Ransomware attacks exceptionally profitable for online extortionists. According to Forbes, the average value of a ransomware transaction per month in 2021 is over 100 million dollars. Meanwhile, researchers have found at least 68 different active ransomware strains in 2021. And experts project the total cost of ransomware to exceed $20 billion in 2021.
Ransomware is such a problem that the Biden administration has established a coalition of around 30 countries to stop hackers. With ransomware making headlines so often, it can be challenging to understand how it works and what it all means. So, here are some essential facts that may help explain ransomware attacks:
How ransomware works
Some ransomware strains work by encrypting essential files and folders on a computer or network of computers, while other types of ransomware restrict access to data but don’t encrypt them. There are also ransomware strains that encrypt the Master Boot Record (MBR) of a drive or Microsoft’s NTFS, stopping computers from loading the operating system.
Although some types of the malware require human action to spread, others have worm-like capabilities and self-propagate. You can get ransomware from social engineering attacks like phishing emails, drive-by-downloads, malvertising, instant message attachments, and portable drives.
But the most common attack vector for ransomware is Remote Desktop Protocol (RDP). Hackers can use vulnerabilities in exposed RPD to open backdoors in systems and drop the dangerous malware. Additionally, hacker groups also exploit bugs in Virtual Private Networks (VPNs) for ransomware strikes.
Ransomware uses scareware tactics
Scareware is a type of malware that uses fear to manipulate a victim into buying software. While ransomware isn’t exactly scareware, it uses similar tactics. Ransomware typically blasts a victim’s computer screen with an intimidating message, and usually, the message demands money in exchange for the seized data within a limited amount of time.
Ransomware gangs demand payment in bitcoin for a reason
Hackers that use ransomware rarely demand payment in cash, check, or money orders from their victims because such mediums are traceable. Instead, they opt for payments in bitcoin because cryptocurrency can be harder to recover. Of course, cryptocurrency isn’t impossible to retrieve, as the FBI proved by recouping nearly $2.3 million of the Colonial Pipeline ransom.
Small businesses suffer the most
Over 50% of ransomware attacks target organizations with less than 100 employees, while over 75% of attacks target companies with less than $50M in revenue. Smaller businesses find it more challenging to recover from extortion because of fewer resources. Many don’t recover even after paying their attacker for several reasons:
- Too expensive to resume operations
- Loss of reputation
- Ransomware gang only partially unlocks data
- Customer data is sold on the Dark Web
Ransomware is a complex threat that can harm even a well-prepared business. For these reasons, it’s critical for any organization to figure out how to remove ransomware strains from their systems after an attack and avoid rewarding extortionists.
Hackers hide in a network before deploying ransomware
Researchers say that online criminals can take over a week inside a network for the following activities before launching ransomware:
- Lateral movement
- Credential dumping
- Data exfiltration
- And more
After completing all malicious activity, hackers are usually only discovered because they’ve deployed ransomware throughout a network in its computers, servers, shared drives, and other accessible systems.
You’ll need to adopt a holistic approach if you’re worried about cybercriminals infiltrating your network with ransomware. Consult with a cybersecurity team today to develop the best course of action.