Ransomware: What is it? - Colonial Pipeline ransomware attack

Ransomware: What is it?

In today’s climate, where so much of the workforce and life takes place online, cybersecurity is at the top of the agenda of any business. Protecting digital assets and data is paramount. Cyber threats have been around since the inception of the internet, and they aren’t about to go anywhere any time soon.

To understand ransomware, you need to understand malware

Put simply, ransomware is a type of type of malware (also known as malicious software). It installs itself onto a system and spreads like a virus, doing very real damage to digital assets. It can delete files, prevent access, even steal sensitive information. Malware is a small piece of software written by a malicious actor. It is a common cybersecurity threat. There are more than 1 billon malware programs out there, and when the pandemic hit, malware variants rose by 62%.

Ransomware is a type of malware

Think of ransomware like someone being held hostage by a criminal who wants something in return – usually money. Instead of a person being held hostage, it’s digital assets. Malicious actors who create ransomware know that IT systems are the lifeblood of any business. Without IT systems businesses would not be able to function. If customer data was put into the wrong hands, it could do permanent damage. Creators of ransomware know this and threaten to publish the data on a public forum.

Ransomware corrupts storage devices or denies access, essentially holding them at ransom, and then demands payment in exchange for a key which will release the digital asset. Just like in a hostage situation, there is no guarantee that if money is handed over the data will be released. More than ten billion dollars was paid to malicious actors during 2019. 45% chose to pay the ransom but half still lost their data.

Ransomware attacks targeting corporations increased 20% from 2019 to 2020. With more of the world operating online since the beginning of the pandemic, malicious actors have even more incentive. Over time they are becoming more sophisticated, and they are a real threat to the business world of today.

Methods of attack

There are various ways malicious actors exploit vulnerabilities in IT systems. Phishing attacks is the most common and is likely to inflict the most damage. There has been a huge increase in these types of attacks since the start of the pandemic where malicious actors take advantage of workers who are working from home and connected to company networks.

Disguised as official emails from reputable organizations such as the World Health Organization, vulnerable employees click on links or attachments which launch the ransomware software. It then steals the credentials of the victim and attempts to spread itself through the network, seeking data to hold at ransom.

Locker ransomware and crypto ransomware are two of the most common types of ransomware. Locker ransomware attempts to lock out and render computers inoperable while crypto ransomware tries to seize files.

Malicious actors also seek insecure network services to deploy ransomware. For example, in 2017 the ransomware ‘WannaCry’ took advantage of a security vulnerability in Windows. It was reported that over 200,000 computers across 150 countries were affected.  The attack affected hospitals in the UK with worldwide financial damage of approximately US$4 billion. Similarly, the ransomware ‘Bad Rabbit’ spread in 2017 using insecure websites that users would visit, unaware it contained malware. There are many such examples of malware that have done catastrophic damage.

Is ransomware insurance phasing out?

A recent rise in sophisticated ransomware gangs who freeze major company networks is putting pressure on the current cybersecurity insurance models. Insurance premiums are at an all-time high for ransomware coverage with major insurance companies reporting losses for their cybersecurity offerings. In a world-first in May this year, global insurance company AXA announced it would no longer cover ransomware extortion payments. This may point to a new direction in insurance meaning businesses can no longer afford to rely on insurance companies to bail them out.

Protecting your business requires a pro-active rather than re-active approach by experts who specialize in cybersecurity risk and ransomware.  Contact Solzorro to find out how they can help.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest