More complicated ransomware will encrypt the data on the victim’s system and will not release it unless the owner pays the hacker a ransom. Encrypting the data makes it almost impossible to retrieve the information unless the ransom is paid. Some go as far as to place a timer on the ransom, where if the ransom is not paid the information will be permanently deleted once the timer runs out.

How Profitable is Ransomware?

Many companies have information that is critical to their business operations and will chose to pay the ransom to get their information back. Ransomware is one the most profitable types of malware, but the question is just how much money does the attackers make with each campaign. In 2012 Symantec was able to access a command-and-control server used by a malware called CryptoDefense and estimated that attackers made $34,000 in a single day. They further estimated that they scammed over $394,000 in a single month. Symantec also made a conservative estimate that at least $5 million is extorted from victims via ransomware per year. This number is likely to increase as the number of ransomware software programs available to hackers increase with each year. Some examples of extremely effective ransomware are CryptoLocker and CryptoWall which earned an estimated US $3million and 18 million respectively before they were stopped by authorities.

How to Defense against Ransomware

1) Install Critical updates and Patches– Businesses tend to lag behind when it comes to doing updates and patches out of fear of impacting any old software they are still running. However this leaves your company significantly more vulnerable to exploits. For example the WannaCry ransomware in 2017 took advantage of a vulnerability that was discovered by the NSA and had a patch released fixing it in March. Proper patching would have made this Ransomware obsolete before it had a chance to hit anyone.

2) Regular Backups– You can significantly reduce the impact of a ransomware infection if you consistently save copies of your files. This way if your machines get infected and you’re unable to recover your data, you will still have information up until your last backup was completed.

3) Proper Employer Training– About 50% of all security incidents occur because of user error, properly training your employees on how to recognize malicious emails, links etc will drastically decrease the likelihood of a ransomware incident.

4) Good Perimeter Security– In order for ransomware to affect your network, it first has to get into your network. Good perimeter security includes many different types of devices/policies such as firewalls, security groups, resources policies and a huge one is scanning email attachments. Phishing emails are a very common way for attackers to get users to download software into the corporate network.

Recap

Ransomware is a type of malware attack that prevents users from accessing their own information and pressure the person/company into paying to get that information back. The goal here is financial and it is becoming increasingly common as more ransomware attacks are happening each year. Presumably this is driven by the fact that when it comes down to it, many companies are willing to pay out the ransom to hackers. Many companies can’t function without the information on their computers and in order to get their information back companies continue to pay, encouraging hackers looking to make a profit.