We may have read about kidnappers targeting wealthy or influential victims and demanding a hefty ransom from their families. While such incidents aren't a daily occurrence, the impact to the victims and their families are tremendous. I personally know someone who was held hostage by militia at gunpoint and his recount of his episode is always exciting to the hearers but he also says that his life flashed before him during the 48hrs or so that he was held hostage. So it's a scary experience I'm sure, but kudos to him, he has used this episode to galvanise himself and to focus on the important things in life and paying it forward to many people.
In today's highly connected world, there lurks another kind of danger, and while no actual guns or knives are involved, the impact may be just as severe. This danger is Ransomware, and unlike kidnappings, ransomware attacks are a lot more common and the victims are not just the wealthy or influential folks. ANYONE can be hit with Ransomware! And this is a real and present danger.
What is Ransomware
???
Ransomware is a type of malware that steals a victim?s critical information and encrypts important data. The attackers would demand a ransom from the victim in return for a decryption key to restore their data, but failure to do so would result in the victim?s data being published online.
The common methods ransomware infiltrate systems are through phishing. I shared an article on this here. This can come in links or attachments disguised as trustable sources and sent to the victim?s email. Once the victim is deceived into downloading the attachment, the malware will then activate and often spread across the network, targeting databases and files while trying to gain access to administrator accounts.
A ransomware attack typically encrypts the contents of files and databases, such that these files will no longer be assessible unless you have a decryption key. This is when a ransom message appears to request you to transfer a certain amount of money or cryptocurrency to obtain the decryption key.
Just like with a kidnapper's demand of ransom, paying a ransom does not automatically mean that you will get what was promised. Sometimes, even after paying a ransom, the kidnapped victim still ends up dead and the kidnappers escape with the crime and the money. Similarly, paying a ransom to recover from a ransomware attack may not guarantee you will get your decryption key.
Impact of Ransomware
How bad of an impact can ransomware bring to a company? On May 7, 2021, Colonial Pipeline, one of the largest oil pipelines in the U.S., ceased its operations and had to shut down its entire network due to a ransomware cyber attack. They are in charge of carrying 2.5 million barrels a day from Houston, Texas to New York Harbor, which is 45% of the East Coast?s supply of diesel, gasoline, and jet fuel.
Colonial Pipeline?s System Map
The perpetrator behind this attack has been identified as the cybercriminal gang known as DarkSide. DarkSide claims that it only attacks those who can afford to pay.
?Before any attack, we carefully analyze your accountancy and determine how much you can pay based on your net income,? the press release reads.
DarkSide Website
The attackers penetrated Colonial Pipeline?s network and took captive close to 100GB of data. They locked the computers with ransomware and demanded payment. This incident shows the risk and impact that ransomware can present to critical national industrial infrastructure and businesses.
In a dark sense, DarkSide is a more honorable cyber attacker in that they only target the big boys. However, not all attackers are professionals. There are unscrupulous ones and for smaller businesses, ransomware attacks have been known to shut down a business as the business owner may find it too inhibitive to pay the ransom.
How to prevent Ransomware
Here are some measures you can take to reduce the likelihood of being affected by ransomware:
Source: https://www.bitdefender.com/consumer/support/answer/24260/
Focus Digitech has been helping our customers ensure that they are protected against ransomware, including Zero Day exploits, leveraging tools such as BitDefender for end point protection as well as helping our customers with a robust backup and restore strategy such that there is a safe and reliable way to recover from ransomware attacks.
Please visit our site for more details: https://focusdigitech.com/cybersecurity
Summary
It is important to not underestimate the risk of being infected by ransomware. It is essential for everyone to always be alert and be vigilant against such attacks.
While implementing defensive technology solutions is very important, It is also often not so much the technology layer that is most vulnerable. More often, it is the human that is the weakest link and social engineering attacks target employees as we humans are often the weakest link. Nonetheless, we can strengthen one another by being aware of how such attacks occur. I hope I have been able to add value to you today, and if this article has been beneficial to you, please share with your co workers and friends so that we can all be more protected!