Ransomware creates a nasty web that can infiltrate nearly any computer, mobile device or network. When ransomware takes hold, the ensuing turmoil can bring even the biggest, wealthiest organization to its knees.
What, besides felonious greed, makes ransomware tick? How is it created? How do cybercriminals spread their malware? And how does it hold its prey hostage?
The evil that coders do
Let’s start with the black hats. Did you know there are people who sell ransomware code?
It’s true. Today, for the price of a fraction of a bitcoin, you can access the dark web, shop around for Ransomware as a Service (RaaS)—yes, that’s a thing—and launch your very own cybercriminal empire.
What’s more, you can do all this without a lick of coding skills.
In fact, RaaS has become quite the cottage industry. So-called black hat coders (the bad guys) offer ransomware to criminal affiliates via a subscription-based model.
These affiliates then use the rented code to execute an attack. Often, they keep as much as 80% of each ransom, paying the rest to their RaaS providers.
The average ransomware payment is rising (courtesy of CoveWare)
How much money are we talking about here? Quite a bit.
These days, the average ransomware payout is $228,125. That’s an increase of more than 8% from earlier this year, according to CoveWare, a ransomware incident-response provider.
Don't open that attachment
How does ransomware spread? By far the most popular and effective way is phishing.
The concept of phishing is worryingly simple. A cybercriminal sends out thousands, even millions, of emails. Each message is constructed to look as official as possible, and each one carries an attached executable file.
If a recipient falls for the ruse, they double-click the attached file and enter a world of hurt.
As soon as the attached file is opened, a virus identifies all proprietary data on the victim’s computer. It then copies these files to an encrypted volume and deletes the originals. That’s when the ransom note appears.
The user is next informed that their data is being held hostage. The only way to retrieve the data is to purchase some bitcoin and transfer it to an anonymous recipient. Or else.
The “or else” part usually involves the permanent deletion of the user’s data and/or its release to the public. Cybercriminals often threaten the latter in cases where the stolen data could cause harm to the user or organization’s reputation.
Phishing chat message (courtesy of F1 Support)
While email is the most popular medium for ransomware, malware is also spread through chat messages, removable USB drives and browser plugins. Be careful!
If you think you’ve heard the worst part, you haven’t. A few thousand lines of code can instruct the malware to search for, and gain access to, any attached networks. You can pretty much guess what happens next.
Imagine a single computer attached to an enterprise data center. Once infected with ransomware, it can infect every other device on the network. That could include other terminals, servers, network attached storage (NAS) and even connected mobile devices.
In turn, each of these infected nodes could then infect any other devices to which it’s attached. The result could be a catastrophic infection, hurting millions of employees, customers and investors.
Your silver bullet: smart users
Technology enables us to do and create truly marvelous things, but it also exposes us to the whims of malfeasance. Have something valuable, and there’s someone out there who would like to steal it.
Your best defense against ransomware? User education.
Sure, myriad anti-malware solutions are available for purchase. But the silver bullet remains a smart, wary user.
Educate your customers about the latest threats, how they work and how to fend them off. That’s your best weapon when fighting cybercriminals and their dangerous code.
Teach your customers when not to click. That will help them stay one step ahead of the black hats.