Ransomware is a form of malware that encrypts files on a device that compromises a system. Malicious actors rely on it for extorting money from individuals or organizations.
Typically, hackers first deny access of files to users by encrypting the data. They hold it hostage until they are paid a ransom. In exchange, they provide the user the decryption code to restore their access. The ransom is usually asked in cryptocurrency because it is difficult to trace.
In 2020, 304 million ransomware attacks occurred worldwide; however, many are not reported so the number is likely higher. For instance, CNA, one of the largest insurance companies in the United States, reportedly paid $40 million in March this year in response to a ransomware attack and to regain control of its network.
This issue has become of increasing importance. The United States Department of Justice has reportedly elevated some ransomware investigations to a similar priority level as terrorism. This was done in the wake of the Colonial Pipeline hack in June that disrupted gas supply for thousands.
The consequences of a ransomware attack are:
- Disruption or total cessation of normal operations
- Financial losses: restoration of systems and files, legal costs, regulatory fines, lost productivity
- Harm to an organization’s reputation and/or stock price
- Temporary or permanent loss of sensitive data or intellectual property
- Danger to health or life in emergency services and healthcare sectors
- National security threat
A backup of the data and files is an option; however, malicious actors often threaten to release the information if the ransom is not paid. So, even if an organization believes it can restore the data, they want to avoid exposing sensitive information about employees or customers and are pressured to pay. Since there is still no guarantee that files will be recovered or destroyed, the Federal Bureau of Investigation does not encourage ransom payments.
Security Best Practices
- Never click on links in emails or text messages.
- Always open a browser and type the website address instead of clicking on a link.
- If you frequently visit a website, bookmark it or add it to favorites.
- Be suspicious of all unsolicited emails and text messages.
- Carefully check app names, website addresses, and email addresses. Be aware that they are sometimes slightly modified to look legitimate and often redirect people to malicious websites.
- Keep software, browsers, and anti-virus applications updated.
- Apply security vulnerability patches.
- Delete unused apps.