ransomware

Ransomware attacks normally start with something as inconspicuous as an email.

Hackers often try to impersonate a trustworthy source, so the recipient may think the email is coming from a company or person they know. Just by clicking a link or opening an attachment, the recipient may be exposing your organization to malicious software.

In the case of the St. Louis Public Library, malware was installed a different way in 2016: through a network break-in. It didn’t take long before the hackers were demanding $35,000 to relinquish control of more than 700 computers. The library was able to restore IT security because of frequent backups, but some organizations aren’t so prepared.*¹

How Much Do Ransomware Attacks Cost?

Ransomware demands in the United States may exceed $1.3 billion in the United States in 2020 alone, according to a report based on hundreds of thousands of incidents. This cost only accounts for the ransom demands themselves, and businesses may lose much more because of prolonged downtimes. Once factoring in the cost of being down for 16 days, companies in the United States alone may lose over $9.2 billion because of ransomware throughout 2020.*²

The average ransom demand as of Q4 2019 was $84,116*³, but some organizations have been hit several times harder. Three different government organizations in Florida got attacked within three weeks in 2019, and at least two of the three ended up paying $500,000 or more each.*⁴ Hackers don’t just go after big organizations, either. In recent years, some cybercriminals have realized it’s easier to go after small or medium businesses that don’t have good defenses.

Once an organization is subjected to a ransomware attack, they’re between a rock and a hard place. Refuse to pay up, and you might be looking at weeks of downtime, lost data, and other disasters that can cripple operations. When a business does pay up, they’re essentially adding malicious hackers to their payroll. Worse still, organizations that pay ransomware demands are identified as known buyers, which may inspire more attacks in the future.

How to Prevent Ransomware

Instead of choosing the lesser of two evils during an attack, take a proactive approach against ransomware. Each of the following steps can dramatically reduce IT risk for an organization:

1 – Back up Your Data

Some businesses pay ransomware demands because they simply can’t afford to lose their data. Cloud-based backup is a critical part of any disaster recovery plan. This is why the St. Louis library was able to recover so well from their attack.

2 – Keep Remote Access Secure

Employees are at higher risk when traveling, working from home, or using public internet. Secure remote access is a must-have now that everyone works on the go.

3 – Outsource Cybersecurity to a Reliable IT Company

Cyber criminals are always finding new ways to cause chaos, steal data, and extort businesses. As hackers get more sophisticated, it’s a full time job to stay a step ahead of them. If you don’t have the payroll to build a team of security experts, find an IT security partner to protect your business.

IT Security Service in St. Louis

Here at ThrottleNet, we like to think of ourselves as the opposite of the hackers we oppose. Instead of giving you two bad choices like ransomware does, we want you to have lots of options. That’s why we offer free consultations, allowing you to gather more information before you make a decision. Contact us today to get started, and we’ll get to work protecting your business.

*¹source: https://www.digitaltrends.com/computing/library-doesnt-pay-ransom/

*²source: https://blog.emsisoft.com/en/35583/report-the-cost-of-ransomware-in-2020-a-country-by-country-analysis/

*³source: https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate

*⁴source: https://www.itgovernance.co.uk/blog/the-5-biggest-ransomware-pay-outs-of-all-time

Ransomware is a major problem for companies big and small. Resources need to be implemented to prevent ransomware attacks or to recover data. The best defense is a good offense, as the saying goes. The best offensive strategy is to know your enemy. The following information about the types of ransomware will help you in the event of a cyber attack.

What is Ransomware?

Ransomware silently encrypts the user’s data on their computer. After encryption, a message appears demanding an account of money before the victim is given back access to their data. The victim usually only has a certain window of time to give the cybercriminal the money. If the deadline has passed, the ransom could increase.

Some types of ransomware have the ability to search for other computers on the same network to infect. Others infect their hosts with more malware, which could lead to stealing login credentials. This is especially dangerous for sensitive information, such as the login information for banking accounts.

Types of Ransomware

Locker ransomware and crypto ransomware are two main types of ransomware. Locker ransomware locks the victim out of their computer. Once it prevents access, it prompts the victim to pay money to unlock their device.

Crypto ransomware prevents the user from accessing their files, usually through encryption. Meanwhile, the user interface can be accessed. Then the cybercriminal demands payment to decrypt the data.

Ransomware Examples

WannaCry is a ransomware attack that occurred in 2017 and spread throughout 150 countries. It was designed to manipulate a Windows vulnerability and, in May 2017, had infected over 100,000 computers. The attack affected many UK hospital trusts, costing the NHS about £92 million. Users were locked out and a ransom in the form of Bitcoin was demanded. The attack exposed the problematic use of outdated systems. The cyberattack caused worldwide financial losses of about $4 billion.

Ryuk is a ransomware attack that spread in the middle of 2018. It disabled the Windows System Restore option on PC computers. Without a backup, it was impossible to restore the files that were encrypted. It also encrypted network drives. Many of the organizations targeted were in the United States. The demanded ransons were paid, and the estimated loss is at $640,000.

KeRanger is thought to be the first ransomware attack to successfully infect Mac computers, which operate on OS X. KeRanger was put into an installer of an open source BitTorrent client, also known as Transmission. When users downloaded the infected installer, their devices became infected with the ransomware. It sits idle for three days and then encrypts roughly 300 different types of files. Next, it downloads a file that includes a ransom, demanding one Bitcoin and providing instructions on how to pay the ransom. After the ransom is paid, the victim’s files are decrypted.

How Ransomware Spreads

As ransomware becomes increasingly complex, the methods used to spread it also becomes more sophisticated. Examples include:

Pay-per-install: This targets devices that have already been compromised and could easily be infected by ransomware.
Drive-by downloads: This ransomware is installed with a victim unknowingly visits a compromised website.
Links in emails or social media messages: This method is the most common. Malicious links are sent in emails or online messages for victims to click on.

Using a Ransomware Decryptor

If you are the victim of a ransomware attack, do not pay the ransom. Even if you were to, the cybercriminals could still keep your data encrypted. Data could be restored if it was backed up to an external drive or the cloud. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for these types of circumstances.

Avoid Becoming the Next Victim to Fall to Ransomware

Contact us today for IT security and safety tips. ThrottleNet will perform a risk analysis without cost or obligation. Click here to schedule for your risk analysis and read more information about ransomware.

Here’s an IT security fact that might surprise you: in 2019, the overall number of malware infections dropped 20% according to Comparitech. Microsoft explains some possible explanations for the overall decrease in malware encounters in 2018 and 2019 could be because of increased security improvements. These important security upgrades are making malware campaigns not as effective when targeting certain operating systems.

As much as we love good news, this data is actually a bit deceiving. Even though the number of malware infections last year decreased, the infections we did have were more disruptive, more complex, and more profitable for the cybercriminals behind the attacks. Malware as we know it is continuing to evolve. It’s latest most dangerous form is ransomware. Ransomware is a type of cryptoviral malware that threatens to publish the victim’s data or block access to it until a ransom is paid.

Ransomware attacks designed to randomly infect home users are now no longer the target. Instead, the targeted ransomware campaigns are increasingly going after businesses, government agencies and local municipalities. It’s not just large enterprises at risk – small and mid-sized companies are often seen as easy targets. Here are some top ransomware trends to watch out for in 2020.

Ransomware Trends for 2020

Ransomware will continue to grow each year -

Although overall consumer ransomware decreased in 2019, the overall ransomware infection rates are continuing to grow steadily, where cybercriminals are targeting larger organizations. Unfortunately, ransomware will continue to grow in cybercrime since it is cheap, effective, and quick when getting ransoms from victims.

Consumer infection rates are declining -

Overall, consumer infection rates are dwindling; however, small and medium-sized companies are still some of the biggest ransomware targets. Ransomware is all about the encryption of important files and data, and then selling it back to its owner. But, the average consumer’s files and data are not as valuable when compared to a larger business. A larger business means a more disposable cash flow, which is exactly what the cybercriminals are looking for.

Microsoft Windows will still be the most targeted system -

According to multiple service providers, 99% of them said Microsoft Windows operating systems are most frequently targeted by ransomware attacks; however, this does not necessarily mean that OS X and Android are in the clear, as ransomware attacks can infect any operating system.

The amount of ransomware victims in the United States will decrease -

Between 2018 and 2019, the U.S. accounted for approximately 53% of all ransomware attacks. Americans will still become ransomware attack victims in 2020, but cybercriminals are shifting more of their focus on other countries.

Mobile devices will become a greater target -

The amount of mobile users is continuing to rise, so it only makes sense that the business data that is stored within them is also increasing. Mobile devices are seen to be the primary ransomware victim device in 2020.

Attacker innovation will shift to the cloud -

Cybercriminals are shifting their focus when it comes to ransomware attacks. With a greater diversity of systems, there will be ransomware focused more on the platforms like the cloud for broader leverage of digital changes.

Businesses need to have a recovery plan for possible ransomware attacks. In fact, according to a survey, 50% of those surveyed professionals don’t believe their company is prepared to act if faced with a ransomware attack.

To keep your business’s devices and accounts protected from ransomware attacks, knowing what the latest trends for 2020 are key. For more tips on preventing ransomware attacks, or for general IT service questions, contact ThrottleNet today!

CONTACT THROTTLENET