Remember WannaCry, the cyber-terrorist ransomware that brought hospitals, government services, and other businesses to their knees a few short years ago? Last year it seemed like ransomware made technology news every month. Why is ransomware a particularly vicious form of cyberterrorism, and how can you protect yourself?
Ransomware hit individuals and businesses hard in 2017, as companies felt the sting of cyber hacks designed to turn our data against us. It was a pre-coronavirus epidemic, played out in the digital space. According to Kaspersky, it infected 230,000 in 150 countries around the world.
WannaCry is one example of malicious software from the family of ransomware, an application that, when unleashed, encrypts computer data then sends a ransom note to the end-user. The victim’s computer data is locked down until the ransom is paid to the hacker, usually in bitcoin, a form of digital currency.
The attack vector for ransomware is phishing or an email that opens the virus and unleashes havoc on the unsuspecting. The WannaCry virus exploited specific vulnerabilities in Windows-based SMB (server message block) protocols. While Microsoft later released a security patch, the world found out just how behind many server administrators in traditional on-premise architectures are in their efforts to keep data backed up and software current.
This year, ransomware is outpaced in the technology news by the physical presence of the human coronavirus. But behind the headlines, ransomware is sharpening into a less-blunt tool by hackers determined to access your data. What can we expect from ransomware this year? How can business leaders prepare?
Like all digital technologies, ransomware is maturing. Ransomware initially was more of a consumer threat that tricked end users into buying virus software to fix fake problems or to trick people into paying fines. Consumer antivirus software stepped up their efforts to stop these tactics, but ransomware evolved. CSO reports that the year between 2018 and 2019 showed ransomware increasing by 365% in the business world. But because private companies often hide that hackers have foiled their defenses, these numbers could be much higher.
Hackers have learned from their mistakes and are releasing more sophisticated malware this year.
These numbers are concerning on their own, but there are signs that ransomware is growing more sophisticated and, therefore, harder to prevent. Hackers have evolved from a carpet-bombing attack to a more precision-guided targeting of specific businesses and infrastructures, such as state governments, utilities, and even hospitals. A report last year showed:
- Ransomware affected 113 state and local government agencies in the US.
- 764 healthcare providers were affected.
- 89 colleges, universities, and school districts were infected.
Ransomware 2.0 will include not just data encryption but data theft, where hackers threaten to expose business secrets or other corporate data unless a ransom is paid. Ransomware viruses are not only shared through email contact, either; hackers are now compromising websites frequented by visitors and their employees. CSO reports, “The ransomware programs used by the more sophisticated groups are quite mature. Attackers have learned from their past mistakes.”
The good news is that the best defense for ransomware remains a robust backup and data restoration plan in the event of an attack. Off-site backups are critical to prevent attackers from encrypting backup data. Businesses should perform regular penetration tests to patch any holes in their architectures. Adopting two-factor authentication is also important.
One thing is certain—hackers will continue to evolve their tactics, so business leadership must keep their guard up to stay one step ahead of these threats.