- September 6, 2021
- | 171
Ransomware is a type of malware used by cybercriminals to lock and encrypt victims’ systems and data. The attackers then demand money from the victims, i.e. ransom, in order to decrypt the systems. For this reason, this malware is called ransomware, which comes from the English word “ransom”.
Ransomware has been around since 1989 when the “AIDS trojan” was used to blackmail victims and demand money. In 1996, researchers at Columbia University presented another ransomware at a conference that demonstrated the progress, power, and development of modern cryptographic tools.
Since then, cybercriminals have greatly evolved their methods and knowledge and created ransomware that can cause great harm to victims, while at the same time allowing criminals to make money while maintaining their anonymity. This type of attack exploits vulnerabilities in systems, networks and software as well as human errors.
The target device can be a computer, printer, smartphone, wearable, POS or another device, but the ransomware can spread throughout the network.
Ransomware attacks have become very common in recent years. Large companies in the United States and Europe have become victims to such attacks.
For example, the City of Tulsa, Oklahoma City, was recently attacked by ransomware that forced it to shut down its systems to prevent further spread of malware. Tulsa is the second largest city in Oklahoma, with a population of about 400,000. Cybercriminals targeted Tulsa and deployed ransomware on its network. The American city shut down its systems, shutting down all online services.
As a result, other activities were affected, such as residents’ access to online billing systems and other email services. In addition, the official sites of the City of Tulsa, Tulsa City Council, Tulsa Police and Tulsa 311 websites were down for maintenance.
The ransom demanded by hackers can range from a few thousand to hundreds of thousands of dollars, and in most cases hackers demand it in the form of cryptocurrency. Many security experts and government agencies, including the FBI, advise users not to pay criminals.
What are the stages of a typical ransomware attack?
Ransomware attacks on companies usually start with a phishing email, which contains a malicious attachment or link. The unsuspecting user opens the attachment or clicks on the malicious URL. Somehow the ransomware agent is installed, which starts scanning the system to find important files.
The ransomware then begins to encrypt the files on the victim’s computer. In many cases, the malware steals the data before it can encrypt it.
After encryption, ransomware displays a message on the infected device. The message explains what happened and gives other important information, such as the ransom amount, payment deadline and payment method.
If the ransom is paid, the hackers will send a decryption key.
However, users should keep in mind that ransomware is not only installed through phishing emails and malicious attachments.
Users could infect their systems by clicking on malicious links on social media, such as Facebook and Twitter, entering malicious ads, downloading unreliable programs and applications, accessing unsafe sites, etc.
Apart from all the above, ransomware gangs can exploit vulnerabilities in uninformed systems to develop their malware.
As for the targets of ransomware attacks, as we said above, can be both ordinary users and businesses. Where hackers target will depend on many factors.
Others try to target organizations that believe they do not have many levels of protection. Others target organizations that they believe are more likely to pay the ransom. These include healthcare organizations as well as government agencies that have critical information in their possession.
Electronic Money Institutions (EMIs) are not easy targets to ransomware attackers. This is because as one of their major responsibilities is to handle huge volumes of money safely, they are also obligated to take extreme security measures when it comes to their customers’ monetary security. EMIs are obliged by Financial Regulatory Bodies to provide their processes and data security guarantees before any EMI license is approved.
eCREDO’s Customer Support Team would never call you and ask you to authenticate your account’s sensitive information, i.e., IBAN number, Pre-paid card’s number, passwords, PIN number, username, etc., without sending you a notification email first, informing that in case of any necessary specific account changes, the team will contact you. Definitely, you have the possibility to pre-arrange your phone call with a Customer Support Member, at your convenience.
Protective measures against ransomware:
- Use of reliable and advanced antivirus software.
- Back up, especially for master files.
- Regularly update systems, applications and antivirus programs.
- Train your employees to identify suspicious emails.
- Use filters to automatically block suspicious emails.
- Use of firewall and VPN.
- Network segmentation.
The above security practices can to some extent protect users and businesses from various cyber-attacks.
However, in the event of a ransomware attack, do not pay the ransom and contact the competent authorities. The attackers are not people you can trust.
Even if the ransom is paid, it is not certain that criminals will not leak the stolen data or give the victim the decryption key.
Ransomware attacks are very popular because they offer large sums of money to criminals. If the victims stop paying the ransom, then we can only hope to reduce these attacks!