Ransomware: The first step is to understand it
|Jan 22, 2018
What is ransomware?
Ransomware is, in the simplest terms, a piece of malicious software designed to extort a ransom from the people whose computers it infects. Typically, this is done by encrypting files on a computer and demanding a ransom be paid to unlock them. Once the victim makes payment to the criminals, the data that they encrypted is again made available.
Why am I hearing about it now?
Ransomware has been around since the 1980s. It is only recently, however, that it is hitting mainstream news. The reason for this is because of a few large-scale attacks, such as WannaCry (read about WannaCry here), which infected upward of 300,000 computers in 150 countries in a matter of days. This was quickly followed by Petya, which affected computers in Ukraine particularly hard, including the radiation-monitoring system at Chernobyl. The recent news of vulnerabilities being discovered in Intel chips only adds to the list of vulnerabilities.
Where does ransomware come from?
Ransomware typically comes from either individuals or groups working together to infect others’ machines for their own gain. Potentially, even countries themselves can be a source of ransomware, as WannaCry has been attributed to the North Korean government.
Ransomware can infect your computer in a number of ways: a bad download, a spam email, or even another computer on your network that is already infected.
“Where it comes from,” however, is not as important as “what it does.” There will always be bad people in the world looking to take advantage of others; in that sense Ransomware is nothing new. People are now just looking to steal digitally.
Why is ransomware something I need to be concerned about?
Ransomware is targeted at companies and individuals.
For individuals who are unprotected at home, the thought of having your music collection of 5,000 songs that took eight years to build, or having all of your family photos you’ve taken over the past 12 years go missing sounds bad, and is something that many people have encountered.
A company, however, can lose all of its data in one day, including employee records, customer information, and payment details. This can be crippling. If an employee quits, you can hire someone new. When a machine breaks, you can fix it or buy a new one. But if you lose all of your data, you can’t go down to the data store and buy some more.
Typically targeting small and medium-sized businesses, ransomware can be disastrous if you’re not ready for it. Once infected with ransomware, your options are to pay the criminals and hope they will unlock your data, or to not pay and lose the data.
What is the future of ransomware?
Ransomware is here for the foreseeable future. It has been around for decades and is showing no signs of slowing down. WannaCry made big headlines owing to how fast it spread, the number of people it affected, and the news that the attackers received over $100,000 in ransom money. WannaCry is just one of many attacks – most ransomware attacks are much smaller and don’t get the same media coverage.
No one can accurately predict when the next attack may come, how it will spread, or even how big it will be. One thing that is certain: ransomware is happening more as it proves to be profitable for the people launching the attacks.
What can I do about ransomware?
Prevention is very important when it comes to ransomware or any other virus. Fortunately, keeping you and your company safe from ransomware is not an overly difficult thing to do – if you know how and have the resources.
If you are like most small- and medium-sized businesses, you may not have the in-house knowledge or resources to adequately protect yourself from these threats, which is exactly why so many small- and medium-sized businesses get targeted.
My next blog in this series will come out in two weeks, and go into detail about some of the steps you can take to ensure that your environment is safe from a ransomware attack, including how to reduce the likelihood of being targeted and the chances of an attack being successful.
Questions
You can contact us at sales@365tech.ca or call 204-488-3655 with any questions you have regarding IT support or ransomware.