CyberScout

How Ransomware Works and How It Can Impact Your Business

Ransomware
Getty Images

Regardless of the industry or sector, ransomware is the cybersecurity threat that has consistently made the most headlines over the last five years, and with good reason. As a vector of attack, it has brought multinational corporations to a screeching halt, shut down local governments, caused school closures, and has led to at least one death by disrupting medical services. 

“While the sophistication and methods of attack may vary, the short answer is that ransomware is a type of malware that encrypts critical data on a computer or computer network so that users can’t regain access without paying a ransom,” says CyberScout founder and chairman Adam Levin. 

One of the ironies of ransomware is that it deploys encryption, a technology designed to increase data security, to overcome the security of a user’s device. By encrypting files on a local device (one that is not connected to the internet) or across a network, the damage can be mitigated. Minor frustration and inconvenience does not compare to an extinction-level event due to an organization or an individual being unable to access critical data and services.

The earliest known example of ransomware dates back to 1989, and was distributed via floppy disk at a World Health Organization conference. Attendees who installed the malware, labelled “AIDS information - Introductory Diskettes” soon found that the files on their computers were either encrypted or hidden until they sent $189 to a mailbox in Panama. “In effect, ransomware is the weaponization of a cyber-protection protocol,” says Levin.

Ransomware remained a relatively minor threat until the mid 2010s, when the explosive growth and perceived value of cryptocurrencies, specifically Bitcoin, provided fertile ground for the attacks. Now there was an untraceable form of online currency and nearly unbreakable encryption technology, which set the stage for targeting even more people. A general lack of cybersecurity knowledge formed the basis of the opportunity.

Since then, ransomware has become more widespread. North Korea incorporated it into their arsenal of cyberattacks to fund weapons programs, and in criminal circles ransomware has evolved into a full-fledged industry, with “ransomware as a service” (RaaS) providers leasing out their code in exchange for both fixed fees and percentages of ransom acquired from targets.

Given the sheer breadth of ransomware variants and the number of different industries, organizations, and individuals that are targeted, there’s no one primary means of avoiding ransomware attacks. That being the case, Levin suggests four main strategies to minimize the potential risk and mitigate the damage from a ransomware:

  • Back up everything: “If the loss of your data is potentially catastrophic, the most straightforward solution is to back up your systems and data and do it often,” says Levin. “Bear in mind that your data backups will be of no use if they are also encrypted by a ransomware attack, so keep them stored separately and offline.”
     
  • Call for help: “If you expect your existing staff to be able to resolve a ransomware attack with the resources at your disposal, think again. They can’t do it,” says Levin, who recommends finding a contractor specializing in ransomware recovery before an incident occurs.
     
  • Silo your data: “Run and maintain separate servers and storage for your data,” advises Levin. “While it may require more resources in the short term, doing this will greatly aid in the containment of the damage from a ransomware attack.”
     
  • Get insurance coverage: “Insuring your company against cyber-risk is and should be viewed as a basic requirement of doing business,” says Levin.