Ransomware – The Biggest Cybersecurity Threat to Business
Ransomware is a form of cyberattack whereby files and systems are encrypted by malicious software, locking victims out of their own data. Typically, hackers demand a ransom to unlock the affected system, and they threaten to publish stolen data for all to see on the internet. As a result, Ransomware has become one of the most dangerous threats to businesses today, and Lindy Cameron, head of the UK’s National Cyber Security Centre, has described it as “the biggest cybersecurity threat to business”.
When first launched, ransomware targeted individual PC users, but the arrival of Bitcoin and more advanced cryptography saw it evolve into a fully-fledged money-making machine. It also became more sophisticated and capable of encrypting more than just documents, and in recent years, it has evolved to target entire networks, even those that are behind a firewall.
Once ransomware has gained access to a network, it begins to encrypt the original files, replacing them with encrypted versions and deleting backups and shadow copies. It then displays a screen to the victim announcing all files are encrypted and the ransom amount, with a deadline for payment. If no payment is received, the ransom increases.
Businesses are a favorite target because they contain large databases of personal and confidential information that can be sold on the dark web, as well as complex computer systems with plenty of vulnerabilities. Attacks against them are incredibly effective, halting productivity and causing significant revenue damage, and cybercriminals know that businesses will often pay out to avoid negative publicity or to minimise disruption to their customers. This has led to some high profile attacks, including the Colonial Pipeline attack that briefly skyrocketed US gas prices, and the JBS meatpacker and Steamship Authority attacks that halted ferry services in Massachusetts.