What is Ransomware
Learn the basics of ransomware and why it’s a growing threat that must become an urgent priority for all businesses in the digital age.
Table of Content
Ransomware is a type of digital extortion that essentially follows the template for kidnapping – with critical data standing in for a human victim.
Attackers blackmail their targets into paying a ransom – threatening to release the data if they fail to pay before the deadline. This means, organizations are put in a tough position – facing the threat of reputational damage, fines, or litigation if they refuse to play along.
Advances in technology not only support the citizen data scientist and the citizen developer, but the citizen cybercriminal, too. Which means, ransomware is a growing threat.
In this article, we’ll break down the basics of ransomware and explain why it’s a growing threat that must become an urgent priority for all businesses in the digital age.
Ransomware is a type of malware that infects a device, encrypting its files and making them inaccessible. Cybercriminals then demand a ransom for the decryption key, often threatening to leak or sell stolen data if payment isn’t made within a specified timeframe.
Ransomware itself is code that when inserted into a system encrypts the files on the system/server. It’s important to understand that this isn’t “basic” encryption, it’s far more sophisticated. This encryption blocks the user/administrator/owner from accessing the files. Without the encryption key, the data will never be accessible.
Typically, the malware uses a custom or specialized form of encryption, which makes it a lot harder to crack the code. And it’s this particular quality that makes ransomware such a threat.
If the code followed a more predictable pattern, you’d presumably be able to hire an expert to decode your files for a lot less than the cost of paying the ransom. Unfortunately, it would take far too long to crack the code — if it happens at all — and you’d miss the deadline.
Crypto. The most common type of ransomware, crypto (as in encryption, not crypto currency) attacks encrypt files, rendering them inaccessible without a decryption key.
Locker. Locker attacks lock users out of their system, preventing them from accessing files. Here, users will be presented with a lock screen that displays the ransom demand, often with a countdown clock to give users a sense of urgency.
Scareware. Scareware attacks use false claims – think pop-ups that claim there’s a virus or some other problem with your device and direct you to a second location where you can solve the problem. Some scareware attacks lock you out of your device, others hit you with a ton of pop-up spam, without causing serious damage.
RaaS. Ransomware-as-a-service (RaaS) allows malware developers to monetize their creations using a subscription-based billing model (get it, like SaaS) or by requiring customers to register an account to access the ransomware. This means that bad actors don’t need to have tech skills to launch the infections — they simply give developers a cut of the proceeds. The developers themselves face few risks, as the customers are the ones launching the attacks and making the threats.
Doxware/leakware. These types of attacks threaten to leak personal information or IP to the public, prompting victims to pay the ransom to prevent sensitive data from falling into the wrong hands.
First of all, ransomware doesn’t necessarily need a specific target to spread across the web. However, the real money comes from human-operated ransomware, where hackers deploy hands-on attacks targeting victims based on potential impact.
In some cases, attackers seek out organizations that are more likely to have small security teams or a distributed user base, making it easier to penetrate their cyber-defenses. Think — government agencies, universities, and small businesses.
According to a 2021 World Economic Forum report, government and education are at the greatest risk of experiencing a malware attack – this is likely due to the fact that public sector institutions have fewer resources for fending off cyber attacks than their private sector counterparts.
Another report estimates that 82% of ransomware attacks target SMBs (orgs with fewer than 1,000 employees).
But it’s not just these groups that are vulnerable. Here are a few key things bad actors look for in a target:
Keep in mind, these are just some general factors cybercriminals might use to pick their next target. All organizations, public or private, SMB or enterprise, regardless of industry can be the target of a ransomware attack.
Another factor is motive. Ransomware attacks are typically financially motivated, but sometimes it’s about politics or beliefs — aka “hacktivism.”
In some cases, it’s about social justice, whereas others are acts of terror or war. As an example, Microsoft has detected instances of malware targeting Ukrainian organizations.
Organizations that fall victim to ransomware attacks can lose thousands of dollars (possibly more, depending on the target) by paying the initial ransom.
Some businesses can afford the financial hit. And in certain cases, cyber insurance claims can help businesses recoup some of their losses. In others, law enforcement is able to recover at least some of the ransom.
But, even in those best case scenarios, ransomware attacks can have a negative impact on the business long-term. We’re talking: reputational damage, diminished revenue, and the loss of customers, talent, and strategic partners. In some cases, the business is forced to shut down altogether.
Typically, ransomware is designed to infect a device and spread throughout the entire network – encrypting file servers, databases, and connected devices and apps – quickly shutting down an organization’s operations. So, there, you’re potentially taking a serious hit to productivity and potential earnings that can impact the bottom line for months, even years to come.
In some cases, ransomware attacks can lead to legal or regulatory actions — serious fines, class action lawsuits, etc. that can easily bankrupt a company.
And then, there’s the issue of trust and public perception. If customers feel that they can’t trust you to keep their data safe, they’ll take their business somewhere else. This loss of trust was a big deal for retailers like Target and TJ Maxx, but imagine a data breach on that scale if you’re, say, a wealth management firm or a healthcare provider.
Ransomware represents a serious threat to individual users and businesses alike. Just as the rapid pace of change is driving digital transformation and reshaping customer expectations and market conditions — it’s also exacerbating the frequency and severity of ransomware attacks.
Orgs need to be aware of this threat and take proper action in order to arm themselves — or else they could be dealing with serious damage — to the bottom line, of course, but also to physical infrastructure and even human lives.
Microsoft offers several security solutions that help companies get ahead of ransomware and other cyberthreats — from AI threat detection and identity management to security solutions that span all devices and workloads.
As a certified Microsoft partner, Velosio helps clients evaluate their security environment, identify risks, and implement the right protections.
Talk to us about how Velosio can help you realize business value faster with end-to-end solutions and cloud services.
"*" indicates required fields