What is ransomware?

Ransomware is malicious software (also known as Malware) used to encrypt victim’s files and demand a ransom payment in exchange for restoring access to the victim’s data or computer. Ransomware is one of the most effective and currently used forms of cybercrime.

Over the past years, ransomware has posed a serious threat not only limited to individual computers but has evolved as a weapon targeting large corporate networks. Cybercriminals recognize the potential and financial gains of targeting large companies who will be ready to pay a significant amount to regain access to their infrastructure. Unfortunately, paying the ransom does not necessarily imply regaining access to the compromised computers and infrastructure.

Cybercriminals usually have different motivations and target groups when planning their ransomware attacks. They could, for instance, target government agencies and commercial organizations to achieve political or financial gains. Sometimes they will target organizations known to have small or non-existing security teams. These organizations are at considerable risk, especially when a lot of collaboration and content sharing is expected, making it easier for attackers to trick victims into downloading the run ransomware. Many universities are usually prime examples of this situation. Cyber attackers will also target parties that seem more likely to pay the ransom quickly, such as law firms and medical facilities, which often need immediate access to their files and sensitive data.

Victims of ransomware

We continuously hear about ransomware incidents and victims. These incidents usually happen around the clock, and many people do not report them for different purposes. However, in the breaking news during this month, one of the ransomware victims was The Colonial Pipeline Company, the largest refined products pipeline in the United States. According to CNBC, Colonial Pipeline has actually paid a ransom of USD 5 Million to cybercriminals. This cyber attack forced the company to shut down the entire system for a brief time to take precautionary measures. The company was not the only one suffering from the problem. Some markets served by Colonial Pipeline have experienced some intermittent drops in supply until the recovery of Colonial Pipeline from the incident.

 

Another victim was the Irish health service which was hit by a sophisticated cyber-attack and was described as the most significant cybercrime attempt against the Irish state. The attack affected the IT systems that serve other local and national health provisions. Unlike the Colonial Pipeline, the Irish health service decided not to pay any ransom, as Prime Minister Micheál Martin clarified. 

Types of ransomware

Ransomware comes in different types and has countless variants, but the most used ones are crypto-ransomware and locker ransomware.

Crypto-ransomware:
It is a harmful program that encrypts files stored on a computer or a mobile device to extort money. Cybercriminals hold the data hostage, and the victim cannot access the files until they pay a ransom to get a decryption key needed to restore the files.

Locker ransomware:
It is a virus that infects a computer or a mobile device and locks certain files stored on it. It focuses on preventing access to the device’s user interface and, by doing so, denies access to computing resources until the payment of a ransom or fines.

Phishing emails are one of the most common ways of delivering different kinds of ransomware. An email attachment file or a link to a website hides a harmful program. Once the victim opens the attachment or clicks the link, he allows the execution of the malicious code, and the attacker gains control. Security researchers and law enforcement authorities, in general, strongly recommend that the victim refrains from paying the ransom. There is no guarantee that the cybercriminals will give the victim the decryption key needed for restoring the data. In some reported cases, however, crypto-ransomware infections have been so disruptive to a victim organization that they have opted to pay the ransom in the hope of restoring their data.

Ransomware

How to mitigate the risk of Ransomware? 

There are several essential measures to take to mitigate the risk of Ransomware incidents. 

  • Take regular offline backups. 
  • Avoid clicking on links in emails received from untrusted or unexpected senders. Also, avoid downloading files from dubious websites. 
  • Keep systems and applications up-to-date and deploy up-to-date security software. 
  • Protect your personal information (Be skeptical when someone asks about sensitive details). 

In principle, anyone can be a cyberattack victim given they are individuals, large or small organizations, low-profile or high-profile entities. However, a compromise in most cases starts from the individual human action giving way to cybercriminals. Hackers can attack an organization because of social, political causes, or simply hacktivism, not only for financial motivation. Therefore, it is essential to increase cybersecurity awareness among employees by offering them training on information security. Sensitize them on the danger of falling on a trap of a phishing email which can cause unwanted damage to the entire organization.

Oivan can help you design, develop and operate secure services that will keep your valuable information confidential. We carry out our work based on industry best practices such as SANS, NIST, CIS, OWASP, and OSSTMM. 

Let’s talk! Feel free to contact Dr. Bilal Al Sabbagh, Head of Cybersecurity at bilal.alsabbagh@oivan.com for more information. We look forward to hearing from you.