Ransomware is a type of malware that threatens to either publish or block access to a victim’s data unless a ransom is paid to the ransomware owner. Ransomware have a wide range of complexity, simple ransomware may lock your device in such a way that it can be reversed while more complicated ransomware may encrypt the victim system’s data making it almost impossible to retrieve the information unless the ransom is paid. Some go as far as to place a timer on the ransom, where if the ransom is not paid the information will be permanently deleted once the timer runs out.
How profitable is Ransomware?
Ransomware is by far the most profitable of all malware, but the question is just how much money does the attackers make with each campaign. In 2012 Symantec were able to access a command-and-control server used a malware called CryptoDefense and estimated that attackers made $34,000 in a single day and estimated that they scammed over $394,000 in a single month. Symantec also made a conservative estimate that at least $5million is extorted from victims via ransomware per year, with this number only likely to increase as the number of ransomware available to hackers increase with each year. Some examples of extremely effective Ransomware are CryptoLocker and CryptoWall which earned an estimated US $3million and 18 million respectively before they were stopped by authorities.
How to Defense against Ransomware
1) Install Critical updates and Patches- Businesses tend to lag behind when it comes to doing updates and patches out of fear of impacting any old software they are still running. However this leaves your company significantly more vulnerable to exploits. For example the latest WannaCry ransomware took advantage of vulnerability that was discovered by the NSA and had a patch released fixing it in March. Proper patching would have made this Ransomware obsolete before it had a chance to hit anyone.
2) Virtual Inoculation- Virtual inoculation is the equivalent of a virtual vaccination and is a great alternative for companies to use to prevent ransomware infections if patching is not a viable option. Matthew Hickey, a cofounder of My Hacker House created a virtual inoculation tool called WCRYSLAP and it works by giving your system a small piece of the malware so that when malware tries to infect your machine it sees that it is already infected and quits.
3) Regular Backups- You can significantly reduce the impact of a ransomware infection if you consistently save copies of your files. This way if your machine gets infected and you’re unable to recover your data all is not lost.
4) Proper Employer Training- About 50% of all security incidents occur because of user error, properly training your employees on how to recognize malicious emails, links etc will drastically decrease the likelihood of a ransomware incident.