By now, it is safe to assume that almost everyone in business has at least heard about ransomware – the malicious software that works by luring a victim to click on an infected advertisement, email, attachment or website. Once someone takes the bait, it takes over and encrypts the content of the target organization’s hard drives and other connected electronics. Hackers are then in the position to demand payment to unlock the content – typically in bitcoin.
2017 was an unprecedented year for ransomware, with businesses, universities, hospitals, and law enforcement agencies affected—just to name a few. As I discussed in an earlier blog, it was just this past March that the Atlanta Municipal government was hit by a ransomware attack. But what are the implications of ransomware attacks? And what should you know about ransomware attacks that might not be obvious?
Here are five facts that are less commonly discussed about ransomware.
- Ransomware doesn’t just affect IT, it disrupts people’s lives.
Ransomware’s impact is not just limited to the IT department or the people working within the organization; it affects anyone who benefits from the targeted organization. In 2017, when WannaCry ransomware took down over 16 hospitals in the United Kingdom numerous patients had surgeries canceled or postponed. In the case of Atlanta, many residents were unable to pay tickets or utility bills—and in some cases the attack prevented residents of Atlanta from starting a new job. Ransomware affects many people—not just those who are part of the identified organization. In fact, one of the purposes of ransomware is simply to disrupt. The more disruption – inside or out of the organization – the better.
- It’s not a case of ‘if’ with ransomware, it’s a case of ‘when’.
- Paying ransom doesn’t guarantee recovery of data.
- Ransomware attacks aren’t picky.
Many of the attacks you’ve probably heard about in the media concern healthcare organizations, but ransomware isn’t selective in who it targets—universities, police departments, local governments, HR departments, financial institutions, small, medium, and large businesses alike—everyone should take appropriate steps, both preventative and mitigating, to address the risk of ransomware.
- Ransomware is evolving.
As security operations wise up to ransomware, ransomware creators have created new techniques to successfully target organizations. These include slowing down and randomizing the encryption process, delivering ransomware through files instead of emails, and using polymorphic code—code that changes itself each time it runs while still achieving the same result. These are just a few of the ways that ransomware is evolving. It is important to stay aware of the ways ransomware might change and what the appropriate prevention and mitigation techniques are in response.
Key to any response and recovery plan is an alternative medium for secure communications. Secure messaging platforms like Vaporstream can help ensure that you keep communications ongoing should you need to address any ransomware threats and get systems back up and running without the knowledge of the bad actors that believe they have you at a disadvantage. Ransomware is a huge problem for organizations, but with proper prevention, especially strong mitigation efforts, the damage it causes can be significantly reduced.
Contributor: Kristi Perdue Hinkle