What is Ransomware?
The first thing to remember is that ransomware is a type of malware preventing victims from gaining access to their own data until the victim pays. Previously, payments were sent via mail, but cybercriminals now request payment digitally via credit or cryptocurrency.
A key difference between ransomware and other types of malware is money. Specifically, the cybercriminal has a financial incentive. For example, certain botnets may simply aim to harvest some device power and others aim at stealing sensitive data.
How Did This All Start?
First,In the late 1980s, the first attack known as PC Cyborg came demanding $189 by mail, but the encryption used with this attack was fairly simple and easy to reverse. Afterward, over the next 10 years, more serious ransomware threats began to appear, such as GpCode and WinLock. But what started as a relatively harmless virus has now transformed into a billion-dollar industry. Until we all get better about cybersecurity, these attacks will continue.
How Ransomware Works
Firstly, that depends on the type of ransomware. For example, “cryptolocking” malware locks files with strong encryption. Specifically, the criminal holds files hostage and offers to give the encryption key in exchange for payment. Examples of these attacks include “phishing”, spoofed domains, and suspicious links in your email.
Types of Attacks
Scareware
First, Scareware is a malware tactic that scares you into downloading a piece of malware that encrypts data and typically claims to be the FBI noticing bad software on your computer and can remove it. Then there are tech support scams that claim to be Microsoft wanting to fix your computer.
Screen lockers
Second, Screen lockers infect the operating system and lock you out of devices. Then the scammer blocks you from accessing any files.
Encrypting (crypto lockers)
Third and among the most dangerous/prevalent, this is when the malware encrypts your files, folders, and hard drives.
Doxware
Fourth, Doxing is when someone publishes private or identifying information about a person on the internet with malicious intent. Similarly, doxware is when a cybercriminal threatens to publish stolen sensitive data online unless you pay.
RaaS
Fifth, Ransomware-as-a-service (RaaS) is a service that cybercriminals sell the ransomware, allowing non-technical criminals access into the dark web cyber industry.
Ransomware on mobile devices
Finally, Criminals infect the phone and steal data before demanding payment in exchange. An example of this form would be social engineering on social media.
Common Targets
Undoubtedly, the largest target of ransomware attacks is small to medium-sized businesses (SMBs). In other words, they tend to have the least protections in place while needing data faster should it get taken. Larger businesses and enterprise are generally more protected with critical data backed up. Whereas everyday consumers have little to offer cybercriminals.
Common targets for ransomware attacks include windows endpoint systems (employees’ PCs), software-as-a-service applications, data repositories, and databases. While we know solid ways to protect your company against it, consider our Managed Security Services