What is Ransomware and How Does it Affect Your Business?
Ransomware is malware that encrypts data or files and then displays a message demanding a payment for decryption. Attackers typically use phishing emails with malicious attachments to trick unsuspecting victims into opening them. Once the malware is activated, it spreads to connected drives and networks by exploiting known vulnerabilities or by leveraging Remote Desktop Protocol or brute force attacks. Once ransomware is deployed, the attackers will typically demand payment in cryptocurrency to decrypt the data or restore access to it.
While the popularity of ransomware has grown in recent years, it’s not a new phenomenon. The first examples of what we now know as ransomware appeared in 1989. Known as the AIDS Trojan or PC Cyborg, this variant used basic cryptography to count how many times a victim rebooted their system and then encrypted files on the system when the threshold was reached. It required victims to pay $189 or $378 to a Panamanian post office box to receive a key to unlock the files.
As ransomware evolved into a mature business, organized crime groups entered the marketplace. They recruited talent on the dark web and developed better malware to improve their success rate. As a result, the average ransom demand has increased to the high seven-figure range.
Companies can minimize the risk of ransomware and other cyber extortion events by following best practices, including regularly patching software and firmware. Also, establishing a solid backup system with frequent retention of critical data helps to reduce the impact of an attack. Additionally, tabletop exercises can help identify weaknesses in an organization’s incident response process. When a company does experience an attack, it should immediately follow its written incident response plan.