Ransomware has become a serious epidemic affecting businesses of all sizes, and protecting your company is more essential than ever before as the number of ransomware attacks continues to rise. A report from Cybersecurity Ventures projects that on average there will be a ransomware attack on a business every 14 seconds by the end of 2019 — up from a rate of one attack every 40 seconds in 2017.
As ransomware spreads, it continues to evolve and get more sophisticated — and more lucrative. In fact, the Cybersecurity Ventures report predicts that damages connected to ransomware attacks will cost $11.5 billion annually by 2019, more than double the $5 billion in ransomware damages estimated for 2017.
What does all this mean for small to medium-sized businesses? In order to protect your organization from cyber threats, you need to keep ransomware and cybersecurity top-of-mind and educate your employees about this destructive type of malware and the damage it can do to your business.
To help you address the growing threat of ransomware, we’ve taken a closer look at how ransomware works and the most common variants that are active today. We’ve also gathered our best advice on how to protect your business both proactively by taking precautions to avoid ransomware and reactively by being prepared to recover quickly and easily if you do fall victim to an attack.
What Is Ransomware?
Ransomware is malicious software that encrypts files, locks the computer, and retains control until the user pays a certain amount of money. Ransomware can appear in two forms — either by locking your screen with a full-screen image or webpage to prevent you from accessing your PC, or by encrypting your files so they can’t be opened.
While each ransomware variant has its own twist, there are a few key components that most ransomware types follow:
Email-borne infection – Although some variants have been known to attack via drive-by download advertising, malicious websites, or peer-to-peer network file sharing, ransomware typically attacks through spoofed emails, and the end user is tricked into opening an attachment.3 It often arrives in zip files with enticingly common names, and the zip file contains an .exe, which downloads onto the target computer, adding a key to the Windows Registry, allowing it to run.
Covert communication – Once downloaded, the malware establishes communication with a command-and-control server. For example, CryptoLocker, which started the modern ransomware craze, relies on a domain generation algorithm and hops between new servers routinely to avoid detection.
Advanced encryption – Once the server connection is established, CryptoLocker generates a pair of encryption keys — one public, one private — using the huge RSA-2048 bit encryption algorithm and military-grade 256-bit AES encryption. Most ransomware variants use a 256-AES (Advanced Encryption Standard) key or a 2048-RSA key, but some even go as far as 4096-RSA.
Bitcoin ransom – After encryption is complete, the cybercriminals usually demand Bitcoin or some form of payment for the key to unencrypt infected files.4 Ransomware works quickly and quietly in the background before it unveils itself to users asking for ransom.
Tight deadline – A pop-up window usually tells the victim that important files have been encrypted and sets a time limit for payment before the private encryption key is destroyed and the files are lost forever.
The FBI wants businesses to take ransomware seriously. “Because of the global reach of cybercrime, no single organization, agency, or country can defend against it,” the organization explained in a recent statement about the growing threat of ransomware.19
As an SMB, it is impossible to stop the ransomware epidemic. However, taking the right proactive and reactive measures can help you mitigate the likelihood of an attack for your business. No business vertical, large or small, is immune to ransomware attacks, but you can set your business up for success by following best practices and using the right tools to defend against it.
Contact Us to learn more about ransomware and to get help making sure your business is properly protected.
- Ransomware Damage Report 2017 Edition, Cybersecurityventures.com, Retrieved February 2018.
- What is ransomware?, Microsoft, retrieved September 2016.
- Cryptolocker 2.0 – new version, or copycat?, We Live Security, December 2013.
- CryptoLocker Ransomware Information Guide and FAQ, Bleeping Computer, October 2013.
- Malware Protection Center, Microsoft, Image retrieved February 2018.
- Here Comes Locky, A Brand New Ransomware Threat, Dark Reading, February 2016.
- Locky now using Embedded RSA Key instead of contacting Command & Control Servers, Bleeping Computer, September 6, 2016.
- Combatting the ransomware Blitzkrieg, ICIT, April 2016.
- Cerber Ransomware Has a New Family Member – Cerber3 Has Been Spotted, Virus Guide, August 31, 2016.
- The Ransomware Meltdown Experts Warned About Is Here, Wired, May 12, 2017
- Petya Ransomware Skips the Files and Encrypts Your Hard Drive Instead, BleepingComputer.com, March 25, 2016
- The NotPetya Ransomware May Actually Be A Devastating Cyberweapon, Forbes, June 30, 2017
- Ransomware 2017 Report, Cybersecurity Insiders, Access February 2018.
- Enable or disable macros in Office documents, Microsoft, Retrieved September, 2016.
- Zero Day Report, Cybersecurity Venutres, Accessed February 2018.
- 3 Ways to Supercharge Your BDR Offering, Business Solutions Magazine, September 2016.
- 2016 Vulnerability Review, Flexera Software, March 16, 2016
- 2017 State of Cybersecurity in Small & Medium-sized Businesses, Ponemon Institute, September 2017.
- Cyber Crime, FBI, Retrieved September 2016.