It is incredibly important for individuals and businesses to know how ransomware proliferates and to ensure they are not vulnerable to such attacks. Ransomware need not be incredibly complex for it to be effective. Generally, a ransomware attack takes hold when a user opens and downloads a file or clicks on a link (both are often sent to the user’s email). Once initiated, the ransomware encrypts the user’s data and files. The encrypted files are no longer accessible to the user and only the party who created the ransomware attack has the decryption key. Ransomware is one part of a host of malware, but as the name suggests, a ransomware attack results in demands for a ransom payment in return for decryption. However, ransomware does not only rely on encryption as some of the recent attacks have blocked access to the system through other measures.
Some Examples of Ransomware Attack
CryptoLocker began in 2013 and each user’s files were encrypted with a symmetric key and a second public asymmetric key. The victims were told that unless they sent the payment, the private key that decrypted the files would be deleted. Efforts made by the Department of Justice resulted in the end of CryptoLocker.
Bad Rabbit was detected in several countries, with most attacks occurring in Eastern European countries. This ransomware also decrypted user files, but its way in to the system was through a fraudulent Adobe Flash update. Once the Flash installer was opened, the files were encrypted. Following encryption, Bad Rabbit required payment by Bitcoin.
Starting in 2012, the ransomware Reveton took hold of computers by blocking users through a display claiming to be from the FBI. Supposedly, the FBI had detected illegal activity and the user had no choice but to pay a fine for committing such illegal acts. Reveton was found in other countries as well, and users were shown messages from their respective country’s law enforcement agency. The user was told that once payment had been received, their computer would become “unlocked.”
To contain the impact of a ransomware attack, organizations must move swiftly to engage a qualified Incident Response company to contain and mitigate the impact of the attack. These types of cybersecurity attacks are highly preventable, and a defense-in-depth strategy that thwarts these attacks is possible with the right security partner.
CDG is that trusted partner. Please contact us.