What is ransomware and how does it work?

Every 14 seconds, somewhere in the world an organisation falls prey to a ransomware attack. That’s more than 250 attacks every hour, more than 6,000 per day, and precisely 43,200 each week. Considering that a single attack can target multiple organisations and users at once, the scale of the problem speaks for itself. That’s according to recent research by Cybersecurity Ventures, who highlight the global WannaCry attack, which alone resulted in losses of almost $4bn, as the typical example of an attack ‘done right’. In total, global damage cost estimates from ransomware attacks reach around $10bn per year. It’s no surprise therefore that we hear so much about ransomware – but, until it’s too late, we rarely see the catastrophic effect it can have on a business. Ransomware isn’t new. In fact, it’s existed since the late 1980s – however it’s still one of the most common, successful and growing attack types. Digital transformation and the continued adoption of new technologies by businesses has been a catalyst for a rise in ransomware attacks, amplified by the wider use and availability of cryptocurrencies. Attacks have also become more sophisticated, preying on the weakest link in any organisation – its people. Ransomware attacks can replicate authentic requests from known colleagues, duplicate internal email addresses, and copy content with such accuracy that even the most digitally savvy can be caught out. Once ransomware is inside an organisation, it can cripple systems by targeting and encrypting data files that it has identified as being likely to be the most valuable assets to the company. Leaving operating systems functional, so that machines still boot, the malware encrypts that data in memory and destroys the original file. There are various methods that different types of ransomware use to encrypt data files, each with the intention of blackmailing businesses and individuals to pay for the release of their own data – literally holding organisations to ransom. There are also various methods that businesses use to secure their data. But as quickly as cybersecurity solutions are being implemented, hackers are becoming more erudite in bypassing antivirus measures, meaning no single solution is ever 100% effective. The most famous example of ransomware is, of course, the global WannaCry attack mentioned above, having impacted around 150 countries, hundreds of thousands of systems and resulted in the estimated $4 billion total economic loss. Perhaps the most frustrating part of WannaCry is, like with so many of these attached, it was entirely preventable. The lesson WannaCry taught all businesses was simple: stay up to date with all patches. Too often, companies do not update their operating systems with the latest patches, leaving them vulnerable to attack. What makes WannaCry even more frustrating is that it was completely preventable. The only thing organisations had to do to stay safe was to be up to date with their operating systems and the latest patches. Microsoft released the patch against the underlying vulnerability almost two months prior to the attack. It’s important to remember that there is an infinite number of ransomware out there – and it takes just one attack to break through your defences to cause major, disastrous and often irreversible damage to your business. SCC helps its customers be aware of the security gaps across their organisation that include people, processes and technologies. We work with customers to identify where security could be compromised now and in the future, developing appropriate safeguards to limit or contain the impact of a breach, through enhancing existing security practices or deploying new solutions to help secure businesses from insider threats and external attacks. Find out more about SCC’s security solutions: https://www.scc.com/security/.