One of the oldest and most common forms of malware, a ransomware cyber attack, involves illegally accessing and encrypting documents on a targeted computer or network and holding the files ransom until the victim pays the cybercriminal’s demands. Ransomware has been used to capture and leverage the data of individuals, companies, and even cities, and has resulted in billions of dollars in ransom payments and recovery costs.
What is a ransomware attack?
Ransomware is a form of malicious software that gains control of private data and then denies the victim access to it or threatens to publicize sensitive information. The attacker then promises a decryption key that will restore access to the data if the victim pays off an untraceable bitcoin ransom. As is true of any extortion case, the criminal may or may not actually fulfill their end of the bargain upon receipt of the ransom, which can range from a few hundred to thousands of dollars.
Ransomware attacks have been going on for three decades, and although the primary goal of exacting a ransom has always remained the same, different variants have been created over the years. The five types of ransomware include crypto malware, lockers, scareware, doxware, and RaaS.
The most prevalent and potentially devastating form of ransomware, crypto malware encrypts the hard drive and demands payment of a ransom before a deadline. A famous global ransomware attack of this variety occurred in 2017, when the Wannacry ransomware targeted thousands of computers around the world and spread itself within corporate networks.
Lockers are known for infecting victim’s operating system to completely lock them out of their computer so they cannot access any files or applications. Scareware, by contrast, is any fake software that poses as an antivirus or a cleaning tool, claiming to have found issues on a computer and requesting payment to fix them.
Doxware, also known as leakware, accesses sensitive files and then threatens to publish the victim’s stolen information online unless the ransom is paid. As more individuals store photos and other personal data on their computers, the fear of doxing causes many victims to panic and pay up.
“Ransomware as a Service,” or RaaS, is a type of malware hosted anonymously by a hacker. These criminals are basically hired by other criminals to handle distribution of the ransomware, collection of payments, and management of decryptors in exchange for a share of the ransom collected.
The impact of ransomware attacks
Though now often accomplished through common phishing techniques, the first instance of ransomware predates email and the internet as we know it.
In 1989, a Harvard-educated evolutionary biologist named Dr. Joseph L. Popp pioneered the prototypical ransomware attack by mailing 20,000 floppy disks disguised as AIDS education software to medical research institutions in 90 different countries. The disks contained a Trojan horse virus that encrypted the victim’s files and prompted them to print out a demand for a $189 “licensing fee” to be sent to a Panamanian address.
Dr. Popp claimed his motive had in fact been to steal money for AIDS research, and a judge eventually found him mentally unfit to stand trial, while his virus itself proved relatively easy to cure. The actual concept of ransomware, however, has in the past 40 years grown into something of an internet plague.
Ransomware has become especially profitable in the 2010s, causing $5 billion in losses in 2017 alone. Though a decline in occurrences the following year has led some to speculate that many cybercriminals are turning to cryptojacking, a similar method of manipulating someone else’s computer to mine cryptocurrency, ransomware remains a very real and prevalent threat, as illustrated by some of the more high-profile recent examples.
One of the first major viruses that opened up the age of ransomware was CryptoLocker, which burst onto the scene in 2013 and affected over 500,000 machines at the height of its powers. CryptoLocker was eventually defeated by a white-hat hacker campaign that brought down the botnet that controlled it, but variants of the file-encryption ransomware went on to harvest $3 million.
The pervasive TeslaCrypt ransomware shook down hardcore gamers by targeting and holding ransom ancillary files associated with their video games, including saved maps and downloadable content. By 2016, TeslaCrypt was responsible for 48% of ransomware attacks, but the malware’s reign of terror ended that year when its creators unexpectedly announced they were finished and revealed the master decryption key.
More serious was the WannaCry attack of 2017, which in a matter of a few days spread to 116 countries and racked up hundreds of thousands of infections, shutting down radio stations in California and hospitals in the Ukraine.
How to prevent ransomware attacks
Since phishing is a popular method of spreading ransomware attacks, individuals should avoid opening emails and email attachments from unfamiliar sources. Backing up important data to an external hard drive and using a cloud service can also create a safe space for your most important files, making you less vulnerable to malicious actors who might seek to capture and hold them ransom.
Companies and other large organizations have much greater risks and responsibilities when it comes to protecting themselves against ransomware attacks. As such, information systems professionals who understand these threats and how to prevent them are in high demand. You can learn more about ransomware attacks through UAB’s online MS MIS, which offers a Cyber Security Management concentration that focuses on cyber attacks and the cutting-edge threat mitigation techniques that are used to protect sensitive information.