Ransomware and Ransomware-As-A-Service
Ransomware has hit businesses of all sizes, threatening to publish stolen data for everyone to see until a ransom is paid. Whether they use it to steal files, cripple networks or hold healthcare information hostage, attackers are exploiting security weak spots and forcing organizations to pay tens of millions of dollars.
Once ransomware gains access to a system, it starts by encrypting files and replacing them with versions that cannot be decrypted without the key. Some variants will also delete backup and shadow copies of files, making recovery difficult. After the encryption process, victims are presented with a message that demands payment to decrypt the files or recover data. Threat actors typically require payment in cryptocurrency, such as Bitcoin.
Many ransomware attacks begin with phishing emails, in which the malware is hidden inside an attachment that victims believe should be trusted. Other more aggressive attacks, like NotPetya, use flaws in a computer’s software to gain unauthorized access without needing to trick users.
Cybercriminals love ransomware, because it can make them a lot of money. The demands for ransom have skyrocketed to tens of millions of dollars, and attackers are working hard to perfect their craft. They are targeting organisations of all kinds, from large companies to government agencies and hospitals.
They are experimenting with new encryption algorithms, delivery methods and even tactics to entangle organisations and force them to pay. They are using ransomware-as-a-service models, which allow non-technical criminals to purchase and launch malware attacks in exchange for a percentage of the money that is given back to the ransomware authors.