The news has been filled this year with reports of ransomware attacks against companies and government agencies, including even law enforcement. Ransomware refers to a type of malware that encrypts or otherwise restricts access to a machine or device. As part of the attack, the attacker will demand that the victim pay a ransom in order to receive the encryption key or otherwise recover access to the compromised machine.
The reality is that ransomware attacks have been proliferating against all types of companies and organizations. Ransomware is a profitable business for underground circles, and we expect to see continued targeting. Because these attacks may be isolated to a single machine, they frequently do not impact a company’s business continuity or result in a noticeable service disruption. In response to an infection, companies may be able to obtain the technical assistance needed to defeat the attack. Free online resources exist that will identify which ransomware infected your system and provide victims with known decryption keys. In other cases, companies may determine that the data loss is not significant and/or that backups exist, allowing them to rebuild the computer by reformatting the hard drive and reinstalling a clean operating system, applications and data. In other cases though, companies pay the ransom.
Ransomware attackers frequently use many of the same tools and tactics, such as spear phishing, as do other hackers. Unlike many hackers, however, ransomware attackers are not focused on stealing data that can be sold or used for illicit purposes (e.g., credit card information and trade secrets). Instead, ransomware is about economic extortion. The attackers prevent a company from being able to access its own system or data, and they make a demand. Usually, they want money, but that could change. Imagine a hacker who holds data and systems hostage in return for the company’s releasing a public statement, making a divestiture or a arranging for a senior executive’s departure? The distinction between routine malware and ransomware is important to manage the scope of the threat. While some companies may not maintain data that is of value to cyber thieves (although that is becoming less and less the case, as evidenced by the proliferation of W-2 tax information phishing attacks), every company is a potential target of a ransomware attack. Continue Reading 5 Questions to Help Prepare for a Ransomware Attack