In recent years, ransomware has become one of the biggest cyber threats around. Unfortunately, it doesn’t look as if 2023 will be any different. Since this threat doesn’t appear to be going away anytime soon, it is important for everyone to understand a few things. Mainly, everyone needs to understand what ransomware is, how it works, and (most importantly) how to prevent it from being effective.
What Is Ransomware?
Ransomware is a specific type of malware that is used to lock entire devices and networks. This is done through the use of strong encryption, making it very difficult to remove the malware or its effects. Once the initial malware is installed, an attacker encrypts the entire drive or network before sending a ransom demand. As you can see, ransomware is aptly-named, because it’s all about holding your data for ransom.
Common Types Of Ransomware Attacks
The first thing to understand is that most ransomware falls into one of four categories:
- Locker ransomware
- Crypto ransomware
- Double-Extortion ransomware
- Ransomware as a service
Locker ransomware works by simply locking you out of all normal access. You will probably have limited use of the mouse and keyboard (otherwise you wouldn’t be able to make the payment). This kind of malware doesn’t delete your files, it simply encrypts them and sends a ransom note.
Crypto ransomware is a little more subtle. Instead of locking an entire drive, it simply targets the files that are deemed most crucial. With this kind of malware, you will be able to access your device, but you won’t be able to access your most important files. This type of malware often comes with a countdown timer and a promise that your files will be deleted if you don’t pay before the count reaches zero.
Double-extortion ransomware (as the name implies) is used to extract two payments rather than one. Not only do they threaten to delete your data, but they also threaten to publish your most sensitive data. For a company that deals with a lot of confidential data, the consequences of such a breach can be disastrous. Finally, we have “ransomware as a service” attacks, in which the attacker is basically renting the software from its creator.
Specific Ransomware Variants
Now that you understand the most basic division, let’s look at some specific ransomware variants. It is less likely that you will encounter these specific ransomware programs, as they all constitute known threats. However, any slight variation of the code will turn a known threat into an unknown one. At the same time, we cannot really study an unknown, so it pays to look at a few specific case examples. Besides, many unknown threats are just slight variations of known threats.
The “Wannacry” Attacks
in 2017, we saw a worldwide ransomware attack, with over 230,000 computers being infected. This nefarious attack was carried out using a ransomware variant called “Wannacry.” This was a worm-type virus, which doesn’t necessarily require tricking the user (like phishing attacks). Worm-type viruses are also self-replicating, which explains how this virus spread so quickly.
Attacks seem to have been concentrated in the Eastern United States, Western Europe, and Eastern India. The virus was only able to target Windows computers, and here’s the crazy part: Microsoft had introduced a security patch against this threat months before. However, since many people had not downloaded the update, they remained vulnerable.
This type of ransomware, first observed in 2018, is known for its sophistication and subtlety. The group behind this software is apparently known for its use of manual hacking techniques and open-source tools.
Ryuk might be of North Korean origin, as its code is based on that of an older ransomware strain called Hermes. Hermes was specifically connected to a North Korean hacker group known as Lazarus, and the high sophistication of these attacks would fit with a state-sponsored origin.
This is a good example of ransomware as a service since Gandcrab was mainly spread through a dark web subscription model. While this software was apparently retired by its creators, they boasted that their program had allowed their various customers to extract over $2,000,000 in total. One particular security researcher has traced this malware back to Russian sources, though no one has been convicted or charged.
How To Prevent Common Types Of Ransomware Attacks
There are several important steps that you can take to prevent ransomware from infecting your networks and devices. Let’s go over the most important precautions and countermeasures. First, always make sure you get new software/OS/hardware updates as soon as possible. Once a patch is issued for a known vulnerability, there is a negative side effect: Everyone is now aware of the vulnerability. Thus, there will then be a rush to exploit this loophole before it closes, so make sure you get the patch before that happens.
Data backup is probably the single most important thing you can do to protect yourself against ransomware. While this doesn’t guard against the threat of exposure, it does nullify the threat of data deletion. They can’t hold your data for ransom if you can just wipe the drive and restore it from a recent backup. If you do this, make sure you also reinstall the BIOS, as malware can sometimes hide there.
Believe it or not, most ransomware attacks begin with a social engineering attack (like email phishing or a phone scam of some type). Thus, education and careful habits represent a strong safeguard against ransomware. The most important thing is to be careful about clicking anything that isn’t what it seems to be. We don’t have space to get into all the specifics, but a little education can go a long way.
Ransomware can be a truly scary thing for large organizations. With so much data to protect, there are far too many companies that have buckled and paid the ransom. However, this is not recommended, because you can’t count on these kinds of people to keep their word. If you are in need of expert consultation on this subject, or if you need help with any IT-related matter, you can call PCH Technologies at (856) 754-7500.