based work on, affecting its performance in some way and keeping it in check. hostage in exchange for a monetary reward. The majority of ransomware attacks involve the encryption of some or all of the files stored locally and a message displayed to the user that their files will remain encrypted forever, unless the attacker receives a fixed amount of money in a predetermined time frame.
Ransomware attacks are far from a new threat. The first ransomware incident dates back to 1989, when 20,000 floppy disks were released at a World Health Organization conference. The floppy disks contained a Trojan horse virus that encrypted file names and hid file directories.
Ransomware has become much more commonly used over the past decade, spurred by the spread of RSA encryption in the mid-2000s. Specifically, 2013 is seen as a pivotal year for ransomware as it is the year in which the first instance of CryptoLocker and its Locker copy software have been registered. This, of course, coincided with the adoption of various cryptocurrencies, which is the preferred payment method for malicious entities as it facilitates anonymity when receiving extorted funds.
While the majority of ransomware relies on spear phishing (using seemingly legitimate emails to spread malicious files) to target potential victims, the popularity of social media and its increased functionality has given hackers new ways. infect users and their devices. This was especially evident in 2016, when around 638 million ransomware attacks occurred, driven by the creation and spread of Locky, a ransomware that uses malicious macros.
What are some types of ransomware attacks?
Although some attributes are shared among ransomware attacks, unfortunately they come in several variations, each with its own method of operation, characteristics and general behavior. We have already discussed the threat of crypto-style ransomware, but let’s look at other types of attacks.
Locker ransomware: This type of attack kicks the user from their own device and demands a fixed amount of money to provide them with the necessary code to regain access.
Scareware: Similar to spear phishing, scareware attacks involve the use of deliberately legitimate design and wording to trick the user into voluntarily downloading and installing malware, often scaring the user with messages stating that they’ve already been infected and their app allegedly offers a solution.
Botnet Attacks: Botnets use a large connection of devices, all connected to the internet, with each device running multiple bots, essentially creating a giant network of specially designed programs, hence the nickname. Botnets can be used to facilitate Distributed Denial of Service (DDoS) attacks, as well as to steal data from an organization.
Corporate Ransomware: It stands to reason that a lot of ransomware is aimed at large organizations and other such businesses for the simple reason that they can extract more money from those companies. They do this, for example, by threatening the organization with a Distributed Denial of Service (DDoS) attack, which would cripple the organization’s website and online services, unless it pays an amount as a ransom. .
Another means of corporate ransomware involves malicious actors having already extracted business-critical data or personal data submitted by customers and users of the organization and threatening to disclose that data to the dark web or to make them public unless a ransom is paid to the entity causing the threat.
One example occurred in 2014 when a group of hackers calling themselves the Peacekeepers successfully hacked Sony Pictures. The group not only leaked confidential data to the public, damaging the company in the public sphere, but also deployed a type of malware called Shamoon wiper to completely wipe out Sony Pictures’ entire IT infrastructure.
But what is the extent of ransomware attacks?
The Check Point report gives an unpleasant reading:
100,000 malicious websites are designed to spread malware and attack users and organizations.
10,000 malicious files aim to extract data or cause disruption on a daily basis.
44% of organizations saw at least one internal user employed by the organization download a malicious mobile app that posed a risk to their data and infrastructure.
In Q3 2020, nearly half of all ransomware attacks involved the threat of maliciously extracted data disclosure, while the average ransom fee demanded by malicious actors was $ 233,817, an increase of 30 % of average expenses for the second quarter of 2020.
Banks face a serious threat from a type of botnet-like malware called Emotet, which has evolved to attack other large organizations as well.
“The rate of cloud migrations and deployments has exceeded the ability of security teams to defend them against attacks and breaches,” said Tsion Gonen, Cloud Product Line Manager at Check Point.
“Over 80% of companies say their traditional security solutions either don’t work at all or provide limited functionality in cloud environments, creating a great opportunity for malicious actors targeting the cloud,” he added. .
“To close these security gaps, organizations need to gain holistic visibility into their entire public cloud environment and deploy unified and automated cloud native protections. This way, they can keep pace with business demands while ensuring continued security and compliance, ”Gonen concluded.