It’s the Wild West Out There
This isn’t melodrama.
It’s easy – and far too convenient – to think that hackers can’t be bothered with your business. They can, and if you give them an opportunity, they will. It’s not a question of if, it’s a question of when.
In today’s mind-boggling ransomware attack, Acer was hit for a $50 million ransom. This could get very ugly for Acer as the author of the ransomware used, REvil, has been known to retarget victims, even after the ransom has been paid. That’s horrible you might think, shrugging it off as a large corporation problem but why would anyone bother targeting me? It’s simple. You don’t have to be an ace hacker to get into the ransomware game. Ransomware as a Service is an easy way for small payers to get into the ransomware business. The more small players who get in, the more dangerous the Internet becomes for small business owners like us.
That’s where ransomware as a service (RaaS) comes in, with developers selling or leasing malware to users on dark web forums. These affiliate schemes provide low-level attackers with the ability to distribute and manage ransomware campaigns, with the developer behind the ransomware receiving a cut of each ransom victim’s pay for the decryption key.
Researchers at cybersecurity company Group-IB have detailed that almost two-thirds of ransomware attacks analysed during 2020 came from cyber criminals operating on a RaaS model.
Such is the demand for ransomware as a service, that 15 new ransomware affiliate schemes appeared during 2020, including Thanos, Avaddon, SunCrypt, and many others.
Competition among ransomware developers can even lead to the authors providing special deals to wannabe crooks, which is more bad news for potential victims.
What Can We Do About It?
The key here is to prevent rather than react. Reacting can become a complete nightmare and every day we spend trying to recover from a data breach is more revenue lost and more support dollars spent.
There is no single thing we can do to prevent a data breach. Security is layered, meaning we want to secure:
- The edge of the network
- The devices on the network
- The devices that connect remotely to the network
- Data on servers and workstations
- Data in the cloud
- And some secret sauce we won’t mention here 😉
Now is the time to act. Tomorrow could be too late.
What is Ransomware?
Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.
How Do You Get Ransomware?
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access to an organization’s network.
What if you Don't Pay The Ransom?
If you don’t pay the ransom, the simple and immediate answer is, you lose access to your data. You may be able to recover from backup but ransomware is often smart enough to encrypt backups too. Even if you can recover, the costs will be significant and your data can be released:
This malware has been involved in ransomware and data theft attacks and in some cases, its operators stole and auctioned off sensitive data on the internet when they were not able to coerce victims to pay up.
The options are grim.