How Does Ransomware Work?
The topic of ransomware has been huge in the last year, and public awareness of this once obscure method of cyber crime has peaked in recent months. But how does ransomware work, and what exactly does it do?
Ransomware is a malicious program or string of code that encrypts all the file on a computer system and effectively locks them up. Access to these files is impossible without an encryption key, which is offered in exchange for a ransom. Attackers usually request that the ransom be paid through anonymous means such as bitcoin or other cryptocurrency.
The encryption used in most malicious ransomware attacks is essentially unbreakable. Only in a few isolated cases have security professionals been able to break the encryption. Not all ransomware is the same, either. There are many different malware programs that go by various names and use various means to encrypt victim data; Locky, CryptoLocker, TeslaCrypt, SimpleLocker, and WannaCry are some of the names that have been used over the years for the different programs.
Some Sobering Ransomware Statistics
The numbers are alarming when it comes to the latest ransomware statistics.
- Out of 582 cybersecurity professionals, almost 50% do not believe their organization is equipped to withstand a ransomware attack.
- Ransomware attacks total almost $75 Billion in damages to businesses.
- The average cost of a ransomware attack on a business was $133,000.
- 75% of companies that were infected with ransomware were running up to date endpoint security.
Source: PhoenixNap.
Examples Of Costly Ransomware Attacks
Ransomware attacks almost all sectors and industries. In February of 2018 Colorado’s Department Of Transportation (CDOT) was crippled by a ransomware attack that infected almost 2,000 computers, costing the city between $1 and $1.5 million to only partially recover. It took over two weeks just to contain the ransomware, and another two weeks to get systems back online. There were between 50 to 150 people working on fixing the issue at any one time.
The city of Atlanta was crippled by the SamSam ransomware in early 2018, and it cost over $2 million USD in government funds total in order to deal with the crisis, which debilitated city resources for several days. At the time, the ransomware attackers wanted about $50,000 USD in Bitcoin.
Why Not Just Pay The Ransom?
You may be looking at those numbers from the Atlanta attack and wonder why the city wouldn’t just pay the $50,000 instead of spending $2 million cleaning it up. However, the FBI and law enforcement officials contend that paying the ransom is not always the easiest move.
First, you have to trust that the attackers will actually give you the key in return for payment. The anonymous nature of bitcoin means that you could send the money and never hear from the attackers again.
Another challenge is in regards to actually decrypting the data itself. Decrypting data is slow – it can take upwards of a week to decrypt a 1 TB drive, even with the proper key. Downtime due to this can be incredibly costly for many businesses.
The True Cost Of Downtime And Reputation
Although monetary damages can be enough to set even a well-insured company back to the point where recovery may ruin the business, another cost that is hard to measure is in terms of reputation and downtime. How much would it cost your business to be out of commission for several days to a week? The loss in profits and business should be added to the cost of cleaning up the malware.
Another cost that is hard to put a figure on is reputation. Will your clients lose trust in your business if you lose valuable data? Will patrons of a hospital or medical center be wary of returning if their medical data falls into the wrong hands?
Don’t Think You’re “Too Small” To Be A Target
The nature of ransomware makes it easy to distribute for attackers, and therefore they won’t stop at attempting attacks on smaller businesses just because they are small. Sometimes smaller businesses are more apt to pay the ransom because they don’t have the resources to hire and expensive IT company to help them clean up and get back in business. This can make attacking smaller businesses more appealing to cyber criminals.
What Is The Best Ransomware Protection?
The best ransomware protection is having a solid backup and recovery system. Utilizing the 3-2-1 backup system involving at least one off-site and insulated backup, most businesses can mitigate the costs of a ransomware attack. It also reduces the likelihood that priceless data will be lost in the event of an attack. It is all too common for many businesses both large and small to neglect having a solid backup and recovery strategy in place.
Additionally, having adequate security as well as ensuring all systems and software are up to date are critical in terms of preventing attacks. The question of how to avoid ransomware in the first place is also raised quite often, and the answer lies heavily in ensuring that employees have a basic understanding of how to spot suspicious files, emails, and other protocol.
If you are in the southern California area and want a consultation on ensuring that your business is protected from ransomware, contact AMA Networks today for a free assessment.