“Ransomware” is a class of malware that hackers use to infiltrate a victim’s computer or other online device, encrypts its files, and demands the rightful owner pay a ransom, usually in bitcoin or another cryptocurrency, to unlock them. The malware can also be configured to delete backup files uploaded to cloud storage and even destroy a computer’s master boot record.
Victims have the unsavory choice of either paying the ransom or rebuilding whatever systems were targeted. Most victims wind up paying the ransom in order to recover their data, but doing so could result in a hefty fine if the payment is made to any person or company subject to US sanctions.
In 2019, documented ransomware attacks increased 41% compared to 2018. However, it seems likely this is just the tip of the iceberg for future ransomware attacks.
A case in point involves Swedish security giant Gunnebo Group. The company provides physical security to a variety of high-profile clients, including banks, airports, and nuclear power plants. In August, Gunnebo announced that it had repelled a ransomware attack. But it has now emerged that the hackers who attacked Gunnebo stole tens of thousands of confidential documents, including blueprints of client bank vaults and surveillance systems. What’s more, cybersecurity researchers have uncovered a financial transaction between a hacker and a criminal group specializing in deploying ransomware that was involved in breaching access to Gunnebo’s internal network.
One of Gunnebo’s primary lines of businesses is hospital security. The company provides entrance security and electronic security for secure storage of narcotics and other sensitive medications. It also offers automated delivery systems to help in medication dispensing. And while it could be a coincidence, the Cybersecurity & Infrastructure Security Agency announced October 28 that hundreds of hospitals nationwide face the risk of "credible and imminent" ransomware attacks.
There’s also a trend toward more elaborate extortion schemes involving ransomware. For instance, after paying the ransom to unlock your data, you may then receive a message still threatening to sell or even auction it your files unless you make additional payments.
The most common way hackers spread ransomware is by embedding an executable file within a poisoned email and then “phishing” with a purchased target list of email addresses. Alternatively, they may seek out insecure networks to penetrate or serve up fake software updates.
COVID-19 has accelerated ransomware attacks. When the pandemic exploded nine months ago, many companies ordered their employees to work from home. But the vast majority of home-based networks aren’t hardened against cyberattacks. And most home-based workers don’t know how to counter them. With millions of people unfamiliar with online security protocols working on poorly secured home networks, COVID-19 lockdowns created a uniquely appealing environment for cyberattacks of all types – ransomware in particular.
The same precautions to protect yourself from viruses and other malware also apply to ransomware. Most importantly, don’t open email messages or click on links from senders you don’t recognize or trust. Also beware of impersonation scams – emails that appear to come from a trusted source.
Also, keep your antivirus software up-to-date and check to ensure it has built-in protections against ransomware. There’s a list of software that qualifies on that score at this link.
Finally, never respond to emails suggesting software running on your system needs to be updated. Almost any legitimate update will announce itself within the program to be updated, not in an email.
If, despite these precautions, your business falls prey to ransomware, once you pay the ransom, you’ll be able to recover at least some of your data over 95% of the time. The bad news, of course, is that once you pay, you’ll be forever marked as an easy target – and potentially face civil and criminal penalties.