Nowadays ransomware criminals often provide call centre support to victims to walk them through the steps for paying ransoms. This extra touch of service is just one indication of how prevalent and routinised this form of a malware attack is becoming. Even Europol warns that ransomware is now eclipsing all other forms of online theft in numbers.
It works first by running a program on the victim’s computer – usually downloaded through a phishing scam. The program encrypts the computer’s files and essentially holds the data hostage. To get the files unlocked, victims must fork over a ransom paid out in the untraceable digital currency called bitcoin. Current threats employ an RSA-2048 bit encryption key so there’s no way to get around the encryption through brute force. If the victim hasn’t backed up their data anywhere else prior to the attack, they often face the difficult choice of handing over the money or losing their data for good.
Ransomware’s popularity is increasing
Criminals target both individuals and companies and Sophos estimates the lucrative business will cost over $1 billion (£800 million, €921 million) this year alone. Large-scale and recurring attacks regularly make the news. For instance, the Telegraph reports at least 28 NHS trusts in the UK have fallen victim to ransomware in the last 12 months.
There are as many clever ways the ransomware virus can get into people’s computers as there are variants of the program. The most common way is by downloading an email attachment. But they can also hide on compromised websites or inside fake ads containing malware.
There’s even a burgeoning ransomware-as-a-service industry where hackers teach the next generation of shady entrepreneurs how to do it for a small fee. Or those who don’t want to front the fee can take the simpler route of downloading source code for free. And once a victim’s files are compromised, victims shell out an average of $500 (£400, €460) in bitcoin currency to get their files back.
Protect yourself from attack
Just a few key steps can save companies from becoming the next victim. Here are some of those best practices:
- Regularly back up data – Keep the information offsite and off the company’s network.
- Test recovery periodically – Because there’s no point in backing up the data if you can’t retrieve it again.
- Educate your employees – One of the most common ways ransomware gets on a computer is through spear-phishing where users open emails from senders outside the company and execute the attachment. Microsoft Word documents containing a macro are especially popular. Teach employees to be cautious when downloading attachments or clicking links inside emails from unknown senders.
- Scan and filter incoming email – IT can set up content scanning and filtering on your company’s mail servers to protect against known threats.
- Patch computer systems often – Patch commonly exploited third-party software such as Java, Flash, and Adobe.
- Only grant employees access to systems and networks they need – This will mitigate the severity of an attack should ransomware successfully install on one person’s computer.
Meanwhile, the industry of ransomware will continue to adapt and evolve. The world is now seeing attacks from a multitude of different strains leveraging varying techniques and there’s no end in sight. Avoid the risk and the headache. Tighten up security and backup that data.