What is Ransomware?

Ransomware has quickly become one of the most popular forms of malware that bad actors use to compromise an organization’s security posture. Ransomware is dangerous, complex, and hard for security teams to detect and remediate. But what IS ransomware? And how do you defend against it? These questions and more will be answered in this blog post from us at PlexTrac.

If you want to learn more about the Purple Teaming Platform and how we can improve your security team, click here.

What is Ransomware?

Ransomware is a form of malware that threatens to publish the attack victim’s information or block access to said information if a ransom is not paid. Simple ransomware simply blocks users from accessing or using data. This type is a minor inconvenience for victims but is something easily reversible for even the newest cybersecurity professionals. However, more complex ransomware is able to employ a tactic called crypto-viral extortion. Crypto-viral extortion encrypts the victim’s files, often making them completely inaccessible. The attacks then demand a ransom in exchange for the decryption of the files.

After successfully exploiting an individual or organization’s vulnerability and retrieving precious data, the attackers usually detail instructions for the victim on how to pay to get their information back (hence the word “ransom”). Attackers commonly use currency apps like Bitcoin or Ukash because they’re untraceable, making the attacker’s identity harder to pinpoint.

How Does Ransomware Work?

Now that we know the basics of ransomware, let’s jump into how the malware actually works. Ransomware can be used through a number of vectors. However, one of the most commonly employed vectors is through phishing schemes, usually carried out through email. Ransomware attachments come into contact with victims through the platform, posing as a file that the user would otherwise trust. Once these Trojan files are downloaded and opened the ransomware is deployed, taking over the victim’s computer and setting the attack in motion.

Many of these devious ransomware files are equipped with extensive social engineering tools that trick operating systems into granting administrative access and privileges. However, some of the more complex ransomware, like NotPetya, can actually bypass the need to trick devices and instead target holes in the computer’s security for direct access. Once behind the device’s security measures, attackers have a direct path to hit pay dirt.

Once in the system attackers can either scan a computer for important files or target the entirety of the disk drive. The target files are then encrypted in some manner and terms are set for the safe return of the files. Victims are oftentimes forced to pay these ransoms because the mathematical encryption set on the files are too complex to solve without the algorithm that is only known by the attacker.

Why is Ransomware Important to Know?

Ransomware is one of the fastest growing attack methods in the world of cybersecurity. In fact, the use of ransomware has increased exponentially since its inception around the year 2012. Ransomware reached over $1 billion In payouts in the year 2016. Additionally, there were 181.5 million ransomware attacks carried out over just the first six months of 2018. This number marks a 229% increase from the same time period in 2017. Simply put, ransomware has become a mainstay for bad actors. A new report from 2020 also suggests that ransomware is expanding into new target industries. Traditionally ransomware has been most popular for use upon local and state governments and in healthcare systems. However, new attacks are being carried out across many new industries.

On top of its increase in popularity ransomware is also important to know about because of the many dangers it presents. The loss of valuable data and the strain of down time on your site or program costs your company precious time and money. To make matters worse, the power of ransomware only seems to be growing. This growth is because ransomware has been continuously developed like an actual piece of software, with a plethora of updates and enhancements being pushed out in a timely manner. The resources it takes to fight and defend against these enhancements requires both a budget and R&D time that many organizations simply do not have.

Ransomware was made to capitalize on the most vulnerable aspect of an information system: people. By continuously using tactics in both phishing and social engineering attackers are able to make quick work of an organization’s human capital to penetrate their security posture. This focus on exploiting people is why it’s so important to know about and defend against ransomware attacks.

Tips to Defend Against Ransomware

While most ransomware defense methods are not 100% effective, they provide an additional hurdle against even the most complex ransomware attacks. Having a plan for defensive action is vital to prevent a costly ransomware infection. The tips below are a good set of general security practices. Implementing and following these tips will maximize your security against all sorts of ransomware attacks:

• Keep your operating system patched and up to date to ensure you have fewer vulnerabilities to exploit. Ransomware attacks can be carried out on PCs, Macs, and even mobile phones, so this step is important for all users.
• Backup your files. This may go without saying, but the act of storing consistent backups ensures that you don’t need to open your checkbook to retrieve files and can revert to a previous backup instead.
• Install antivirus software for additional protection. You may be good at detecting phishing attempts, but additional software will ensure you don’t suffer from a temporary lapse in judgement. Additionally, whitelisting software is useful to prevent unauthorized applications from entering your inbox entirely.
• Don’t give administrative privileges unless you can verify the identity of the program asking for permission. Many ransomware attacks pose as well-known and trusted brands, so triple-checking permissions for authenticity can be a life saver.