Ransomware is set to become bigger than ever in 2018
Ransomware has existed for a long time, but the malicious malware has seen a huge resurgence in recent years. The 2017 WannaCry and Petya/NotPetya attacks that hit businesses around the globe thrust Ransomware into the mainstream media arguably for the first time, while the previous year was dubbed 'the year of Ransomware' thanks to the proliferation of attacks.
This type of malware encrypts files either at a user or system level, rendering them inaccessible. A ransom demand will then appear on the user's screen, demanding payment in return for the decryption key. Some strains of Ransomware are sophisticated enough to overwrite the Master Boot Record (MBR), which can prevent infected devices from booting up; a number of Ransomware viruses in their infancy can be removed with a machine restart and refresh, but that's becoming less likely each day as hackers become more sophisticated.
Because it's mainly high-profile victims of Ransomware that hit the headlines, there's a misconception that only enterprise-level businesses are targeted. However, research has shown that only a quarter of businesses targeted with Ransomware have over 1000 employees; contrary to popular opinion, hackers don't discriminate based on business size.
A prevalent threat, Ransomware hits a business every 40 seconds, and a staggering 6 out of 10 malware payloads in 2017 were Ransomware. What's more, damage from Ransomware amounted to a staggering $5 billion in 2017, 15x higher than $325 million only 2 years previously.
Ransomware is largely distributed via email, with 31% of viruses hosted in web links within emails and 28% in malicious email attachments. Email is still the primary vehicle for Ransomware at 59%, thanks to its combination with clever social engineering tricks that fool users into clicking links or downloading attachments. A particularly prevalent tactic is email spoofing, where the hacker will pose as a colleague in order to convince an unsuspecting employee to download the Ransomware. Hackers will monitor the person they intend to pose as, picking up on their tone of voice and email signature, and often closely replicating their email address so that at a quick glance, it looks identical to the real deal.
But it's not just people that hackers will pose as; quite often victims are fooled into downloading malicious files or clicking on links because the hacker has sent a convincingly fake email posing as Apple, Amazon, or another big and trustworthy business the individual uses. Fake invoices, payment confirmations or overdue bills are particularly effective, as they trick individuals to believe they're losing money, prompting a fight-or-flight response. A particularly omnipresent scam is fake Apple emails, which contain fake purchases that prompt victims to clicking a link in order to refund those purchases. Those customers are then either directed to a phishing website where cyber criminals can harvest their login credentials, or directed to a website hosting Ransomware.
There are a number of ways both businesses and consumers can protect themselves from Ransomware. The first is to be extra vigilant with emails; if you're not sure the person or business emailing you is who they say they are, check with that person directly. A key indicator is a slightly misspelled email address; it's a sure-fire giveaway that a hacker is attempting to replicate the real address.
You can also use a Ransomware-specific anti-virus solution like Sophos Intercept X, which uses machine learning to spot and prevent the encryption of a user's files; if any are encrypted, the solution returns them to their original state. As the WannaCry attack highlighted, patching operating systems is critical to remaining safe from hacks. Not installing updates issued by your vendors like Microsoft is like leaving your front door unlocked - if someone tries to infiltrate your network, they'll succeed.
Finally, in the case of a Ransomware attack, backing up your data means you'll be able to recover from the incident. Some particularly insidious strains of Ransomware like Ranscam destroy user files whilst still demanding money for their decryption; evidence that you should never pay up as you can't trust cyber criminals.
This infographic from IT support provider TSG covers some more key statistics on Ransomware and further advice on how you can keep your business safe.