What is ransomware?
The days of simple malware – developed by amateurs that were just looking to make mischief – are long gone. Organized crime lies behind much of today’s malware… and the focus is on making money.
As its name suggests, ransomware is a specific type of malware that tries to extract a ransom payment in exchange for unblocking access to an asset that belongs to the victim.
In the case of crypto-ransomware – or cryptor – the ‘kidnapped’ assets are the files and data that are stored on the infected device. The cryptor encrypts the victim’s data into an unreadable form – and the data can only be decrypted by using the necessary decryption key… but that key is only released by the criminal after the victim has paid the ransom demand.
What’s the damage?
Cryptor attacks affect both consumers and businesses.
Whereas consumers are typically faced with ransom demands of $300 to $500, cybercriminals fully understand how valuable data can be for a business… so the ransom charges can be much higher. If one of your devices is infected, the attacker will normally give you 48 to 72 hours to pay the ransom.
If you don’t pay within the deadline, the price for decryption is likely to increase. After a second deadline passes and the payment is still not made, it’s likely that the decryption key will be deleted. At that point it may be impossible to recover your files in a readable form. Even if you do pay the ransom, there’s no guarantee your data will be unencrypted.
Some cryptors contain software bugs that may cause them to malfunction – so the decryption process fails. In other cases, the criminal may simply have had no intention of ever enabling decryption. Instead, they just take the victims’ money.
Even higher costs for businesses
Despite criminals often demanding bigger payments from business victims, the ransom may only represent a small portion of the overall costs to the business. The inconvenience of the attack can result in much larger financial losses. In today’s ‘information age’, any temporary loss of data can totally disrupt business-critical processes, leading to:
• Lost sales
• Reduced productivity
• Significant costs for system recovery
However, the permanent loss of data can have much more severe consequences:
• Permanently damaging the company’s competitive position
• Reducing sales revenues over the long term
• Preventing ongoing access to intellectual property and design data
… and even putting the entire business in jeopardy. Imagine losing access to all your sales records, customer files, accounting data, product information and design data. How would your business cope – and, if it could cope, how much revenue would you lose while your team is trying to get everything back on track? It’s clear that every business has to do all it can to avoid becoming another victim of a cryptor attack.
If your business is attacked, beware of ‘false remedies’ – that may be promoted on the Internet – as these may only add to your problems:
1 Often, they don’t work – but just take more money from the victim
2 Some can even download additional malware onto the victim’s network
There are more cryptor attacks than ever before
Because it’s relatively inexpensive to develop and launch a cryptor – and a single item of crypto-malware can generate massive revenue – the volume of attacks is increasing.
Here are just a few examples of recent cryptors:
CoinVault – uses 256-bit AES to encrypt victims’ files
CryptoLocker – has infected tens of thousands of
machines and generated $ millions for criminals
CryptoWall – often doubles the ransom demand, if payment is not made within the initial time period
TorLocker – encrypts data and uses the Tor network to contact the criminals that launched the attack