What Is Ransomware And How Does It Work?

Ransomware has emerged as one of the biggest cybersecurity threats in modern times. Government agencies, universities, and corporations alike have fallen victim, crippling infrastructure and costing billions. Colonial Pipeline, Harvard University, JBS Foods, and Kaseya are just a few of the victims of ransomware attacks in 2021, with the attack against Kaseya considered one of the largest in history.

In fact, 37% of businesses were hit with ransomware attacks in 2021. Of those, 32% of victims paid a ransom, with the average cost of recovering from an attack coming in at $1.85 million (via Sophos).

The total cost of ransomware attacks in 2021 is estimated to be some $20 billion (via Cybersecurity Ventures). To make matters worse, that figure is expected to grow to $265 billion in 2031 (via Cybersecurity Ventures).

Despite its prevalence, ransomware is still misunderstood by many people, which only adds to the threat it poses.

What Is Ransomware And How Does It Work?

Ransomware involves comprising a computer system with the goal being to encrypt the information on that computer. Once the data is encrypted, the perpetrator demands a ransom payment in exchange for the decryption keys necessary to unlock the data.

One of the most common ways ransomware is spread is through phishing attempts. A bad actor sends an email to a potential victim in an effort to convince them to download a file that will give the hacker access to the victim's computer, allowing them to encrypt the contents.

Another popular method of attack has been to find and exploit weaknesses in existing systems. This is a particularly effective method when it comes to targeting services that are widely used by a range of companies.

For example, what made the Kaseya attack so devastating is the fact that Kaseya makes IT management software that is used by other companies. As a result, rather than target those companies one-by-one, the REvil ransomware gang behind the attack exploited vulnerabilities in Kaseya's software, thereby infecting the systems of as many as 1,500 of Kaseya's customers (via The Washington Post). For obvious reasons, these kind of attacks are becoming more popular since they provide hackers a much wider larger on their investment.

Another disturbing ransomware trend has been the rise of Ransom-as-a-Service (RaaS). In other words, some ransomware gangs are creating and licensing their ransomware software to other gangs in exchange for a percentage of any profits. This has led to an increase in the number of ransomware gangs, since getting in on the action no longer requires the technical expertise necessary to create effective ransomware software.

How To Combat Ransomware

One of the most effective ways to combat ransomware is through effective training. Since phishing remains one of the most popular attack vectors, it's important for companies to train their employees on cybersecurity best practices.

Another important step is to keep current with upgrades and security patches. Ransomware gangs often take advantage of vulnerabilities for which the software vendor has already released a patch, but has yet to be applied by all of the vendor's customers.

If an organization has been compromised, the first step is to contact law enforcement and make sure they're involved as early as possible. In some cases, law enforcement is able to obtain the decryption key, eliminating the need to pay for them. Even if law enforcement cannot help acquire the decryption key, they can provide invaluable assistance and advice on how to proceed.

Similarly, regular, redundant backups are a critical factor in being able to recover from a ransomware attack. In fact, 57% of victims in 2021 recovered their data from a cloud backup. In contrast, the companies that paid the ransom recovered only 65% of their data on average (via Sophos).

Without a doubt, ransomware is here to stay and will continue to grow as a threat to the private and public sectors alike. Education about how it works, how to avoid it, what to do in the event of an attack is the best way to combat ransomware now and in the future.