Despite being on the decline this year, ransomware is still a big problem for many small businesses and in this article, we will take a look at what ransomware is, how it is spread and how you can protect your business from a ransomware attack.
What is Ransomware?
Ransomware in its simplest form is malicious code that infects your computer system often encrypting your files and denying you access to those files or even your entire computer system. Messages are then shown to the business demanding payment to give access back to you.
Criminals use ransomware to exploit small businesses in the range of a few hundred dollars to a few thousand depending on the size of the business. Criminals who use Ransomware attacks against a business often request to be paid by cryptocurrency to keep their identity private.
How do you get Ransomware and how is it spread?
Typically Ransomware spreads via email and can be included in an attachment or you could be tricked into clicking on a link which then exploits your computer system installing the ransomware without any input from yourself.
The first method of infection is known as phishing and it happens when an email comes from someone who looks like a trusted source such as a friend or an institution. This email will include attachments such as images, text files or PDFs and once clicked on the ransomware attack occurs.
The second method of infection is known as a drive-by download which can be installed on legitimate websites which then redirect you to a malicious website containing exploit code which will infect your system without you having to do anything.
Your system may also become infected with ransomware if you use it to download free apps or programs from non trusted websites. Quite often these “cracked” versions of software can contain malicious code which can infect your system.
Examples of Ransomware
Ransomware is constantly evolving so you should always be cautious of new attacks, with that said here are some of the most common examples of Ransomware.
CryptoLocker ransomware encrypts the user’s files on Windows computers and then displays a ransom note to the user demanding payment. CryptoLocker tricks the user to open an attachment and then spreads throughout the users files and network encrypting anything it can. This whole process can take hours so by the time the user realises there is something wrong their system is infected.
CryptoLocker ransomware uses asymmetric encryption that uses a public and private key to encrypt your data. This encryption is very difficult to crack and can cause a small business alot of trouble.
At the height of CryptoLocker attacks, it was estimated to have made the criminals millions of dollars from its victims.
How to decrypt files locked by CryptoLocker
Unfortunately decrypting files locked by CryptoLocker or its many variants is very difficult. You should instead backup your data on regular intervals and use malware and antivirus software to scan your networks.
CryptoWall ransomware is spread through emails and is attached to look like bills, invoices and purchase orders making it very easy for small businesses to get infected.
CryptoWall is a variant on the CryptoLocker ransomware and in the height of its fame stole over a million dollars from individuals and businesses alike. Typical costs demanded by the cybercriminals were anything from $500 to $10,000.
CTB-Locker ransomware uses elliptic curve cryptography, the tor network and bitcoin payment for exploitation purposes. CTB locker ransomware is near impossible to crack and the only prevention against it was to have backed up your data yesterday.
CTB-locker uses an affiliate system where other users can “promote” and spread this ransomware to get a cut of the profits. A Reddit post back in 2015 said that CTB-locker affiliates would look to target “tier 1” countries such as the UK, USA and Canada to infect their victims.
When the victim’s files have been encrypted the user then gets shown a message that tells them “Your personal files are encrypted by CTB-Locker” and that they have 96 hours to submit a payment before the decryption key gets destroyed.
Locky ransomware is typically spread once again through email with an attached invoice. When the victim clicks on this invoice it then becomes scrambled and the victim is asked to turn on excel macros to unscramble. When this is done the user’s system is infected and a note will appear asking for payment through bitcoin once again.
Maze ransomware follows a similar pattern of infecting the victim’s computer and then asking for payment. What makes the Maze ransomware different is the threat of releasing this encrypted data on the internet if payment isn’t made. These aren’t idle threats either as there have been many instances where ransomware has released confidential data across the internet.
Another affiliate based ransomware which shares its victim’s extorted money with the low-level cybercriminals that promote it. Once again the victim’s files are encrypted and they are then redirected to a website on the dark web where they have to make a payment to decrypt their files.
The GandCrab ransomware is particularly dangerous to small business owners because people with limited technical knowledge were able to set up these attacks and set fees anywhere from $600 to $600,000 to recover your files.
The GandCrab Ransomware owners reported to have made over 2 billion dollars in earnings but many IT Security experts believe this number to be inflated.
On May 31st 2019 the GandCrab creators announced that it was shutting down, where they announced that “all good things come to an end”.
The history of ransomware
You may think that ransomware is a new cyber attack but it’s been around for a long time. One of the first recorded incidents took place in 1989 and was known as the PC Cyborg/AIDS attack.
The AIDS attack was spread via a floppy disk which contained a short survey which would measure the likelihood of an individual catching the biological AIDS virus.
Once the survey was opened the computer virus would then lay dormant until the computer was booted 90 times, and on the 90th time, there would be a message asking for payment for a software lease. This payment of $189 would then need to be sent to an address in Panama and in return, the victims would receive another floppy disk containing the code to unscramble their files.
Thankfully the method of encryption used by the AIDS ransomware was simple enough to reverse for those with technical knowledge but this would lay the foundations to all of the other ransomware software that would come later.
Other notable mentions of ransomware through its history include scareware tactics used by the “Interpol and FBI” scams which would try to scare users into paying anything from $500 to $5000 a time by accusing the victim of taking part in some type of illegal activity. The victim would be locked on a webpage, or have their screen locked with a fake message requesting money from a law enforcement agency.
Of course to the computer savvy, these scareware tactics wouldn’t work but to the average user they would think they were under investigation from law enforcement agencies and this would often make them want to pay to make the problem go away.
In recent years CryptoLocker, WannaCry, Petya and Ryuk ransomware has spread across the globe and has extorted billions from individuals and businesses alike.
Should you pay the ransom?
The official recommendation by the FBI is to not pay the ransom requested by ransomware, doing so could open you up to further attacks in the future as you could be seen as a soft target.
Paying the ransom also encourages these malicious coders to continue the work they are doing and allows them to target others.
Getting hit by ransomware can be costly for your business, it could make you lose vital files and could put any deadlines you may have set in jeopardy, so paying the ransom demands can seem like a viable option but you need to remember you would be dealing with criminals and you cannot trust them.
There’s no guarantee that after payment your files will be decrypted and there’s no guarantee that you won’t be extorted for more money. The safest way of protecting your files against ransomware is to prevent it from happening in the first place.
Preventing ransomware – Tips for small businesses
Anyone can get ransomware, in 2018 there was a case where a Syrian Dad had lost two of his sons in the Syrian Civil War and the only pictures and videos he had left of them were encrypted through the GandCrab ransomware.
Thankfully, in this case, the creators of the GandCrab ransomware released the decryption key for free and added Syria to a list of countries that wouldn’t be targeted.
If you want to protect your business against ransomware here are some of the best ways of doing so.
Backup your files
No one thinks that they are going to fall for a ransomware scam or any other cybersecurity vulnerability until it happens to them. Hopefully, your business never has to go through a ransomware attack (or any other attack for that matter) but if it did, wouldn’t your business be more prepared if you had all of your files backed up regularly?
Don’t open email attachments from people you don’t know
Opening email attachments from people you don’t know is a quick way of infecting your system with all sorts of nasty code. You should even be wary of opening attachments from family, friends and even businesses you deal with regularly.
As you can see by now the majority of ransomware attacks happen through email so installing cybersecurity software on your systems can help block viruses, trojan horses, ransomware, malware and can alert you when you land on a malicious website.
If you need help with your IT security you can contact us for a free consultation.
Educate your staff
There will be people within your organisation which may not know what a phishing scam looks like. They also may not know about the dangers of email attachments and a little education could go a long way with protecting your businesses computer systems.
You should also educate your employees on the importance of using strong passwords as some malware can infect your network and scan the devices connected infecting them one by one by using brute force to guess weak passwords.
Ransomware can cost a business anywhere from a few thousand to millions of dollars so it’s important to show your staff the threat that it poses to your business. You can even show them some of the examples in this post so they know what real-world examples look like.
You can also set out clear instructions on what your employees should do in the event of a potential ransomware trap. Educating your staff about not opening files from people they don’t know to not opening up spreadsheets and running macros could save your business thousands.
As you can see from the history of ransomware it is constantly changing so you should as an organisation do your best to keep up with the latest changes in ransomware and make your staff aware of these changes. Being vigilant and aware of the latest exploits disrupt these hackers and can keep your data secure.
Use cloud services
Your business could purchase cloud services which could mitigate the threat of ransomware as data in the cloud is often backed up at regular intervals and allow you to roll-back to a previous version of your files that aren’t encrypted. Some data could be lost in between backups but at least you wouldn’t have lost all of it and wouldn’t have to consider paying the ransom.
Talk to experts
We understand that ransomware, malware, viruses and worms can be a little technical for many small businesses and these threats are real and can target everyone from an individual to Fortune 500 companies. We also know that your business is not powerless to avoid ransomware and your data is as secure as you make it.
If you do need help with backing up your data, protecting your network or any other IT support services please feel free to contact us for a free consultation.