Ransomware: How Does It Work and What Do We Need To Know?

Cybersecurity is a top concern for most businesses—reports of cyber attacks and data breaches are commonplace in today’s news headlines. One of the most important threats to pay attention to is ransomware. This is a kind of malicious software that threatens to block you from accessing your own files—or even your entire computer or network—until you pay a specified dollar amount, or “ransom.” Unlike other cybersecurity threats that operate in the background and seek to be undetectable, ransomware is more straightforward and doesn’t even attempt at being stealth. Instead, it focuses on its primary goal: Getting your attention so you pay the financial demand. If this kind of cybersecurity threat concerns you, here’s what else you should know about it.

What Is Ransomware and How Does It Spread?

Ransomware is malware that finds it way into your system, blocks access to your files and data, and demands payment in order to restore your access. Basically, the cybercriminal responsible for infecting your computer has encrypted your files, adding extensions and essentially holding them hostage until you pay the requested fee. As long as you pay by the deadline, you’ll get a decryption key that will put you back in control of your data. If you don’t pay, the files will either remain encrypted and inaccessible to you, or they may even be deleted by the cybercriminal.

If you’re wondering how the ransomware appeared on your computer—and how it might spread—that’s a good question to ask. It is spread through links and downloads that trick people into allowing access to their computer and network system. In many cases, it is sent via an email that appears to come from a legitimate source. Naturally, trusting the source, you click a link within the email or download an attachment—and that link or document contains the malicious ransomware code. You can also get ransomware from a social media message, or even by clicking a link on a compromised website.

Examples of Ransomware Attacks

Even if you haven’t been affected, you’ve likely heard of one of the many attacks in which thousands of people were threatened by cybercriminals via this method. After all, the most famous attacks tend to affect hundreds of thousands of systems at once. For example, in 2017, WannaCry attacked over 200,000 computers throughout the world within just days. This ransomware attack featured a worm aspect that was able to scan for vulnerabilities and allow it into major networks, helping it affect many big organizations.

Another well-known attack was CryptoLocker, which was distributed in 2013, mostly through attachments in spam messages. When individuals downloaded this ransomware to their computers, they saw messages demanding money in exchange for the decryption keys that would open up the files that CryptoLocker had sealed. Between 2013 and 2014, this ransomware infected more than 500,000 computers. CryptoLocker and the variations that spun off from it garnered more than $3 million in paid ransoms.

A ransomware very similar to CryptoLocker was called TeslaCrypt, but the main difference is that it targeted files needed to play video games. The ransomware’s developers knew that their victims would do anything to keep their video game data, including downloaded maps, saved games, player profiles, game modifications, and more. So they encrypted those precious files and demanded bitcoin from the victims. As of 2016, TeslaCrypt accounted for nearly half of ransomware attacks. However, the good news is that also in 2016, the creators of this ransomware made the decryption key public, allowing their victims to get their files back without paying the ransom.

Facts and Figures on Ransomware

It’s important to keep in mind just how much money cybercriminals collect from ransomware. Some statistics from trusted sources like CSO show that in 2017 alone, this type of cybercrime led to about $5 billion in losses—that’s fifteen times more than the total cost of losses in 2015.

So who are the most likely ransomware victims? The healthcare industry has been a target in about 45 percent of cases, likely because healthcare professionals are willing to pay the ransom considering that access to files is often a life or death situation for their patients. The financial services industry is another big target, as 90 percent of companies in this field were attacked by ransomware in 2017.

Experts have estimated that about 4,000 ransomware attacks are sent out every day, with a new attack being initiated about every 40 seconds. So it’s not surprising to learn that about 60 percent of small businesses have been targeted by ransomware. It does appear that this type of attack seems to be going out of style, as the number of victims fell by just under 30 percent between 2017 and 2018. Still, ransomware is a rather common way for cybercriminals to target businesses and individuals alike. If you run a business, it’s important to protect yourself and your company from this type of attack. You can do so by looking into ransomware training for employees, which will provide your team with the education necessary to reduce your company’s odds of falling prey to ransomware.