Let's Talk

What is RANSOMWARE, and Why is It So Dangerous?

I have a 3-year-old boy and a 2-year-old girl, and they are the best things to happen to me, second only to my amazing wife, Diana. I would give my life for my kids in a heartbeat, but one thing I don’t enjoy is when they get up every night from their own beds to jump into ours. If you’re reading this and have or had toddlers, you can probably relate to how these little, amazing creatures can hold one of the most important things for us parents—sleep—captive. While time is your only remedy here, I know I might miss it when it stops.

There’s very little we can do about these beautifully and wonderfully made creatures. However, imagine coming home from a trip, only to find all your door locks changed with a ransom note demanding payment for new keys. Now, this is a fully paid house, with nothing owed and no liens. That’s ransomware in action.

By definition, ransomware is a type of malicious software (malware) that encrypts your files, making them inaccessible, and demands payment (ransom) to unlock them.

Ransomware has grown in popularity, and it’s not just a personal problem. It can be used to cripple businesses, hospitals, and even entire cities. Let’s take a look at how it works.

How Ransomware Works:

  1. Infection: You might click a link in a phishing email or download an attachment that looks harmless but carries ransomware.
  2. Encryption: Your execution of the file or link activates it, and it starts scrambling and locking your files so you can’t access them.
  3. Demand: Similar to the movies with hostage-taking scenes, once they’ve taken your files hostage, they demand payment in exchange for the unlock code or key.
  4. Home: While I am not the government and won’t tell you to never negotiate with terrorists, you have to understand that even if you pay, there’s no guarantee you’ll get your files back—or that they haven’t been stolen and sold on the dark web.

Let’s look at some types of ransomware:

Types of Ransomware:

  1. Crypto Ransomware – The Lock that Binds:
    • This is the school or neighborhood bully that forcefully collects your lunch and asks you to do something or pay to get it back. In the digital world, your files are encrypted and held hostage.
    • Example: The 2017 WannaCry ransomware attack, which affected over 200,000 systems.
  2. Locker Ransomware – The Screen Blocker:
    • Imagine coming home to find all your locks changed. After investigating, you learned it was the bank’s doing. The bank has locked you out of your fully paid house.
    • This is similar to what locker ransomware does—it locks you out of your device entirely. Usually, a message is displayed on your desktop, preventing access.
  3. Double Extortion – The Threat Multiplier:
    • In the movie Inside Man: Most Wanted, robbers take hostages while also planning to steal gold from a vault. Similarly, in double extortion, attackers combine encryption with data theft for maximum pressure.

Why Ransomware is So Dangerous:

  1. Personal Impact:
    • Before smartphones, we kept diaries and physical phone books. If you’ve ever lost one of those, you know how difficult it was to start again. Losing access to cherished photos, important documents, or financial records can feel devastating.
  2. Business Disruption:
    • Most businesses build resilient systems to prevent downtime and can lose millions every day when attacked. This includes ransom payments, downtime, lost data, and reputational damage.
  3. Critical Infrastructure at Risk:
    • With the growth in integrated control systems (ICS) and Operational Technology (OT) in critical infrastructure, hospitals, transportation systems, and power grids are increasingly targeted. These attacks can put lives at risk.
  4. No Guarantees:
    • Paying a ransom might not result in getting your files back. In fact, paying the ransom could make you a more favorable target for future attacks.

Examples of Ransomware Attacks:

  • WannaCry (2017): Affected over 150 countries, disrupting healthcare, telecom services, and more. The attackers demanded $300-$600 in Bitcoin.
  • Colonial Pipeline (2021): Caused fuel shortages in the U.S., and the company paid $4.4 million to regain access.

Consider a small business that lost 10 years of customer data due to a ransomware attack. The ransom paid was $2,000, but the real cost was losing customer trust.

How to Protect Yourself from Ransomware:

  1. Backup Your Data:
    • Regular backups are like having another phone book or diary in case you lose one. It’s also a good practice to backup your backup.
    • Tip: Use cloud storage or external drives to ensure your backups are secure.
  2. Be Cautious of Emails:
    • If an email seems too urgent or too good to be true, it probably is. Avoid clicking links or downloading attachments unless you’re sure they’re safe.
    • Tip: Read the sender’s email address carefully and watch for spelling errors.
  3. Keep Software Updated:
    • All systems have vulnerabilities waiting to be discovered. Updates help fix some of the vulnerabilities that could be exploited by ransomware.
    • Tip: Set your software to update automatically whenever possible.
  4. Use Security Tools:
    • An outdated antivirus is better than none, and a firewall with default configurations is better than no firewall.
    • Tip: Ensure your security tools are up-to-date and properly configured.
  5. Enable Multi-Factor Authentication:
    • This additional layer of protection helps keep your systems and accounts secure, even if someone gets access to your password.

What to Do if You’re Hit by Ransomware:

  1. Don’t Panic:
    • Paying the ransom doesn’t guarantee anything. Try to stay calm and assess your options.
  2. Disconnect from the Network:
    • If you notice an active ransomware attack, disconnecting from the network will take your system offline and reduce the extent of the attack.
  3. Report the Incident:
    • Report the incident to your IT department or law enforcement if applicable.
  4. Restore from Backups:
    • Once you’re sure you’ve eliminated traces of the attack from your system, restore your files from your backups.
  5. Seek Professional Help:
    • Do not hesitate to seek professional help from cybersecurity specialists when necessary.

Ransomware, like other cybersecurity-related attacks, can be scary, but it’s beatable. Taking simple steps like backing up and testing your backups and being cautious online can make a huge difference. Take a moment today to review your cyber hygiene practices and share this with someone who will benefit from it. It’s the easiest way to protect yourself—and others.

Tags:

John Kuforiji

With over 12 years of experience in the cybersecurity field, John Kuforiji is a principal consultant at Shawata Inc., a leading IT consulting firm that provides cybersecurity architecture advisory services to clients across various industries and sectors. He holds a Bachelor of Computer Engineering degree and several relevant certifications, including CISSP,TOGAF, ITIL, COBIT, and PROSCI.

John's core competencies include conducting security assessments, penetration testing, data loss prevention, identity and access management, disaster recovery, risk assessment, vulnerability management, and incident response. He is adept at leading cross-functional teams, analyzing complex security challenges, and developing practical solutions that align with business objectives. He has successfully delivered numerous cybersecurity initiatives for large organizations, working closely with stakeholders to ensure their security strategies are effective and compliant. He has also developed and delivered training programs to raise awareness and prevent cybersecurity threats. John is a proactive professional with a passion for cybersecurity, always looking for new and innovative ways to improve his clients' security posture.

https://johnkuforiji.com

Leave a Reply

Your email address will not be published. Required fields are marked *