Blog

Ransomware attacks are on the rise as cybercriminals turn to savvier and tougher-to-prevent techniques of monetizing cyberattacks. For not-for-profit and business organizations that become victims of these attacks, both financial and ethical consequences can be devastating. Let’s put things in perspective; if ransomware lands in a shared location within a network, it can paralyze an entire organization’s operations or lead to a massive data breach.

What’s a ransomware attack?

Ransomware is malware that encrypts the victim’s files and locks them out of their devices or accessing those files. The cybercriminals behind the attack then demand ransom money from the file owner, either an individual, government agency, or an organization, in return for giving access to the data. Failure to pay the ransom risks having your confidential data getting leaked to unauthorized parties or the public.

The early days of CryptoLocker

The early ransom Trojans were simply crude infections whose effect was restricted to locking the victim’s web browser’s homepage or screen. They often manifested as “police” lockers, probably impersonating the local law enforcement agencies. These issues dominated the digital extortion arena until 2013 when a real revolutionary pest popularly known as CryptoLocker made a dramatic entry into the digital world. It changed everything and became one of the notable milestones in ransomware development.

Indeed, CryptoLocker was the first to utilize 2048-bit RSA encryption to make a victim’s files inaccessible. The private-public key pair was closely guarded by the criminals’ Command & Control (C2) server, and the victim would on acquired it paying the demanded ransom. CryptoLocker attacks also pioneered accepting cryptocurrencies like Bitcoin for payments, though it allowed for other channels like prepaid Ukash, CashU cards, MoneyPak, and Paysafecard.

The famous CryptoLocker disappeared from the cyber threat landscape in June 2014, thanks to the well-coordinated Operation Tovar involving police forces of different countries. The initiative crippled the Gameover ZeuS botnet, the backbone of the ransomware campaign.

Just the beginning

Unfortunately, the incredible success of the white hats did not mean the end of the ransomware pandemic. New, high-profile ransomware strains began to surface one after another. Their developers kept on honing their offensive codes and the underlying infrastructures to hamper more devastating attacks. For example, they tried their luck hosting their C2 servers and ransom payment sites on Tor anonymity networks. Also, they narrowed down the ransom payment to Bitcoin to hide the money trail.

By the end of 2015, some cybercriminals had already adopted the RaaS model (Ransomware-as-a-Service), where developers get a cut from their accomplices who help distribute the malware. From then on, ransomware and extortion activities have become commonplace web-based businesses, with turnkey contamination tools like exploit kits being at felons’ thumbs!

Ransoms have reached mind-boggling heights.

The complexity of ransomware has grown, and cybercriminals target high-profile individuals and organizations as juicier targets than random internet users. This trend took root in early 2016 and has been making itself felt the most for years. As if the damage associated with sketchy encryption was not enough, cybercriminals are now stealing victim’s data since 2019 November. A widespread malware known as Maze was the first to use this technique.

By acquiring an organization’s data as part of the cyberattack, cybercriminals can pressure their victims into paying the demanded ransom. If the ransom isn’t paid, the data will be dumped on dedicated platforms. This leak can ruin an organization’s reputation and credibility, which is most victims of ransomware attacks succumb to the attacker’s demands.

You have probably heard about the Communications & Power Industries ransomware attack at the beginning of 2020. Sources suggest that the defense contractor had to pay a ransom of approximately $500,000 after the incident. Further, in June 2020, the UCSF (University of California San Francisco) staff detected a ransomware attack that occurred in a limited section of the School of Medicine’s IT infrastructure. The institution ended up paying about $1.14 million to the cybercriminals behind the attack in exchange for a tool that could unlock the encrypted data.

These are just a few instances of 2020 ransomware attacks. PurpleSec estimates show that the total cost of ransomware attacks in 2020 was a whopping $20 billion, a dramatic increase from $11.5 billion (recorded in 2019) and $8 billion (recorded in 2018). The related downtime increased by 200 percent year over year, the resultant cost is approximately 23 times greater than the average ransom demanded in 2019. These numbers point to one undeniable truth: The increasing ransomware means that become savvier about preventing and defending against these attacks is vital for every organization, no matter the industry or size.

How to protect your organization

Under the current circumstances, preventing ransomware attacks has become more critical for organizations than ever before. The financial impact of these attacks could span from payment of the demanded ransom, payment of contractual penalties particularly for late deliveries, losses associated with downtimes, contractual claims arising from loss of confidential data, penalties imposed by regulatory authorities, and more. In the aftermath of a ransomware attack, your organization is likely to incur IT-related costs to restore systems and cyber risk training.

While the increased adoption of tech comes with increased vulnerability to ransomware attacks, lack of human oversight and human error often contribute to the onset of these attacks. The good news is that you can put your organization in the best position to prevent and respond to these attacks by preparing and implementing well-thought-out IT systems and disaster response plans.

Your response plan must be reviewed and updated regularly to ensure it remains robust in the ever-changing ransomware threat landscape. It’s equally important to analyze your IT systems and networks and fortify them against these attacks. It’s better to prevent ransomware attacks than addressing them when they occur.

If you can successfully keep your organization from falling victim to ransomware and other nasty cyberattacks, you will save yourself a lot of money, time, and frustration. Advanced Network Professionals can help you safeguard your valuable data. Indeed, we would love to answer all questions regarding ransomware attacks and how to prevent them.