Menu

Ransomware

What is Ransomware?

Ransomware is a type of malicious software (malware) used by digital adversaries to commit criminal extortion against individual or enterprise targets.

When a ransomware program is executed on a targeted device, the victim’s files are encrypted and become impossible to access until the victim pays a ransom demanded by the attacker.

How Does Ransomware Work?

A ransomware attack has three essential steps: infecting the victim’s device, encrypting the victim’s data, and extorting the victim for money in exchange for returning access to the data.

  • Infection - Infecting the targeted machine with ransomware is the first step to launching a successful attack. Digital adversaries can attempt ransomware attacks using a variety of attack vectors. A common strategy for digital adversaries is to target organizations with phishing emails containing malicious attachments or links to malicious domains that download ransomware onto the target’s device. 
  • Encryption - Once an unsuspecting victim downloads the ransomware to their machine, the malicious program will start encrypting the victim’s files. Ransomware programs can be designed to selectively target files for encryption, such that system stability is maintained while blocking users from accessing or recovering valued data. 

Extortion. After the victim’s files are encrypted, the digital adversary will communicate with the victim to demand a ransom in exchange for returning access to the files. These ransoms can range from a few hundred dollars for individual victims to millions of dollars for enterprise targets. Digital adversaries often demand ransom payments in cryptocurrency to prevent authorities from tracing the transaction and protect their identities.

3 Ransomware Examples You Should Know

  • CryptoLocker - A ransomware attack that lasted approximately 9 months between September 2013 and May 2014. CryptoLocker was spread via infected email attachments and would encrypt certain types of files on the victim’s network before demanding a ransom in bitcoin and threatening to permanently delete the encryption key after an arbitrary deadline.
  • WannaCry - A worldwide ransomware attack that took place in May 2017. WannaCry exploited a vulnerability in the Microsoft Windows OS to encrypt the victim’s data and ransom it back to them in exchange for Bitcoin. The attack affected more than 300,000 computers around the world in the 8 hours it was active before a kill switch was discovered and registered.
  • Ryuk - A type of ransomware used by criminal groups, most likely originating in Russia, to target large public organizations running Windows cybersystems. Ryuk has been used to successfully target government and public school IT systems in the United States. The ransomware encrypts data on target machines, then demands the victim play a bitcoin ransom in exchange for decryption.

The Business Impact of Ransomware Attacks

  • Operational Downtime - Ransomware attacks can take mission-critical IT systems offline, resulting in operational downtime that costs businesses thousands of dollars or more every hour. In the worst cases, a business might have to cease operations for days or weeks while it attempts to recover data.
  • Financial Losses - Victims of ransomware are often forced to pay the ransom when the cost of operational downtime or data recovery is too great. This direct financial loss can cost a business millions of dollars. In 2020, US travel services company CWT Global paid $4.4 million in bitcoin for cybercriminals to release their data following a ransomware attack.
  • Reputational Damage - Falling victim to a ransomware attack can negatively impact an organization’s reputation, especially if the attack is widely reported in the media.
  • Regulatory Penalties - If sensitive customer data is stolen or disclosed in a ransomware attack, regulatory authorities may impose fines and penalties against the business. 

Are Ransomware Attacks a Growing Trend?

Ransomware attacks are a growing trend and among the leading cyber threats against enterprise organizations today.

The IDC’s 2021 ransomware study estimated that 37% of enterprise organizations were targeted by ransomware attacks in 2021. In the same year, the FBI received 3,729 ransomware complaints, with complainants reporting adjusted losses in excess of $49.2 million. 

Verizon’s 2022 Data Breach Investigations Report found that ransomware attacks had increased 13% over the past year, more than the previous five years combined.

How to Prevent Ransomware Attacks

Start with Cybersecurity Awareness

Preventing ransomware attacks against your organization begins with a basic level of cybersecurity awareness for employees in all departments. Employees should be directed and trained to:

  • Never share passwords or allow anyone else to login to secure systems using their access credentials,
  • Verify the sender before communicating any sensitive information via email,
  • Verify the sender before opening any email attachment or clicking any link present in an email,
  • Never open links or attachments from unfamiliar senders, and
  • Never to insert an unfamiliar USB hard drive into a work machine.

Keep Programs and Operating Systems Updated

Ransomware programs often take advantage of software vulnerabilities in operating systems and other software applications to propagate and infect host machines. These vulnerabilities are regularly identified and patched by the developers, but you’ll only benefit from the fix by downloading and installing a software update containing the latest patch. 

Keeping your OS and applications up-to-date protects your organization against ransomware programs targeting known software vulnerabilities that have already been addressed by developers.

Implement Anti-Phishing Software

Social engineering techniques are used in 98% of cyber attacks, and phishing is one of the most common social engineering techniques when it comes to infecting target organizations with ransomware.

Anti-phishing software like ZeroFox uses AI-powered technology to comprehensively detect and disrupt phishing attacks across platforms, including phishing websites and malicious links spread through email and social media. Our approach to external cybersecurity empowers targeted organizations to identify and disrupt phishing infrastructure before it can be used to deliver a ransomware payload.

Protect Against Ransomware Attacks with ZeroFox

ZeroFox provides digital risk protection, threat intelligence, and adversary disruption to protect our customers against targeted ransomware and data extortion cyber attacks. 

Download our free 2023 Threat Intelligence Forecast for additional insight into the threats of ransomware, digital extortion, and adaptive social engineering techniques.