As the world had gone digital over the past couple of decades, there are more and more opportunities for cyberattacks to spread its wings.
Among all the cyberattacks, ransomware is the one most feared by businesses as well as government entities. A ransomware attack not only affects an organization financially but also besmirches its good name in the market.
Here are some frequently asked questions about ransomware that every individual should know.
1. What is ransomware?
Ransomware is a type of malware used by hackers to encrypt the data in a computer system. As the data of the user is encrypted, he or she no longer has access to the data. The hackers then ask for a ransom in exchange for removing this malicious computer program from the system.
If the user refuses to pay the ransom, the hackers threaten to delete the data or expose the confidential data to others.
2. Who are the favorite targets for a ransomware attack?
From startups, SMBs, to businesses, every scale, and type of business is a target for ransomware attacks. Some of the common industries include education, finance, retail, healthcare, among others.
Not only businesses but government institutions also fall a victim of ransomware attacks, every now and then. On the 16th of August 2019, 23 local government entities in Texas were targets of ransomware attacks. The source of all these attacks is believed to be the same.
Earlier this year, the Baltimore government’s computer system was hit by a ransomware attack, causing the state to pay $6 million ransom to the attackers.
3. What are the reasons behind a ransomware attack?
There can be various reasons for choosing the target for a ransomware attack. However, the primary objective is always the same – inflicting damage to the targeted organization.
Some ransomware attacks occur to demand a hefty sum from the concerned business. The attackers identify organizations with loopholes in their network security and the ability to pay the ransom. With no preventive measures in place, the business owners are forced to pay whatever the attackers ask.
Other times, ransomware attacks can be carried out to hamper the process of a business and affect unrepairable damage. These types of attacks can be carried out by a competitor to hinder an organization’s progress by compromising its data.
Thirdly, some ransomware attacks are perpetrated just out of spite, where the attackers have a personal vendetta with the organization and want to get back at them.
4. How does ransomware infect the system?
There are various methods by which the ransomware gets installed into the computer system. The most common among them is email phishing. Email phishing is a kind of attack in which the user receives an email with an unknown attachment.
As soon as the user opens the attachment, the ransomware gets installed into his or her system. To seem genuine, the address of the email resembles some reputable institution or government body such as IRS.
Another significant way by which the ransomware can be installed into the system is by visiting an unsafe website. These websites contain the ransomware program that gets downloaded into your system without you knowing about it.
5. What are the different types of ransomware?
Ransomware is primarily of two types –
- Crypto Ransomware: It is the type of ransomware that encrypts the data of the user. Consequently, the user is not able to access the data.
- Locker Ransomware: This ransomware locks the user out of his or her device. The user cannot access the device and hence not able to use it.
Here are the four common types of ransomware –
- Locky – Locky is a crypto-ransomware that can encrypt over 160 file types. Released in 2016, Locky hit the Hollywood Presbyterian Medical Center in Los Angeles. The most common method of spreading Locky ransomware is through email phishing, where the user gets an email with an attachment.
- CryptoLocker – Once installed into the device, the CryptoLocker looks for files to encrypt. This ransomware primarily targets the Windows Operating System. It can encrypt files stored on your local and network drives, or even on the cloud.
- WannaCry – WannaCry ransomware is known for finding vulnerabilities in Windows to encrypt the data. It is believed to be active in over 150 countries. In 2018, WannaCry hit various hospitals in the UK, costing around 92 million Euro.
- Ryuk – The Ryuk ransomware emerged in 2018 and attacked several businesses over a couple of months to amass $640,000 in ransom. The ability to disable Windows Restore made it very difficult to mitigate.
6. How do the attackers ask for ransom?
In almost all the cases, the attackers ask for virtual currency in exchange for calling off the ransomware attack. Bitcoin, being the most famous virtual currency, is usually the preferred choice of attackers. As you cannot track back bitcoin to the owner, it is nearly impossible to recover the money once paid.
7. What kind of files contain ransomware?
While checking your emails, you should be cautious about downloading any unknown attachment with the extensions ‘.exe‘ or ‘.scr,’ which are executable files. Other common types of file extensions are .vbs (Visual Basic Script) and .js (JavaScript).
8. When was the first ransomware attack?
Ransomware has been an age-old menace for establishments all over the world. The first-ever ransomware attack was carried out way back in 1989 by AIDS researcher Joseph Popp with the help of floppy disks.
However, since then, as the security methods have seen significant advancements, so has the means of ransomware attack. With the evolution of the Internet, every bit of data started flowing in digital form. Ransomware started expanding its grasp around 2005 with ‘Trojan.Gpcoder’ crypto ransomware.
The locker ransomware appeared in the year 2011 with ‘Trojan.Winlock’, which locked down the system with a fake message.
Over the years, the ransomware attacks have increased exponentially with the first quarter of 2019, showing an increase of 118 percent (source: McAfee).
9. What steps should be taken for protection against ransomware?
Ransomware is a malicious program that is installed on your local device from external sources. Hence, you should take every precaution while exporting or accessing some data from the Internet. Here are some safety tips you can follow to protect yourself against ransomware attacks.
- Refrain from opening emails that do not concern you. Sometimes you get emails from a university or government organization telling you to go through their guidelines or fill the attached form. Don’t open such type of attachments unless you are expecting to hear from them.
- Ransomware is all about hijacking your critical information and ask ransom for it. Hence, it is essential for you to take a data backup of all your critical data. You can also make sure to store the data on different networks to ensure total protection.
- Keep your operating system and all applications updated. Be it Windows or Mac; the operating systems install security patches regularly to ensure protection from ransomware attacks.
- Install the best antivirus and anti-malware software for your systems. Most business owners see this as a waste of revenue and make do with the free software available in the market.
- Another way to ensure safety against ransomware attacks is to host your applications and data on the cloud. Since all your data is stored on remote servers, any ransomware attack on your local system will have no impact on your business process.
10. What is the impact of ransomware on organizations?
Whether a private company or a government organization, every establishment gets affected by ransomware attacks. However, the type of impact on these organizations may be different.
When a business gets hit by ransomware, its reputation can be sabotaged within hours. Take the example of an e-commerce website carrying out a special offer gets hit by a ransomware attack during peak hours. Other than losing significant revenue, its reputation is also hit hard.
Moreover, the data can be compromised and leaked on the Internet or to the competitors. This is something from which the businesses can barely recover.
In the case of a government organization, the data can be leaked to the public or other countries if the ransom is not paid.
Be Cautious!
By the time you take some action against an ongoing ransomware attack, it is already too late. Ransomware attacks can quickly impact your organization as you all your critical processes are held captive.
Hence, it necessary for you to take a proactive approach and prevent the ransomware from happening in the first place.
Do you know any other FAQs that we have missed? Please write to us in the comments section.