The Dangerous Evolution of Ransomware
The phrase “ransomware” strikes terror into the figurative hearts of corporate heads and IT professionals. A dark, malevolent cloud seems to hang over every ransomware mention or sighting. Even for the average internet user, ransomware sounds like a black plague of data, and something to avoid at all costs. The fear is valid–ransomware targets unsuspecting computer networks everywhere.
Ransomware attacks have increased over the past two decades, and each attack brings a new level of malicious sophistication. Although perpetrators of ransomware attacks can be individuals, more often the viruses come from organized groups of cybercriminals. While there are some steps we can take to protect ourselves from ransomware, we’re never completely safe from the threat of holding our data and software hostage.
Ransomware may sound like the name of a cheesy, villainous organization in a 1990s, B-crime thriller starring Steven Seagal, but the threat it poses remains very real. Hospitals, city governments, utilities companies, software security programs, and individuals have all experienced ransomware attacks, and the damage inflicted may take weeks or months to repair. Many average internet users may not be aware of the purpose behind these viruses, or how their targeted attacks can potentially impact myriad computers, networks, and software programs. So, what exactly is ransomware? How does ransomware spread such poison? What stands as the worst case of a ransomware attack? And finally, can we protect ourselves or bypass ransomware?
What is ransomware?
Ransomware is the most insidious form of malware. Often installed through opening a suspect email link or clicking on a questionable website, a ransomware program may elude your antivirus and firewall software. It then spreads throughout your computer operating system and locks your files and data. When attacking a computer network, the ransomware can move through undetected downloads or missing security patches and infect a whole system.
On a professional level, ransomware could mean clients’ files and years of accounting records suddenly become inaccessible. On a personal level, family photos, tax returns, and private information can be erased or locked up. Ransomware holds your files hostage, and the implications can be huge.
Legal issues may loom ahead as hundreds of erased files or an enormous amount of leaked data can lead to corporate security breaches and personal embarrassment–if you’re hanging on to that scathing letter you wrote to your ex (but never sent), it may bode well to take this evidence off of your computer.
Once your computer is locked and the ransomware has infiltrated its deepest corners, you’ll probably get a message from your attackers. The attackers will make a ransom request for your information–the amount of money demanded may vary based on the size of the attack’s target and how organized the cybercriminals are. A screen may pop up with a timer or countdown clock and the financial demand. The cyber thieves will give you a time limit on turning over funds, and will typically request untraceable cryptocurrency as payment.
Ransomware perpetrators will:
- Create a sense of urgency around their demands so that victims may have no choice but to hand over the money to unlock their computers.
- Target industries with a widespread societal impact. Even though ransomware may infect individual computers, targets are typically larger corporations within the retail, banking, and utility industries. However, recorded attacks have impacted health care systems, city governments, and software companies as well.
- Often lay out their software battleground via phishing email scams. If you receive a call-to-action through an email, research the sender’s email address and discern whether or not the email is credible before clicking on any link within the email.
- A phishing scam that makes the rounds every year is an email that masquerades as a message from PayPal. The email uses the PayPal logo, but if you look at the email address, it’s often a lengthy one from a .org address. The email oozes urgency and tells the recipient that their PayPal account has been breached and requires immediate action. Unsuspecting individuals and businesses who click on the email’s link or enter any personal information may open themselves up to ransomware and other forms of malware.
- Increase their payment demands the more sophisticated and successful their attacks become.
The 2021 Kayesa Ransomware Attack
Some of the largest ransomware attacks ever occurred in 2021, but the Kayesa attack was by far one of the worst in computer history. Ransomware typically targets breaches in security patches, outdated computer systems (such as Windows 7 or Windows XP), or infects networks through phishing scams. The Kayesa attack marked the first time a large software security platform was hit by ransomware, and the results were disastrous.
Founded in 2000, Kaseya is one of the leading providers of IT security solutions. The company, which has worldwide operations, is based in Florida, and internationally headquartered in Dublin, Ireland. In July 2021, Kaseya was targeted by a well-organized ransomware attack.The attack left over 1,500 corporations at the mercy of cyber criminals as their day-to-day operations were, effectively, left in disarray and came to a screeching halt.
Before the attack, Kaseya was warned by the Dutch Institute for Vulnerability Disclosure of weaknesses and gaps in the security of their software programs. Unfortunately, corrections weren’t made in time to prevent almost 50 MSPs (managed service providers) from a simultaneous hack attack. The Kaseya attack stands as the first to expose flaws in MSPs, and left a wide-open door to similarly exposed vulnerability in otherwise credible software programs.
REvil, The Russian cyber group that claimed responsibility for the attack, also sounds like a silver screen villainous group–perhaps from one of the lesser Bond films. However, their impact had far more dire, real-life consequences than Bond’s various nemeses. REvil demanded $70 million to unlock the files and data of Kaseya’s customers. However, Kaseya (in tandem with the security firm, Mandiant) was able to uncover a universal decryption key to unlock the files, and did not give into REvil’s demands.
Ukrainian citizen, Yaroslav Vasinskyi, was allegedly behind the group, and is purported to have deployed over 2,500 ransomware attacks worldwide. Vasinskyi was arrested in Poland, and faces federal charges from the U.S. Department of Justice. Nonetheless, Vasinskyi’s group proved to hackers everywhere that even the most secure computer systems have weaknesses.
Although ransomware attacks such as the Wannacry attack of 2017 globally impacted millions of computers, the Kaseya attack was unique in that the very software used by corporations for security left a pathway for REvil to find a way in. The Kaseya attack was the first of its kind. But it will most likely not be the last.
Don’t Panic if You’ve Been Hit by Ransomware
The aftermath of the Kaseya ransomware attack proved extremely costly for both Kaseya and thousands of its corporate customers. The IT solutions firm pledged to donate millions of dollars to help their customers recover from the attack, and most of Kaseya’s clients were safely back online within several weeks. However, even a day without operational abilities can cost a company millions of dollars.
As malevolent and fierce as ransomware attacks can be, it’s important that we don’t panic in the face of these hijackings. Paying virtual ransom works much like paying ransom in physical kidnapping cases: giving into the demands of criminals offers no guarantee of a positive outcome. We could pay the ransom (typically, the payment demands are smaller for individuals or local businesses), and the hackers could then increase the amount necessary to free our devices. The good news is that, even as cyber criminal rings continue to grow more organized and sophisticated, IT security firms are evolving their technologies to offer us greater protection.
There are several steps we can take to help protect ourselves from the threat of ransomware attacks. These steps include:
- Ensure we’re using a Secure Email Gateway (SEG). These gateways monitor the email we receive, and filter it. For instance, if the gateway detects an email from a site flagged for malware, it will immediately block this email from landing in our inbox. If we attempt to open a suspicious email, an SEG will often alert us to its questionable nature and ask us if we still want to open the email. Microsoft Defender for Office 365, SpamTitan, and Avanan are among some of the best SEGs available.
- Always update our software programs and applications. Many of the applications we have installed on our computers will prompt us to update when newer versions (often containing updated security patches) become available. Whether we decide to place our program settings to “automatic updates” or choose to manually install updates, we should always opt into the improved versions of the software we utilize.
- Periodically back-up our data. In a corporate environment, this should occur weekly–if not daily. On a personal computer, you may choose to back-up your files monthly, but this decision really falls to what makes you feel most comfortable. You can use CD-ROMs, external drives, portable flash drives, or even an online storage system (such as Google Cloud) to protect your online data.
The Kaseya attack exposed universal vulnerabilities and a new way for ransomware programs to strike. As ransomware evolves, we must update the strength of our online security. We may never completely eradicate the threat of ransomware attacks, but as we find new ways to protect our computer systems, they’ll become far less frequent.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
All security is personal. The first step towards better personal security is better security awareness. But in…[Read More]
With so many people working from home now, one big question employees have started asking is: Can…[Read More]