The Ransomware Primer

Ransomware is the scourge of modern computing. Everything we do is online these days and any disruption or data compromise can have deleterious consequences from the business affected on down to consumers. Here is a primer to understanding ransomware, how it works, and how to protect yourself from this dangerous malware.

Ransomware At A Glance

If you’ve been paying any attention to the news or what’s happening in the world lately, you’ve undoubtedly come across the phrase ransomware. Ransomware is an insidious threat that can happen to anyone, anytime, for pretty much any reason. When you see these reports, you may wonder what is ransomware and how does it occur? The short answer is a type of malware that sneaks onto a system and begins encrypting the files. It is a prevalent threat, especially in recent years. At present, there seems to be no end in sight for when ransomware attacks will start slowing down. They keep getting bolder, more frequent, and more varied in their approaches. 

Who’s Affected Most

Well it is true that just about anybody can fall victim to a ransomware attack, businesses and high-value targets tend to bear the brunt of ransomware attacks and their fallout. Statistically, the heaviest hit sectors have been education, banking, utilities, and retail industries. Energy is another one that’s taken a few hits recently—just like what happened to the Colonial pipeline in 2021. Ransomware can really strike anyone, any time, for any reason at all. A poorly constructed password, successful phishing attempt, or some other form of intrusion can eventually lead to catastrophe for any business targeted by a ransomware attack.

How It Works

The way ransomware works is shockingly simple. The malware somehow accesses your device. Once it’s on your devices or network, ransomware infiltrates and encrypts your files. When files are encrypted, the only way to decrypt them is with a special key held by the attacker. The attacker demands a ransom, usually in the form of a bank transfer or cryptocurrency, and says they will release the key when they are paid. Unfortunately, paying the ransom does not always guarantee one receives the decryption key. Often, an attacker will just take the money and run. This makes ransomware not only a financially burdensome thing, but it can also cause a lot of operational problems or data compromise throughout an organization. 

Types of Ransomware

Ransomware is a pretty aggressive and multifaceted form of malware. Some ransomware uses symmetric encryption while others use asymmetric encryption methods. There is also ransomware out in the world today that takes a hybrid approach. Ransomware constantly evolves, changing to suit its targets. Symmetric encryption is where hackers use one key for both the encryption and decryption. Asymmetrical encryption actually involves a public key for the data encryption and a private key for decryption. It can happen on either the client side of the attack or the server side. Some of the more insidious types of ransomware that you may be familiar with are RYUK, Crypto locker, Bad Rabbit, Tesla crypt, and Torrent Locker. One of the worst right now is RYUK, which is presently adversely affecting the healthcare industry. 

How To Protect Yourself

Guarding yourself against ransomware attacks is becoming more difficult and challenging as time progresses. Unfortunately, recovering from a ransomware attack is nigh impossible, so taking proactive steps to prevent an attack is critical. Some good best practices for preventing a malware infection are to reinforce your password standards, maintain a keen eye on your cyber security practices, and regularly back up your data. Backups can be integral at protecting data loss to a ransomware attack. It isn’t a foolproof method, however, but it can definitely help. Other common sense approaches lay in keeping your antivirus software updated regularly, scanning files from malicious components, and always being wary of phishing attempts. Above all, the FBI recommends not paying the ransom, because there’s no guarantee the attackers will actually release the decryption key. This happens regularly, leading to useless data, interrupted operations, and unhappy clients across the board.