What's That Term?: Ransomware
The IT industry is technical and complicated, but it doesn’t have to be impossible to understand. In conversations with our clients and end users, we try to break down IT lingo into easy to understand terminology. Our What’s That Term? Series offers definitions for some of the most common words and terms in today's technology vocabulary.
Ransomware. It’s a term that likely conjures images of a rich socialite being kidnapped and held in exchange for a large sum of money.
And in a way, that’s what ransomware is. Except the person being held isn’t actually a person - it’s data. And the “kidnappers”? Well, they’re an elusive hacking group that demands cryptocurrency in order to get your kidnapped data back.
What is it?
Ransomware is an ever-evolving form of malware designed to hold a victim’s data for ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
There are two types of ransomware that are most commonly used:
1. Locker ransomware
This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window containing the ransom demand in order to make the payment. Apart from that, the computer is inoperable.
2. Crypto ransomware
The aim of crypto ransomware is to encrypt your important data, such as documents, pictures and videos, but not to interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom demand: "If you don't pay the ransom by the deadline, all your files will be deleted." Consequently, many victims pay the ransom simply to get their files back.
Why You’ve Heard It
The real-world consequences of a successful malware attack were clearly highlighted in May this year with the closure of one of the US' largest pipelines due to ransomware. On Friday, May 7, 2021 Colonial Pipeline said that a cyberattack forced the company to proactively close down operations and freeze IT systems after becoming the victim of a cyberattack.
This attack made national news headlines for days afterwards, as vast areas of the United States faced fuel supply shortages that caused gas prices to skyrocket, gasoline stockpiling to occur, and flight delays or cancellations for many major US airlines.
Our Advice
Ransomware attacks are on the rise, and lately it seems like bigger and more important organizations are being victimized. But it’s not just big companies that get hit. Tens of thousands of small American businesses have been targeted by ransomware criminals over the last several years.... And it doesn’t look like things will be getting better any time soon.
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the targets of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
Maintain up-to-date antivirus software, and scan all software downloaded from the internet prior to executing.
Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine.
Individuals or organizations are discouraged from paying the ransom, as this does not guarantee files will be released. However, the FBI has advised that if Cryptolocker, Cryptowall or other sophisticated forms of ransomware are involved, the victim may not be able to get their data back without paying a ransom.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.