What is a Ransomware Attack?A ransomware attack is a type of malware attack that blocks access to the infected computer or network and encrypts critical data. Consequently, the attacker demands a ransom payout from the victim in exchange for network access and decrypted files. Ransomware attacks are usually caused due to Remote Desktop Protocol (RDP) manipulation, email-based phishing, malicious links, or malvertising. The victim of a ransomware attack has limited options. They can either pay the ransom or try to eliminate the infection themselves. It’s important to note that most businesses that pay off a ransomware attack are hit again in a few months. Even more alarmingly, Forbes reported that 92% of companies that pay ransomware attackers do not get all their data back. The best approach to ransomware attacks is “prevention is better than cure.” To build optimum defenses against ransomware, you need a comprehensive understanding of how this malware works.
Types of Ransomware:Ransomware victims have no choice but to pay in millions, giving criminals more-than-enough resources for constant technological evolutions. Threat actors have brought significant innovation in ransomware technology in recent years. Ransomware can broadly be put in two categories:
1. Locker RansomwareThese types of ransomware lock users out of their systems. Victims can view only a blank screen with the ransom demand, unable to access any file or program. Mouse and keyboard functions are partially activated to make payment, but all other computing capabilities are locked. Usually, locker ransomware doesn’t target particular files as the objective is to block the user from accessing their system. Data loss is unlikely with this ransomware attack, but there’s no surety of anything when dealing with criminals. Suggested Reading: Human Hacking: All About Social Engineering Attacks
2. Crypto-RansomwareThe intention of crypto-ransomware is to penetrate the target’s network and encrypt critical files stored on the network or device. These types of ransomware create a unique sense of helplessness, as you can see the file icon but cannot access it. Crypto-ransomware does not interfere with the hacked system’s capabilities in any other way. To further encourage ransom payment, attackers threaten permanent destruction of the encrypted files if the payment deadline is not met. While all forms of ransomware fall in the above two categories, there are three nuanced ransomware attack tactics we need to know.
3. ScarewareScareware is a psychological attack tactic where fake software displays alarming messages on your screen and scares you into making a payment or downloading real malware. The messages appear to be coming from official sources and flood your screen with countless pop-ups.
4. Leakware or DoxwareLeakware is a specific type of ransomware attack where criminals threaten to leak sensitive and personal data online. Most individuals and businesses are ready to pay any amount to protect their personal information from falling into the wrong hands. Knowing this, attackers demand exorbitant ransoms to release the encrypted data.
5. Ransomware-as-a-Service (RaaS)RaaS is the dark side of IT services. It is a subscription-based business model where developers have created ready-to-use ransomware software. Criminals with low technical knowledge can use ready-made ransomware to launch attacks. RaaS works with an affiliate approach, where group members earn a percentage of each ransom payment.
6 Popular Types of Ransomware Strains in Circulation:Let’s take a look at the most infamous ransomware strains in circulation today:
1. Bad RabbitFirst appearing in 2017, Bad Rabbit ransomware has infected many devices via a fake Adobe Flash update on malicious websites. Famous for infecting the Ukrainian Ministry of Infrastructure, this ransomware encrypts user files and demands Bitcoins as ransom. The software code contains names of popular characters from Game of Thrones.
2. PetyaPetya also originated in 2017. It is a type of crypto-ransomware that targets Windows servers and devices. It exploits the Server Message Block vulnerability and employs credential-stealing techniques to infect systems. It is one of the most feared ransomware strains.
3. WannaCryWannaCry also made its debut in 2017 (it was a big year for ransomware) in a large-scale crypto-attack that famously compromised over a quarter-million devices across the globe. Attackers exploited a Windows OS vulnerability to launch their attack on a Spanish telecom company called Telefonica.
4. MazeMaze has been targeting companies across the globe since 2019. Previously called the ChaCha ransomware, it is complex crypto ransomware infamous for leaking confidential documents on the web.
5. CrySisFirst spotted in 2016, this dynamic crypto ransomware piggybacks on shared files to enter your device. Usually, it pretends to be a legitimate video game installer.
6. JigsawNamed after the murderous serial killer from the horror film franchise Saw, Jigsaw emerged in 2016. It was the first ransomware to carry out its threat of deleting files.
7 Tips to Avoid RansomwareRansomware attacks have crippling consequences for businesses. Apart from heavy ransom payments, businesses suffer from operational setbacks, loss of reputation, data loss, and regulatory fines. Here are some best practices you should follow to avoid ransomware attacks.
- Regularly back up all data
- Use reliable anti-malware software
- Don’t download software from suspicious websites
- Don’t trust public Wi-Fi
- Don’t click on pop-ups
- Never open emails from unverified senders
- Always keep your system updated