In this age of the technology and computing revolution, individuals and businesses should be aware of the threat of ransomware. Each year, thousands of attacks occur, costing billions of pounds in ransom payments and lost or damaged commerce and services. Government agencies are not exempt, with some of the largest attacks occurring on such entities as the Colorado Department of Transportation and the City of Atlanta. Victims include newspapers, hospitals, and many others around the world.
Take Precautions: Everyone is at Risk
The most important thing to know about ransomware is that everyone who enters the online environment or uses email is susceptible to attack. To protect oneself, there are several measures that help with security. Briefly, these are:
- Install and use anti-malware software.
- Use email safely by knowing how threats emanate from emails, such as malicious links and phishing schemes.
- Backup all data on a daily basis to several locations for redundancy.
- Keep all programs such as Windows and Office updated regularly with security patches.
- Avoid executing programs that may be hidden in ads, web pages, and emails.
- Be aware of ransomware developments and use a proactive, preventative approach.
- Notify law enforcement if you are a victim.
In attacks on the Colorado Department of Transportation in 2018, ransomware known as SamSam morphed several times, attacking the victim repeatedly. As current strains of ransomware grow in sophisticated capabilities, anti-malware developers face increasing challenges to keep up with the threats.
Ransomware is a Business
Ransomware is a commodity, albeit a nefarious one, and is often developed in rogue countries with authoritarian regimes. Large groups of criminal hackers may develop code in a corporate-style effort. Brokers buy and sell code to the highest bidders, after which customers attempt to spread their product through malware. Once the malware infects a vulnerable network and locks down the system, a ransom is requested. The malicious code is set up on platforms that retain the autonomy of the hacker. Even the ransom payment maintains anonymity by using cryptocurrency, keeping law enforcement frustrated.
The Demands for a Ransom
As an attack progresses, it also infects all systems that link to the infected network, leaving all data encrypted and locked. A message then pops up stating that they have encrypted the data and initial demand for payment via cryptocurrency, such as Bitcoin.
Hackers usually set a deadline, after which the required payment will increase or the data will be destroyed. Payments for individual victims may be under 100 pounds. For business, government entities, and other larger targets, the ransom demand can be in the thousands of pounds
Security experts agree that victims should not pay the ransom as this will usually incur additional attacks and there is no guarantee that the hackers will send the valid encryption keys needed to restore data and files. Vigilant businesses and individuals that have good recovery plans and can easily access a current backup can usually avoid excessive, costly downtime.