Ransomware: How Hackers are Extorting Money for Your Files

Take the first step to protect yourself by reading this blog to make sure you’re aware of the risk and have the tools necessary to prevent an attack. Use the comments section below to start a discussion or ask a question.

According to Osterman Research, nearly 50% of organizations have been hit with at least one ransomware attack in the past 12 months. Even scarier, only 4% of U.S. respondents said they were very confident that their security systems could prevent a future attack. Keep reading to learn what ransomware is and why it’s so important to protect yourself (and your money) from this widespread cybercrime.

What is Ransomware?

Since 2016, the cybersecurity industry has seen an increase in the use of a computer virus called ransomware. Ransomware is categorized as a type of malware: a nasty software that tries to damage or disable computers and computer systems.

Ransomware is particularly dangerous for businesses because it’s designed to block access to data on a business network. By encrypting the data or changing the attributes to hide files, ransomware makes it incredibly difficult for companies to access their own data.

Hackers use ransomware to hold business information and data hostage for a paid ransom. While the average ransom payment is $300, it can get as high as $50,000.

Two Types of Ransomware: Locky and Cerber

There are two distinct types of ransomware emerging as the most popular: Locky and Cerber.

Locky ransomware has been used since February 2016, and since that time, there have been several iterations.

The name “Locky” is derived from what happens when your system becomes infected. The virus scrambles all of your files first and then renames them with the extension “.locky”. Only the hacker has the decryption key and they require payment via the “dark web” in the form of bitcoin.

This particular virus strain is spread via email and social media sites, like Facebook and Instagram. It only takes one user within the workplace to open an infected file (email, attachment, or link), and the entire network becomes compromised.

Cerber ransomware first appeared in March 2016 and has similarities to Locky ransomware.

“Cerber” ransomware was named for the extension commonly used in renaming your files once they’ve been encrypted: “.cerber”. After the files have been compromised the hacker requires a ransom payment to decrypt. Cerber differs from Locky in that the payment of the ransom must fall within a given time frame, typically seven days. If the ransom is not paid within the timeframe, the ransom payment doubles.

The good news about the Cerber strain of ransomware is that there is a decryption method available.

Ransomware Targets

Hospitals look to be a favorite target for these types of ransomware attacks. For example, in Southern California in 2016, Hollywood Presbyterian Medical Center became a victim of ransomware. After the hospital’s network data was encrypted, they were forced to pay 40 bitcoins, or about $17,000 dollars to decrypt the data.

According to Wired, “Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.”

While hospitals are targeted for big payoffs, these crimes don’t require a big ransom to be considered successful. Because ransomware can be purchased or developed relatively inexpensively, and delivery is pretty much free, a small team of hackers can easily infect millions of users. Since the initial pot is so large, they really only need a small amount of victims to pay up.

With that said, everyone becomes a target.

What Can Businesses Do?

McAfee Labs is expecting the number of ransomware cases to increase, so I recommend you consider this four-stage approach for protecting your business:

Stage 1: Train

• Train employees to be aware of ransomware and recognize potential risks on social media and email.
• Implement regular processes and procedures to update employees on changing threats.
• Require employees to report malware and provide a way to submit suspicious activity to your cybersecurity team for analysis.

Stage 2: Increase Security

• Improve email and web blocking/filtering systems.
• Block any emails that contain attachments with (Troj/DocDI-BCF) file types.
• Scan the network for “Troj/Ransom-CGX” file types.
• Disable micros.
• Block domains that the company doesn’t normally conduct business with.

Stage 3: Plan for the Possibility

• Develop and implement a “business continuity plan” and/or “disaster recovery plan” that outlines policies and procedures in the event of a breach.
• Test the plan on a regular basis and adjust as necessary.

Stage 4: Backup Regularly

• Backup your data regularly and keep a full copy at a secure offsite location or cloud environment.
• Encrypt backup copies for extra security.

Cyber security continues to be a growing concern for businesses of every size, in every industry. The good news is that antivirus vendors are continually improving their software to better recognize and block various types of ransomware and malware. Additionally, cybersecurity is projected to grow much faster than other IT related fields over the next five years.

If you’re interested in joining the cybersecurity industry, or increasing your skills, CSU Global is offering a nationally recognized Undergraduate Certificate in Cyber Security. After just six courses you’ll have a certificate employers respect, as well as the knowledge necessary to sit for your CISSP (Certified Information Systems Security Professional) certification exam.