Cyber criminals are increasingly using ransomware to blackmail companies and extort money. What are the different types of ransomware? How do you prevent it impacting your organization? And what should you do in the unlikely event that you yourself are a victim?
In April 2021, it was difficult to find cheese in certain Albert Heijn supermarkets. Why? Over the Easter weekend, the company responsible for supplying the supermarket chain with cheese had been hit by ransomware. Because of this attack, a lot of work suddenly had to be carried out by pen and paper.
Another well-known ransomware attack took place at the end of 2019 at Maastricht University. Criminals encrypted various systems in the university, making essential files unavailable. Global ransomware attacks like WannaCry and Petya reached millions of computers, causing billions of euros worth of damage.
Types of ransomware
Ransomware is a type of malware that blocks a computer or encrypts certain files. By paying a ransom, often in bitcoins or other cryptocurrencies, the files become accessible again. Unfortunately, payment of the ransom does not always lead to the files being released. In addition, even after the ransom has been paid, the software can remain on computers, blocking systems later on and leading to an even higher ransom being demanded. Ransomware usually enters computers via links or attachments in e-mail messages, but criminals are finding more and more ways to get the ransomware into systems.
There are different types of ransomware:
Scareware is not really ransomware since it does not encrypt files and lock systems. These are intimidating messages with false notifications, for example about illegal activities that the user is allegedly carrying out or viruses that the user should remove immediately.
Cryptoware is advanced ransomware that encrypts all files on a computer or server using asymmetric encryption. As a result, users are no longer able to open or edit files. Files on the network, in cloud storage services, on USB sticks or external hard drives may also be encrypted. This asymmetric encryption gives criminals have one key to encrypt data and one to decrypt data.
Locker-ransomware blocks essential computer functions, such as access to a desktop and mouse; it is still possible to communicate via a pop-up window, which is used to ask the user to pay a ransom. This type of ransomware is often more harmless than cryptoware because critical files are left intact.
Ransomware is increasingly sold to cyber criminals with little technical knowledge. This means that the programmers themselves run little risk, while reaping substantial profit.
Professional business model
Although the amounts of money that are asked for can be quite high, they are not usually extreme, which makes it tempting for companies to pay the ransom in the hope that that will be an end to their problems. After all, being unable to do business for a number of weeks, or even longer, will ultimately cost them even more money. It may be more logical not to pay, and so avoid perpetuating crime, but this isn’t always the case. In addition, payment is made very easy and criminal organizations are increasingly working with professional service desks for a smooth settlement.
The keys to a number of older ransomware variants have been found by police or security researchers and in these cases it is relatively easy to rescue the files without having to pay the ransom.
To fight ransomware effectively, it is essential to first remove the malware itself, to prevent files from being re-encrypted. It is then important to restore the most recent back-ups, providing of course that they are available and accessible.
The first step in fighting ransomware is to raise awareness among everyone in the organization. Most people know that they should be aware of phishing emails, but as criminals become more professional, so too do the emails. In addition, so-called ‘voice phishing’ is on the rise. This involves a company employee being called by someone who claims, credibly, to be calling on behalf of the CEO, and asks for an amount of money to be transferred immediately. Or someone pretends to be a colleague and asks for all kinds of confidential information. Awareness around the use of passwords is also essential; it is possible to set rules in this area. Protecting particularly valuable information with two-step verification is also a good idea. In addition, a secure IT infrastructure is of course essential, and that means ensuring a firewall to prevent attacks. Alongside these measures it is also important to have the latest updates of software, including the antivirus system. Daily automatic back-ups, as well as regular testing to make sure they work, is also necessary.
Mapping out the risks and adjusting the IT environment is a difficult task for many organizations. You can save your organization time, money and a lot of headaches, by hiring a specialist to carry out these tasks.