What Is ransomware? How can you protect yourself from attack?
13 April 2016
2015 was a big year for cyberattacks, with business network attacks becoming more common, more complex, and more aggressive. According to the BBC, there were nine data breaches where more than 10 million records were exposed, compared to four of a similar scale the year before. A number of high profile attacks have made international news, and in 2015 alone, over 500 million digital identities were exposed or stolen [source: Symantec]. Figures released by the UK government state that the minimum cost to recover from an information security breach for a company with 500+ employees is £1.46 million, up from £600,000 the year before. If that wasn't enough, the last twelve months has also seen the start of the reign of an increasingly popular form of malware: ransomware.
Ransomware: At a high level
In layman’s terms, ransomware as it exists today is a particularly nasty form of malware that infects a computer or computer network, inflicts some kind of barrier that prevents users from working, and then demands “ransom”, usually in the form of bitcoin. Once this ransom is paid, the barrier is (in theory!) then released. Like many forms of malware, you’re most likely to fall victim by clicking on a dodgy link, for example in an email, or on a website. You can learn how to #clickclever, and prevent infection from ransomware by reading on.
Types of ransomware
There are two main types of ransomware – “locker” ransomware, and “crypto” ransomware. The former works by placing a lock on your computer, preventing you from accessing programs and files. Locker malware, while malicious, is relatively easy to remove from machines and networks with the right tools and knowledge, and as such, is less effective as a method of attacking business networks.
Being infected by crypto ransomware, on the other hand, can be a lot more painful and a lot more expensive to counteract. In simplest terms, crypto ransomware works by encrypting your data. Some may only encrypt local data, but the worst (and the most common) will encrypt data across your entire network, effectively rendering your workforce unable to carry out their jobs, and even worse, potentially resulting in the loss of your priceless data.
The rise of ransomware
Ransomware, like all malware, has evolved with the growth of the internet, but over the last couple of years, it’s become a lot more prolific as cybercriminals have realised the value of holding business data to ransom. Fortunately, with the recent growth spurt that ransomware has enjoyed, public awareness of the attacks has also increased exponentially. Take a look at this Google Trends search popularity graphic, and you can clearly see just how rapidly it’s spiked since the start of 2016:
There are a number of ransomware programs, some more prolific than others. Back in 2013, you may have heard of “CryptoLocker”, a form of ransomware that allowed its users to extort around $3million dollars before they were shut down by an American task force. Since CryptoLocker, a number of variants have been distributed across the web. Current ransomware programs to look out for include “Locky” (it’s not as nice as it sounds), “CryptoWall”, “TorrentLocker” and “CTB-Locker”. They all do the same thing, in similar ways, and all should of course be avoided.
The best way to avoid ransomware is to avoid clicking on things that you simply shouldn’t be clicking on. It’s quite matter of fact, but teaching yourself and your colleagues to #clickclever can literally save your business thousands. Remember that it only takes one individual to click on one infected link or attachment, and your entire network could become encrypted. It might be Sandra in finance clicking on a fake invoice attachment, or Alan in sales, clicking on a link in a personal email that’s cleverly disguised itself as a genuine email. Make sure you're sure you know who the email is from. Spoofing is a common cause of data breach.