Cybercriminals have been developing a very profitable business model through ransomware – malware that restricts access to infected devices, either by locking their screen or encrypting their files, demanding the victim to pay a fee within a specific time frame (usually no more than 2-3 days). Failure to pay the full amount on time can lead to increased ransom or permanent loss of files. Ransomware usually encrypts files until the victim pays, when the ransomware operators (hopefully) decrypt their files.
The market for ransomware has exploded, meaning cybercriminals are making money. There are no official figures on how much money has been paid out by ransomware victims because incidents are often not reported, and when they are, the FBI advises victims to pay the ransom. (That’s gonna follow the FBI around for a while)
The Ransomware Industry
The industry for such software is also becoming highly sophisticated. Learning from the success of the Software as a Service (SaaS) business model, cybercriminals have begun developing Ransomware as a Service (RaaS) in order to increase profits, taking a percentage of each attack successfully executed with their software. This market is heating up so rapidly that a recent report by IBM outlined competition in the malware as a service market.
Why do victims pay?
For some organizations and businesses (such as hospitals), system downtime can be more expensive than the ransom, and the logical choice is to pay. These scenarios set a dangerous precedent for cybercriminals. They have begun to pivot their business strategy and target businesses that can and will pay. It’s important to note that once a victim pays, there is no guarantee that the files will be decrypted, and if they are, it’s difficult to be certain that all ransomware actually removed from their system.
What methods are used to deliver ransomware?
Cybercriminals are constantly expanding their creative horizons and the list of how ransomware is delivered is growing. Here are some methods they use to install this malware on networks and home devices.
- Social Engineering tricks designed to fool users. These can include the Tech Support Scam, where users receive fake warning messages encouraging them to call a toll-free number, while the person on the other end of the phone directs them to download malware and ransomware
- Opening email attachments from unknown sources
- Unsafe links in email and social media
- Link shorteners to target unsuspecting users who can’t see the real site they’re about to enter
- Fake order confirmation emails from sources pretending to be reputable sources such as FedEx or UPS trick users into visiting a site and entering a confirmation number
- Malvertising through corrupted legitimate ad networks
- Leaving USB drives around worked in a simulated hospital attack. All it took was one employee to pick up and plug in the USB and the entire network was compromised
What are your options once you’ve been hit by ransomware?
- Start by researching the ransomware you’re facing. It could be that your unlucky day just got better, as was the case when a user created and shared a decryption key generator for the Petya Ransomware.
- Revert your system to an older version (and pray that you backed up your files recently)
- Call in security professionals (quickly – there’s usually a clock ticking)
- Pay the ransom
8 tools & tips for avoiding ransomware attacks
- Pop-up blockers
- Dangerous link warning systems
- Install and regularly update antivirus
- Backup your data and store it offline in a secure drive
- Practice safe USB hygiene. Don’t know where it’s been? Don’t plug it in.
- Be skeptical. Of every link and offer you see. Only download attachments and click links that you’re absolutely sure are safe.
- Continue educating yourself in online security. Threats will continue evolving and it’s important to keep up with what’s going on.
- If you do get hit, once all malware is removed you should wipe your device and reinstall the operating system. While this is a long and arduous process, you can rest knowing that it will be free from ransomware.