What is Ransomware?
“Ransomware” originates from two words: ransom and malware. A ransom, of course, is a price paid in exchange for a hostage; malware is a computer program intended to damage or hold hostage the device it infects. From this we can glean what a nasty piece of work ransomware is. The hostage in question is your company’s software-based infrastructure and data. Unfortunately, as with all technology, ransomware has become more advanced—and here’s how.
Nowadays, a typical ransomware attack begins under the radar. Without your knowledge, a cybercriminal will penetrate your network and start to exfiltrate your data, copying it to their own servers. In fact, your data gets used to their advantage, as they threaten to make confidential information public or sell it if you don’t pay up. Take this ransom note, generated by cyber criminals REvil, for example:
Cybercriminals don’t stop after exfiltrating your data, though. Once that’s over, they encrypt your files so that, until you pay, you don’t have access to it. That’s when ransom notes, like the one above, get sent out.
Now that they have your attention, they can initiate an attack that will bring your operations to a halt. Known as a Distributed Denial-of-Service (DDoS) attack, this attack will harness the power of multiple infected computers to disrupt external and, if they can, internal operations within your business. All this setup contributes to the current and most common method used by ransomware: triple extortion. If you don’t pay to have the ransomware removed, then:
- Your confidential data will be publicly released or sold.
- Your files will remain encrypted, meaning most, if not all, your data will become inaccessible.
- The DDoS attack will continue, forcing your operations offline or shutting them down entirely.
Ransomware as a Service (RaaS)
You may have noticed that the ransom note above came from a ransomware service—not an individual, a service. Contemporary ransomware is, by and large, a joint venture. Ransomware as a Service (RaaS) has become popular and lucrative for both the supplier and consumer. They operate using anything from a monthly subscription fee to pure profit sharing. An RaaS user logs into a portal, enters the specifics of the malware they wish to generate, then clicks “submit”—it’s as simple as that.
Users even have access to support, communities, documentation, updates… all of which you would find in a legitimate software service. The market for RaaS is burgeoning, and will make an estimated $20 million in revenue in 2020.
Still feel safe? Certainly, these scammers have bigger fish to fry and wouldn’t target your business, right? The unfortunate truth is that most RaaS users choose their target based on one criterion: vulnerability. If your IP is vulnerable, you are a target. The only good defense against ransomware is prevention. Ensuring that ransomware never roots its way onto your infrastructure is the only surefire way of avoiding damage, as obvious as it seems. Otherwise, purging ransomware is difficult and costly, so frustratingly so that you may just give (and pay) up.
Adam Krouk – Adam@alaristmc.com