Ransomware: The Largest Cybersecurity Threat to Virginia Businesses

What is Ransomware?

Ransomware is a specific type of malware designed to encrypt the files of the victim. The malware then prevents the victim from accessing their files until a sum of money, or "ransom" is paid. There are many different types of ransomware, but, in general, they all try to extort money in exchange for the return of your files.

Depending on the variety of ransomware, it could prevent you from accessing your computer’s operating system, encrypt your HR or accounting files, shut off network connectivity, encrypt the files which run manufacturing equipment, or encrypt sensitive databases. Of course, when dealing with criminals, paying the ransom does not guarantee that you will gain access to your PC or files again. Ransomware is and will continue to be the number one cybersecurity threat to Virginia businesses for the foreseeable future. 

Anonymous Cyber Threats

For those criminals with some basic computer skills, ransomware is an easy way to make money. The attackers can simply download a ransomware program from one of the hundreds of Dark Web sites which sell pre-made ransomware. The challenge with ransomware is that the attacker is almost completely anonymous, making law enforcement or attribution very difficult.  Most ransomware is delivered by embedding the malware inside a document, image, or other file attached to the email. A recent study estimated that 40% of all spam emails contained some sort of ransomware payload. Additionally, the attacker can also find a way to convince the victim to click on a malicious link, which then downloads the ransomware onto their computer. 

A malware site on the Dark Web advertising various types of ransomware.

Ransomware is a Big (Criminal) Business

Ransomware is big business. In 2016, ransomware criminals made over $1 billion from attacking U.S. companies and caused $75 billion in damages and in business continuity losses. It is also profitable for those who develop and sell the actual ransomware. Many ransomware creators even establish a franchise relationship with the end-user, where the actual attacker will pay the ransomware creator a portion of the revenue generated from the attacks. 

Most ransomware payments are made using Bitcoins, a type of cryptocurrency which prioritizes security and anonymity. Many businesses we work with have never heard of Bitcoins and have no idea where to buy them, adding to an already stressful situation. 

The Basic Elements of a Ransomware Attack

1.     The attacker finds a pre-made ransomware program on a Dark Web hacking forum.

2.     The attacker then embedded the ransomware in a Word document or PDF and emails it to the target.

3.     The victim downloads the infected file, which encrypts their data and then displays a message explaining how and where the victim must transfer the ransom payment. 

4.     When the attacker receives the payment, they MIGHT send the decryption key which the victim can then use to decrypt their data. 

Ransomware Impacts on Virginia Companies

In Virginia, we have helped companies both large and small deal with ransomware. However, we have seen a shocking surge in ransomware attacks since the beginning of the year. This matches a national trend where, in 2016, ransomware attacks increased 300% over the previous year. Several major cybersecurity research centers estimate the number of ransomware attacks to double in 2017. Nationwide, financial services such as banks were targeted the most, followed closely by healthcare organizations, emergency services, law enforcement and government agencies. Of the businesses and organizations affected, 70% paid the ransom, which could pose as a risk of being targeted again in the future. 

Here in Virginia, we have seen a large increase in manufacturing and biotech businesses targeted by ransomware. In the majority of these cases, the attackers had gained access to the victims networks and had conducted reconnaissance to determine exactly which files were most valuable to the victim. They would then encrypt those files and demand payment. In one instance, the attackers encrypted the software which ran a manufacturing plant, stopping all the machines in the facility from running. We were eventually able to decrypt the ransomware without having to pay the ransom, but the victim lost approximately $15,000 per hour their machines were stopped. 

How Can You Prevent Ransomware?

If Virginia businesses use the following guidelines, the impact of ransomware on your business can be greatly reduced. 

1.     Back up your data. Data back-up and storage solutions are generally fairly inexpensive. Additionally, daily backups mean that at most, your company will only lose one days worth of work, which is often much better than paying an expensive ransom with no guarantee of regaining access to your data. 

2.     Develop an incident response plan. With ransomware becoming a common business continuity risk, even for businesses here in Virginia, it is vital that companies know what to do in case they are attacked. Contact us for more information on how to create an incident response plan. 

3.     Monitor your networks. Effective cybersecurity starts with being able to identify malicious software and people in your networks. While large businesses have the resources to build and staff a Security Operations Center, most small businesses out-source the security function to cybersecurity experts. Learn more about how we can defend your networks here. 

4.     Develop an Information Security Program. Formal policies, procedure, and guidelines help businesses both large and small protect their data. Without enforceable data security measures, it will be impossible to effectively prevent ransomware attacks. 

Reducing Risk, Improving Resiliency

Ransomware is a growing problem and understanding how it works is key to reducing the risks associated. Additionally, taking the steps above will reduce the amount of time your company is impacted by this type of cyber-attack. Contact us to learn more