What Is Ransomware?
Ransomware is a malware attack that is uploaded to your computer by clicking an infected email or visiting infected sites on your computer. Once infected with the hostage virus, a computer cannot be used until the infection is scrubbed or the “ransom” is paid. Files are encrypted by the virus and cannot be accessed, or, in some cases, a user’s screen is locked on the “ransom” note. All of your data has been locked and the only way to release a file that has been infected with ransomware is to unlock a key to unencrypt the files, usually by paying the ransom.
Ransomware is a disturbing and frightening malware that, because of its encryption of all your company’s data, can have implications that last long after the virus has been scrubbed. The disruption to your company’s systems can be devastating. Not only will ransomware block users from accessing important data, it can wipe some data from the system permanently, result in lost income from unplanned downtime, affect emails, disrupt billing cycles, and more. It can take days, weeks or even months to clean up the mess after a ransomware attack.
Because it’s expected that companies and businesses have security in place that will stop these types of cybercrimes, once the public hears that a company has been infected with a ransomware its confidence in that business will plummet.
Ransomware: Not a New Threat
With all the recent focus on cyberattacks, you might think cybercrime is a relatively new trend. The reality is a bit more sobering: while cybercriminals continue to evolve and up the game, cybercrime has been around for decades.
The first known ransomware attack hit the healthcare industry in 1989 when Joseph Popp, PhD, sent over 20000 infected floppy discs to 90 countries across the globe. The malware wasn’t immediately apparent; the infected computers had to be turned on 90 times before the ransomware message was displayed. Payment of $189 was demanded to release the networks, along with a demand for an additional $378 for a “software lease.” The payment was to be mailed to “PC Cyborg” in Panama.
Joseph Popp was an AIDS researcher who targeted other Aids researchers with his attack. He cleverly hid the virus in discs titled “AIDS Information: Introductory Diskettes” and handed them out to the attendees of the World Health Organization’s AIDS Conference.
This ransomware attack became known as the AIDS Trojan, or the PC Cyborg virus. It was a very basic virus and, while it affected many networks, the files were easily decrypted without paying the ransom.
Over time, ransomware has evolved. Many notable ransomware attacks have targeted big, established companies, banks, healthcare organizations and even governments from the mid 2000’s to the present day.
In 2013, the devastating ransomware Cryptolocker earned its creators over $3 million. It was stopped when its running platform, Gameover ZeuS botnet, was taken offline. That might have been the end of the story, but other creators quickly replicated the ransomware in copycat programs such as Cryptowall (which earned its creators $18 million) and TorrentLocker. Gameover ZueS re-emerged to continue the spread of malware and spam.
In 2017, the WannaCry ransomware attack hit over 200k computers across the globe, costing companies billions of dollars. This cryptoworm targeted Microsoft users who continued to use outdated software and Windows versions that had passed End of Life. Even though the attack lasted only a few days, the damage was devastating. It was revealed that North Korea was behind this ransomware attack. The Wannacry cryptoworm made a brief reappearance in 2018 at Taiwan’s Semiconductor Manufacturing Company. It spread through over 10,000 computers before finally being stopped.
Baltimore City Maryland found its government crippled for months following a ransomware attack known as RobbinHood in 2019. Financial information, billing, some payroll services and much more were affected. Some of the data was lost forever. Then, in 2020, another ransomware attack focused on the Baltimore County School System’s remote learning platforms. Both Baltimore City and Baltimore County had been warned about gaps in cybersecurity prior to the attacks, but failed to act.
No matter the size or vertical, all businesses are at risk for a ransomware attack.
Ransomware Trends: Ever Evolving
Learn everything you need to know about ransomware here.
In 2017, U.S. Deputy Attorney General Rod Rosenstein revealed that every day, over 100,000 endpoints are impacted by ransomware.
There are several different types of ransomware, but the most common are:
- Scareware: This is usually a pop-up form of ransomware. It warns the user that their computer is infected and suggests running a PC scan immediately. Once the user clicks the button to run the “scan,” the virus is introduced into the device and networks.
- Doxware: Doxware hijacks sensitive data, with the actors threatening to release it publicly unless payment is made.
- Mobile Devices: A user’s mobile device is locked down, usually by downloading a malicious app, and payment must be made to release the functionality of the device.
- Lockers: When your network is infected by a locker, all users are locked out of the ability to access their devices.
- Crypto Malware: Crypto malware affects your files and data, encrypting it and offering a decryption key in exchange for payment.
Do you want to learn more about malware? Check out our in-depth Ultimate Malware guide and learn more about the threats to your network.
Iconic IT Can Help Protect You From Ransomware
No one expects their network to become infected from ransomware, so it’s possible your cybersecurity strategy isn’t up to the task of blocking it. Your business deserves the best protections, fueled by artificial intelligence and backed by a dedicated team known as a Security Operations Center. Find out how our cutting-edge cybersecurity platform, Iconic Fortify, will protect you from all threats, including ransomware. Contact us for a free, no obligation consultation and put Iconic IT in your corner.
Not ready to chat? Check your cybersecurity strategies on your own with our free Do-It-Yourself Cybersecurity Audit Checklist and see where you stand.