Ransomware: 10 Facts You Need To Know, But Might Not

Ransomware

Ransomware.

After years of making headlines as it successfully breaches businesses, hospitals, and government agencies, causing them to suffer many millions of dollars in losses, this dangerous type of cyber-attack technology continues to wreak havoc worldwide.

Ransomware may seem like a straightforward concept – computer malware that makes data unavailable to its owner until the owner pays a ransom to the criminal operating the ransomware. Yet, somehow, there are many misconceptions about ransomware – and some of them seem to be regularly believed even by people who are otherwise highly-knowledgeable about technology.

As such, I would like to point out 10 points about ransomware.

1. Paying a demanded ransom often will not get you your data back, and may not prevent a leak of whatever information the ransomware compromised. 

Over the past decade or so we have seen, increasingly often, that, (surprise!) many crooks utilizing ransomware are not honest, and that many parties who have paid ransoms have not regained access to their files.

2. There are many types of ransomware – and some of them do more than just encrypt your data. 

Ransomware blocks you from accessing your files, but there are multiple ways of doing so. The malware may either (a) encrypt your files and demand a ransom in exchange for the relevant decryption keys, or (b) remove your files, or portions thereof, from your computing devices, and demand a ransom in exchange for returning your electronic property.

Evildoers may even threaten that if you do not pay their ransom within some period of time that they will either destroy or leak the information that they have stolen from you.

Other variants of ransomware may prevent you from using a particular connected device – or may involve a threat that if a ransom is not paid, the criminal will cause connected devices to malfunction.

3. As time marches on, ransomware continues to grow increasingly sophisticated, smart, and dangerous

Many of today’s ransomware strains not only employ powerful anti-detection technology, but also utilize sophisticated analysis engines to quietly seek out the most sensitive files within an organization. The ransomware remains “dormant” from the perspective of inflicting damage until it detects sensitive data, and then activates to infect the materials that the organization is most likely to be willing to pay a ransom in order to quickly recover.

4. Many of the most damaging ransomware attacks are now targeted, rather than opportunistic. 

Criminals today know that targeted attacks can pay off handsomely. As such, they may utilize all sorts of social engineering techniques, as well as technical exploits, in order to deliver ransomware into specific, intended targets.

Many such criminals also perform research into their would-be-victims’ financial situations – and both select their targets and establish the amounts that they demand as ransoms accordingly.

Even some of today’s opportunistic ransomware attacks leverage such an approach – basing the amounts demanded as ransoms on the geolocation information of victims; if you are located in the USA an hit with such ransomware, the criminal is likely to demand a significantly higher ransom than he or she would demand from another one of his or her victims if that victim is located in a less-developed country whose residents have a far lower average income than that of the US population.

5. Ransomware can be spread by hardware

Poisoned hardware – that is hardware onto which malware or backdoors have been loaded somewhere between the design of the hardware and its delivery into your production environment – can easily spread ransomware.

You could be in for a terrible surprise, for example, if you purchase an innocent-looking off-brand USB-C charger for your laptop, but that particular charger has a chip embedded within it that communicates with your laptop over the USB C port that you thought it uses only for charging, exploits a vulnerability, and infects the device with ransomware. For the same reason and others, you should never use public USB-based chargers for phones and other computing devices.

6. Hospitals are frequent targets of ransomware

Since early 2016 we have seen criminals target hospitals almost incessantly – for good reason; people can die, and have died, when their medical data is not available to doctors treating them – and criminals know that hospitals are likely to pay ransoms because they do not have the luxury of spending time to recover from attacks. Can a hospital overwhelmed by COVID-19 patients really afford to have its computer systems stay down for any significant period of time?

In fact, there is already a lawsuit in American courts in which a woman claims that a hospital’s failure to properly deal with ransomware caused her child to die!

7. Schools are frequent targets of ransomware

While one might think that schools make poor targets for ransomware since schools tend not to have large amounts of cash lying around with which to pay ransoms, that is not true.

Many universities have large bank accounts, and, even schools that are not well-off financially still have to deal with the fact that, schools must keep exams secret prior to the tests being administrated, and, in many jurisdictions, must also conform to various privacy-related regulations when it comes to both personal data and grades. In any event, a school can also obviously have its credibility severely undermined if it suffers a data leak.

8. There are two primary proactive defenses against ransomware: Practicing proper cybersecurity hygiene and backing up your files. 

There is no substitute for practicing proper cyber-hygiene, and doing so is both far more comprehensive and preventative than any other measure in terms of combating ransomware and preventing data leaks.

But, let’s face it – nobody is perfect, and, things can still go wrong even if you do practice good cyber-hygiene.

So, backup.

Often.

Remember to keep backups disconnected from your computer and you’re your networks so that if any ransomware (or other malware) gets onto your laptop or onto your network it cannot infect the backups.

Also, as I have said for many years, if you are unsure if you backup often enough, you probably do not.

9. Ransomware, like other types of malware, can spread via “smart devices” that are not considered by most people to be “computers.” 

Plenty of cybersecurity problems have already been cause, for example, by compromised network-connected cameras.

The issue of connected devices spreading malware remains even in situations in which the infected devices themselves cannot have their data encrypted or stolen by ransomware – they may still be catalysts for spreading the malware to other devices that can be hit hard by ransomware.

10. Ransomware attacks are not going to end any time soon – and they are likely to become significantly more dangerous over the next few years. 

I have made that statement over and over for half a decade – and, sadly, just as it has proven to be true until not, it is likely to continue to be true for the foreseeable future.

(This article is an updated version of cybersecurity expert Joseph Steinberg’s earlier piece, Ransomware: 8 Things That You Must Know.)