What Is A Ransomware Attack?
Ransomware is a kind of malicious software that gets access to user data and blocks user access to that data. It can block access to all files, or even entire devices are disabled. Entire data is encrypted and users can only access the data encrypted by the program if they pay a ransom for a decryption key.
- There is an increase of 33% in mobile ransomware from last year. (Symantec)
- Ransomware was already up 118% in the first quarter of 2019. (McAfee)
- A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Cyber Security Ventures)
- 5 million new phishing sites are created every month. (Webroot.com)
- Ransomware attacks have increased by over 97 percent in the past two years. (Phishme)
- 34% of businesses hit with malware took a week or more to regain access to their data. (Kaspersky)
This is a very lucrative chance for cybercriminals. Also, there is no surety that the victim will get access to their data completely even if they pay the ransom. In addition to that, if victims pay via credit card then the criminals might exploit the card details and commit further theft and fraud.
Lately, there is an alarming increase in the number of ransomware infections on mobile devices. As compared to last year, the United States was the worst affected by mobile ransomware with 63% of infections. The complexity of ransomware is also getting advanced in its complexity unlike older ransomware families such as DoubleLocker.
How Ransomware Attacks Work
The malicious program needs to get access to the data that it will later hold ransom. This access is gained via infection or attack vectors. In other words, an attack or infection vector is the means by which ransomware gets access. However, there are various ways that can be used to corrupt and subsequently ransom the systems.
Examples of vector types include:
Email attachments: Ransomware can be distributed by disguising malware and sending it as an “urgent” email attachment which can compel systems to open it. This is a deceptive technique to gain access to files and/or systems. If it happens, try getting malware removal tech support.
Messages: Ransomware assailants can send messages to victims on social media. Facebook Messenger is one of the most prominent channels used in this tactic. Once opened, ransomware can get access to and block networks connected to the infected device.
Pop-ups: Online “pop-ups” is another older but common ransomware vector. Pop-ups are made to imitate currently-used software due to which users feel more comfortable following prompts that ultimately cause damage to the user.
Most Significant Ransomware Attacks of All Time:
New families and attack campaigns are designed by the ransomware assailants over the years. Such attacks were at peak in number and frequency in 2017 but then lowered with cryptocurrency miners’ rise. However as per Malwarebytes, there is a 195% increase in ransomware detections involving business targets between Q4 2018 and Q1 2019.
Here are some of the most notorious attacks.
Hollywood Presbyterian Medical Center: In February 2016, Hollywood Presbyterian Medical Center noticed apprehensive activity in its IT system as a result of which it was suspended temporarily. Many departments of the southern California medical center were shut down and the patients were shifted to institutions for treatment. Later it was revealed by the hospital that its systems were affected with ransomware.
San Francisco MTA: 2,000 computers of San Francisco’s transport system were targeted by ransomware attackers in 2016. Windows workstations, servers and ticketing machines were directly affected by this incident. A strain of HDDCrypter had hit the transport agency and wanted a ransom of 100 bitcoins ($70,000).
WannaCry Outbreak: The hospitals that belonged to the United Kingdom’s National Health Service (NHS), internet service provider Telefonica and other high-profile targets around the world were struck with “WanaCrypt0r 2.0” on 12 May 2017. In ransom, WannaCry wanted $300 in bitcoin from over 300,000 organizations worldwide.
Ways To Avoid:
Here are some of the effective ways to protect yourself from ransomware:
1. Install antivirus software: Install a reputable and latest antivirus package that provides protection from different types of malware such as ransomware, spyware, spam, and phishing attacks. You can also get antivirus tech support online.
2. Avoid suspicious emails and links: Never open suspicious email attachments or links. Most ransomware is distributed via phishing emails, therefore be careful even if the sender is known to you.
3. Backup your data: Make regular offline backups. Since some variants of ransomware can delete backup copies on your computer and network drives, save your files on an external drive or in the cloud. This will ensure you don’t lose any files if you are targeted by a ransomware attack.
4. Update your software: Keep all your software updated.
5. Don’t use torrents: Pirated content and software can include malware.
Both end-users and companies can take some precautionary steps to significantly reduce the risk of falling victim to ransomware. Pay attention to symptoms of computer virus. Educating yourself is the ultimate defense against ransomware. One of the strongest defenses against ransomware is to back up every important file and system. Test backup files to ensure that the backed up data is complete and not corrupted. Learn about the best options for automated data backups, software updates and the tactics of ransomware distribution like phishing attacks, drive-by downloads, and spoofed websites.