As technology becomes more and more advanced, so does the complexity of keeping your data safe from hackers who want to exploit you for money. I am sure you’ve heard the term, “ransomware” a lot in the news lately. It’s constantly being discussed in the media and appears to be an imminent threat on:
- Infrastructure
- Nation states
- Medical organizations
And the most alarming:
- Public utilities
So, what is ransomware? What does it look like and how does it work? Unfortunately, it is not going away, so grab a cup of coffee and let’s go down the rabbit hole together.
Where Ransomware Started & Where It’s Going
In 1989, the first ever ransomware virus was created by a Harvard-trained evolutionary biologist named Joseph Popp. In 2013, Ransomware made it to the big leagues and has since evolved into a billion-dollar, black market industry thanks to cryptocurrencies such as Bitcoin, which is the most common type of crypto chosen by hackers. Fast forward to 2021. Colonial Pipeline Co., the largest fuel pipeline in the U.S, was hacked. This breach led to shortages across the East Coast - all due to a single compromised password found on the dark web. The attackers gained access to the companies’ entire network using simple VPN connection, and could remotely manage, change, and encrypt anything. The data was held ransom with a $5 million dollar price tag.
51%
One of every two businesses has been impacted by ransomware. The average cost of these incidents is $732,520 when the ransom is unpaid, and $1,448,458 when the ransom is paid. Yes, you read that right. The cost is much higher when a ransom is paid, as this figure takes into account the ransom fees on top of the company’s downtime. For example, Colonial Pipeline Co. paid the $5M, yet were still down for days until the encryption was released by the hackers. Imagine the daily operating costs of an oil refinery to operate; I’ll give you a hint: it’s well above 6-figures.
What Ransomware Looks Like
Oops! Someone in your company clicked on a link in a phishing email, inadvertently installing ransomware on the device. Once that happens, the software will “phone home” to its C&C (Command & Control) server. This usually looks something like, “Hello! I have landed on a device, here is its name, the IP (public and private), where it resides, and here are the username and password of the account I have gained access to.” All this crucial information is packaged with a pretty bow on top - to the hands of the wrong people.
Two Types of Ransomware
1
2
It Doesn’t Take a Genuis
The days of simple anti-virus protection for our computers and servers are far behind us. Now it is a tactical game of data protection and intrusion prevention. In today’s landscape, a malicious person with minimal technical skills and about $1,000 can spin up their own RaaS (Ransomware-as-a-Service). Within a couple of minutes browsing the dark web, they can start targeting users through email phishing campaigns and text messaging - most of which is completely automated with the RaaS subscription. All in all, it doesn’t take much for a mildly tech-savvy person to build an entire operation exploiting you for money. Pretty much any teenager could do it…in a lazy Saturday afternoon.
What’s Next?
This is the first in a series we have planned about ransomware and security. Up next, we’ll talk about how to better protect yourself from becoming a victim of Ransomware.
Sources:
https://www.extrahop.com/company/blog/2020/ransomware-explanation-and-preventionhttps://securityintelligence.com/ransomware-101-what-is-ransomware-and-how-can-you-protect-your-business
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
