What is ransomware?
What is the history of ransomware- how has it evolved?
Since this first ransomware attack, the malware has had a long and varied history
The rise of blockers
The late noughties saw the rise of a new type of ransomware called blockers. During this time period, blocker ransomware was widely distributed as the code was publicly accessible and could be automatically generated. This pesky ransomware infection took hold of the operating system by adding itself into the Window’s start up process. To make it even more difficult for the user to regain access, it often blocked the task manager and registry editor. There were also other methods used which made device usability almost impossible, including being unable to close certain windows and foil deletion of files. Although removing the ransomware was possible, it required a fair amount of technical know-how from the user. Subsequently, many victims resulted in paying the ransom.
Ransomware blockers combined with cryptomalware
WannaCry and NotPetya
WannaCry infected over 500,000 devices and caused $4 billion of damage across the globe. This particularly damaging strain of ransomware was executed by exploiting a Microsoft vulnerability called EternalBlue. Once the ransomware infected a device it continued to spread to other devices within the network, it affected NHS Trusts, Telafonica, Renault, FedEx, Nissan, Hitachi and many more. In the wake of the attack, Microsoft released an urgent patch for unsupported operating systems. However, even though patches for supported systems were available, many businesses had not applied them, which subsequently left them exposed to the ransomware.
A mere 6 weeks after WannaCry, an even more deadly form of ransomware appeared without warning: NotPetya. NotPetya encrypted the file table in a way which meant that decryption wasn’t an option. As a result, many businesses paid the dreaded ransom and did not retrieve their data in return. Eventually it was concluded that NotPetya was a wiper masquerading as a cryptor. The total damage exceeded a staggering $10 billion.
Data leaks and disrupting critical services
Since these two momentous attacks, cyber-criminals have relentlessly bombarded utilities, healthcare, energy and transport institutions with ransomware attacks. As so many citizens depend on their critical services, bad actors are confident that many will pay a substantial ransom. After all, refusing to pay could not only lead to loss of income or critical data, it could also leave many people (especially healthcare patients) in difficult, and even life-threatening situations.
More recently, a new ransomware trend has emerged which is known as ‘double extortion’. In this form of scam, hackers threaten to leak data into the public domain if a ransom is not paid. This change of technique allows online criminals to apply more pressure on victims, but it also means that they can sell the stolen data on the dark web if they refuse to give into extortion demands.
Famously, the foreign currency exchange service Travelex paid an eye-watering $2.3 million after the REvil ransomware hacking group took down their systems and stole 5gb of sensitive customer data. This included dates of birth, credit card information and national insurance numbers. Reports suggested that it was caused by a critical unpatched vulnerability in their VPNs, which was used as a backdoor to access their systems. After giving into their demands and paying the ransom, within a few short months Travelex went into administration.
Anti ransomware: How can your business protect against ransomware attacks?
As always with Cyber Security, there is no ‘silver bullet’ for ransomware detection or eliminating ransomware risks. The best ransomware protection should adopt the ‘defence in depth’ security approach. Using multiple layers of security controls such as taking regular backups (and safely storing them), preventing mass data exfiltration, multi-factor authentication, email filtering, regularly patching vulnerabilities/applying security updates, providing ongoing cyber awareness training, having an incident response plan, DNS filtering and blocking malicious files/websites, will all help to protect against ransomware.
If you would like to speak to a Cyber Security expert about ransomware protection for your business, please register your details below or call our friendly team on 0121 663 0055.