Ransomware: “Another one bites the dust”
“Another one bites the dust” by Queen – it is one of my favorite songs and coincidentally one of my first thoughts when I hear that another organization has fallen victim to a ransomware attack. Numerous major companies fell victim to ransomware in 2020. One would believe that only large international organizations are being targeted; Unfortunately also small/medium sized companies, governments, educational institutions and even hospitals have been hit by ransomware.
Ransomware is a type of malware (malicious software) that encrypts the computer files of the victim with an unguessable password. Without this password, the victim is unable to access his/her files. The cybercriminal demands a ransom for the password.
Ransomware isn’t new as it has been gaining notoriety since 2010. An evolution of several ransomware factors are being observed in damages, the modus operandi and even the target groups. Most noteworthy, the sophistication of the attacks has changed, for the worse. In the early days, ransomware was very basic as it did not encrypt the data files (non-encrypting ransomware). Non-encrypting ransomware showed pornographic images and demanded users to send a premium rate SMS to receive a code to remove these images. Criminals then started employing ransomware that effectively encrypted system files (encryption ransomware). “Luckily”, early encryption ransomware was still so rudimentary that it used a lot of system resources, making the encryption detectable and thereby quickly remediated with back-ups.
Currently, the typical modus operandi (MO) of a ransomware attack is the following: a cybercriminal is able to compromise a system in the organization, maps the different systems on the network and increases their permissions to move through the network. They then disable existing anti-virus software, find and corrupt/encrypt/delete backups, and finally encrypt the data on all systems.
Furthermore, stealing data has also become part of ransomware modus operandi so that even if the company still has data back-ups, they are forced to pay a ransom to keep their data confidential. This type of ransomware MO is also known as doxware and/or leakware.
If you need any assistance or have any questions regarding ransomware within your company, don’t hesitate to contact us.