Ransomware is a specific cyberthreat that’s garnered a lot of attention in the IT and cybersecurity community, and it seems to appear in headlines regularly. But is it really that big of a threat, or is this a kind of hysteria fueled by the media and misunderstandings?
What Is Ransomware?
Let’s start by defining what ransomware is and how it works. Ransomware is a specific type of malware that encrypts the files of a victim, rendering them completely inaccessible. In some cases, this can affect a single device, but in bigger attacks, it can affect an entire network. In some ransomware attacks, the thieves threaten to publish the data they find online, publicly.
In any case, the victim is provided with a set of instructions on how to get access to a decryption key—in other words, the key that can unlock the system. Typically, ransomware attackers demand payment in the form of Bitcoin or a similar cryptocurrency, often hundreds or even thousands of dollars; once paid, you may be able to unlock your files, but you won’t be able to trace the payment.
Major Examples of Ransomware
There have been several examples of large-scale ransomware attacks in the past several years, including:
- Maze. In April 2020, Cognizant was the target of a specific type of ransomware called Maze. The attackers threatened to publish data from across their networks online. We don’t know the full details of how or whether this issue has been resolved, but Cognizant has advised customers of potential delays and other issues related to this attack.
- WannaCry. Back in 2017, WannaCry put ransomware in the spotlight, infecting more than 100,000 computers across healthcare organizations by exploiting an old Microsoft Windows vulnerability.
- Cryptowall. Cryptowall remains one of the most infamous types of ransomware to date because of how prominent it is. It uses AES encryption, and uses Command and Control communications via Tor.
How Ransomware Infects a Computer
Ransomware is dangerous in part because of how easily it can infect a computer or a network. There are several potential avenues of attack, including:
- Phishing. Through phishing, an individual is fooled into providing their login credentials, often with a mocked-up fake version of a trusted website.
- Hardware and software exploits. It’s also possible to infect a computer with ransomware with more of a direct attack; you can exploit a vulnerability at the hardware or software layer to implant the necessary malware.
- Network security issues. Connection and network issues can also render your devices vulnerable; if your network isn’t secure, you can consider it a vulnerability.
- Social engineering. Some ransomware attacks occur as a result of social engineering—in other words, psychological manipulation.
Essentially, ransomware can infect your computer in any way that typical malware can.
How Bad Is It Really?
Some of the descriptions of ransomware in this article and others may seem innocuous. You just pay a few hundred dollars if it happens to you, and you continue along your way, right?
In reality, the effects are far more devastating:
- Total costs. Ransomware costs the United States more than $7.5 billion in 2019. Some ransomware attacks are relatively small, and executed by amateur hackers, but others are far more expensive and devastating. It’s not a threat you can afford to take lightly.
- Ongoing threats. You may get the decryption key after paying the ransom, but at this point, at least one group of hackers knows that your organization is vulnerable. If they choose, they may infect your computers with ransomware again when they need more cash. They may also choose to publish your data online, even after pledging not to. Why would you trust a thief?
- Reputational costs. Don’t underestimate the reputational costs of a ransomware attack. Being the victim of a ransomware attack can compromise the trust of your employees, your customers, and your partners around the world.
Typical Ransomware Targets
Most of the ransomware-related headlines you see relate to large-scale operations; these are Fortune 500 companies and massive organizations who got hit with ransomware costing them millions, or even billions of dollars. But these certainly aren’t the only targets of ransomware attacks. In fact, small- to mid-sized businesses are even more frequent targets, since they typically have smaller, easier-to-penetrate defenses. And of course, individuals can also be targets.
The Bottom Line
The bottom line here is that ransomware is at least as big of a threat as it’s portrayed to be, if not bigger. Just because you haven’t been hit by a ransomware attack yet doesn’t mean you’re safe. Fortunately, most ransomware attacks can be prevented altogether with the right combination of security strategies, including keeping your systems updated and adhering to best security practices at the individual level.
Larry Alton is a professional blogger, writer, and researcher who contributes to a number of reputable online media outlets and news sources. A graduate of Iowa State University, I’m now a full-time freelance writer and business consultant.