What is Ransomware?
Ransomware is one of the top cybersecurity threats, and it has gained enough ubiquity and power in recent years that defending against it is now a major security consideration for most corporations, and even government bodies.
But what is ransomware? How does it work? And just how concerned should you be about the possibility of being targeted in an attack? Take a deep breath; we’re here to answer all your ransomware-related questions. We can’t promise that these answers will put you at ease, but we can promise that they’ll leave you more informed.
As most IT leaders will tell you, it’s never a question of if you’ll get hacked, but when. Knowing what you’re up against can help you create an action plan around what you’ll do when that day comes.
What is ransomware?
Ransomware is exactly what its portmanteau of a name implies: a type of malicious software that blocks access to systems or data until the victim pays a ransom fee. The most common delivery vector for ransomware is email, but there are a number of different entry points that attackers can take advantage of (which we’ll cover in depth later in this series).
While malware has been around for almost as long as computers have existed, ransomware is a newer threat. While the first ransomware attack occurred all the way back in 1989, it didn’t become a widespread threat until around 2012. In the years since, it has mutated into a threat that many are rightfully fearful of.
Because the goal of ransomware is to extort its victims for money, attackers have shifted their strategies over time to target companies rather than individuals due to scale. Going for larger targets has caused ransom demands to skyrocket in recent years into figures in the tens of millions. We saw this just this past summer when an affiliate of the REvil gang demanded a whopping $70 million after attacking Kaseya, an IT management software company.
And if you read that last sentence and said, “Wait, there are ransomware gangs?” Unfortunately, yes there are. Ransomware gangs often operate as a company would, with malicious hackers working full-time. Gangs often also coordinate as larger cartels, sharing information and techniques to increase their effectiveness.
How ransomware works
As we mentioned, most ransomware attacks enter networks using mail—phishing emails, in particular. For recipients, this can either look like a standard email with a link that redirects them to a fake login page when clicked, or an attachment that contains malware that will infect the system when downloaded.
This type of activity is referred to as social engineering, as it requires human input from the victim in order for the attack to be initiated. As David Bisson wrote on our blog back in July, delivering ransomware in this way is more effective because it relies on human weakness, rather than technical controls, to work. This makes it harder to combat from a technical perspective.
Once ransomware enters a network, it’s pretty hard to miss. It’s catastrophic by design, blocking access to systems or data and often completely disabling technology. Having such a big impact is how attackers can get away with demanding such large sums of money. No company wants to be blocked from their own systems or run the risk of having their customers’ data compromised or exposed.
We shared the story of a Zix customer who was targeted by a ransomware attack on our own blog this year, and his experience was very much in line with the cautionary tales being told in the IT world. In this case, the type of ransomware was a Ryuk attack, and the victim was a community health system.
Jamion Aden, the company’s IT director, was alerted of the attack at 12:30 am, after a nurse noticed that an on-site printer was down. Thankfully, Jamion and his team were able to shut down their servers and then use their VMware environment to boot up each server without connecting to the network to investigate the damage and prevent opening their data up to further vulnerabilities.
Many companies aren’t so lucky, though, and for a number of victims, the implications of ransomware attacks are disastrous—though there is still some ongoing debate over whether it’s actually a good idea for victims to pay the ransom.
Why ransomware is a growing threat
Ransomware attacks have become increasingly pervasive in the last few years. In 2020 alone, the number of attacks increased by a staggering 485%, the majority of which took place during the first half of the year (a pattern that some say took advantage of the fact that many workplaces went remote, which made it easier to infiltrate less secure networks).
In short, ransomware is a threat that every company should be informed about and build an action plan around. Thankfully, there’s a great deal you can do, both from a security and an education standpoint, to prevent these sorts of attacks from affecting your systems. We’ll get into some of those best practices later in this series, but for now, you can rest assured knowing that having the right resilience strategy (and solutions for prevention and data backup) in place will do a great deal in protecting you from the vast majority of ransomware attacks.
We'll notify you when new articles are released
As with most threats, it’s helpful to learn more about where ransomware came from in order to understand how it affects the world today. We’ve covered the basics of what ransomware is in our first article, and in this one, we’ll cover its origins (as well as how it’s evolved over time).
Ransomware is an ever-changing threat, and its impacts have grown both in seriousness and scale over the last few years.
nyone with an eye on cybersecurity these days knows that there’s never just one thing to worry about. As David Pickett, Senior Cybersecurity Analyst at Zix | AppRiver puts it, there are a number of ways that hackers can use ransomware to enter networks, and that number is growing all the time.