What is ransomware and how does it work?

Ransomware is malware. It can be delivered through a variety of mechanisms, but email is one of the most common attack vectors. Attackers send a ransomware-infected email, the recipient opens a file or clicks on a link, and inadvertently downloads the ransomware malware onto his or her device. The malware then enters the network, installs itself on servers, storage, databases, network appliances and so forth. Once activated, the ransomware malware encrypts the data on the target systems—rendering the data, or the system itself, completely unusable. Remote Desktop Protocol (RDP) sessions, often disguised as a request from an internal IT support representative to fix a fake problem with an employee’s computer, is also a popular vehicle for delivering the attack payload.

Once the data is encrypted, the attacker contacts the victim and promises to decrypt their data upon payment of a ransom. The ransom is typically payable in cryptocurrency.  Learn why cryptocurrency is making ransomware worse. The amount could be as little as a few hundred dollars for a small business all the way up to millions if the target is a major corporation or government entity. The average data breach costs $4.2M, according to IBM. Much of the interaction is automated, so the target may think he or she is talking to a real person when in fact the ransom message and decryption instructions are coming from software robots.

Is ransomware a threat to my business?

Ransomware is a serious threat to any business or organization, including any size or type of business. You might think bad actors are after financial information or healthcare records but that’s a bad assumption. They aren’t choosy, targeting every industry, including public sectors, educational organizations, and nonprofit organizations. Almost any kind of organization can be a target. Attacks have been extremely widespread and successful. And, the ransomware threat will take advantage of a broad attack surface which includes:

How is ransomware spread?

Ransomware infections can spread more and more. This is one of the reasons it can be so devastating. It has the potential to lock you out of everything. Malware moves laterally across networks. It enters the network at point A, but then moves to points B, C and D—encrypting data as it moves laterally. For this reason, countermeasures such as network segmentation security, which restrict lateral movement, help mitigate the ransomware threat.

What are the top ransomware targets?

As of now, just about any business, organization, non-profit, or government entity can be a ransomware target. Healthcare organizations, industrial sites (operational technology/OT), school districts, local governments and utilities are some of the most common targets. However, all businesses have risk exposure for ransomware.

Masergy finds that many businesses assume they are not a target because they don’t handle sensitive or personal information, such as financial statements or healthcare records. But this is a big mistake. Nothing could be further from the truth. Any type of corporate information can be held for ransom. If it’s valuable to your organization, a cybercriminal will encrypt it and ask you to pay them in order to get it back.

How do I protect against ransomware?

It is possible to mount a successful defense against ransomware. For one thing, good overall cybersecurity is the best protection, but security can be difficult to maintain consistently everywhere all at once. As mentioned earlier, countermeasures that limit lateral movement are helpful in reducing the impact of an attack. Endpoint protection, including endpoint detection and response (EDR) services, also helps. If an attacker is unable to compromise a device like a smartphone, they will be blocked from hopping over to the main network. Email filtering and anti-phishing solutions should be part of the ransomware risk mitigation portfolio as well. Robust data backups can also be effective at reducing the impact of an attack, too.

Read the article, EDR the single best protection against ransomware

Why are ransomware threats on the rise?

Ransomware threats are on the rise mostly because the threat is revealing itself to be an incredibly effective mode of cybercrime. It pays well. It’s relatively easy to do. Consider that attackers even have software known as ransomware as a service, and they face virtually no criminal consequences. This is because ransomware attackers are almost all located outside of the countries they attack. They might be in Russia or China, for instance, while the victims are in the US and UK. They will never face the law in the US or UK. And, for reasons that are not well understood, the countries that host ransomware gangs are not making serious efforts to limit their criminal activities.

The attacks are also becoming more sophisticated, but less expensive for the attacker. Ransomware attackers can avail themselves of technologies like deepfake video generation and AI-powered language tools. Read more on that here. Using such technologies, attacking software bots can mimic human beings so well that they can trick victims into communicating sensitive data like system login credentials to the attacker.

A further reason ransomware is on the rise has to do with the increasing popularity and utility of cryptocurrencies. Until fairly recently, a ransomware attacker would have to take payment in dollars, which are traceable through banks and platforms like PayPal. No more. Now, ransomware attackers can demand ransom in bitcoins and the like—totally untraceable and easy to move around the world without fear of capturing the attention of law enforcement.

But what’s more: today’s business trends like work-from-home and IoT are giving attackers more playing field.

What is the future of ransomware?

Unfortunately, it seems that ransomware has a bright future for attackers. The growth in ransom payments and increasing frequency of attacks suggest that the attackers are poised for even greater feats of cyber criminality. No single technology appears capable of being a total solution—stemming the tide of attacks.

That said, there are reasons to be hopeful that the ransomware crisis will be contained. The explosion in attacks is leading to a commensurate level of investment in defenses. More organizations are deploying countermeasures like network segmentation, Security Access Service Edge (SASE) architecture, Zero Trust security and related techniques that make it harder for attackers to reach sensitive data and encrypt it. At the same time, increasingly sophisticated artificial intelligence (AI) tools are getting better at detecting attacks before they do too much damage.

So, what does Masergy recommend as the single best thing you can do about ransomware? Here’s our guide to endpoint security.