As we become more and more dependent on computers to help with our lives, our basic day-to-day operations, our educations, and our businesses, we can only assume that more and more hacks will be forthcoming. Any time someone feels they can exploit someone else’s weaknesses, they will do so in order to make money.
That’s where the new danger to computers comes in: ransomware. In just the last year, this new virus has made big news. Here’s what you need to know about this new threat.
First, let’s look at exactly what ransomware is. Think of it as digital kidnapping. A hacker uses malware to encrypt the documents and data on your computer or network. Once these files are encrypted, you receive a notice saying that you will not be able to access these files until you pay a ransom to the kidnapper, usually through a digital account such as BitCoin. These hackers can completely take away your access to these files. For businesses, this can be crushing, not just in the money that it takes to pay the ransom, but also in the amount of lost business time is used in dealing with the problem.
How do you get infected?
Usually, ransomware works like a Trojan virus by infecting your computer after you click on an attachment or link sent through an email; in fact, the earliest ransomware attack is known as the PC Cyborg Trojan. This virus can be in an email from a friend or co-worker; if it is sent through a corporate network, it may come from anyone on the network that has already been infected.
What makes these types of hacks so bold is how different it is from older attacks. Even five years ago, a hacker’s style was to slip in and steal data without being detected. Now, they brazenly declare that they are in your system and demand payment to leave it alone. And people are paying. Over $1 billion was paid out in ransom in 2016 and 2017 is already on target to see more than that.
One of the most popular variations of this from a few years back was the so-called “Police Ransomware.” In this malware, usually attached through a file sharing website such as PirateBay, the computer user is told that suspicious illegal activity has been detected on their computer. Since the malware usually was linked to users of illegal file sharing sites, this made sense as the user might believe that they had been caught illegally downloading music or movies. The “police” on the other end of the malware then demanded that the user pay a fine for their transgression. This was a simple virus though; the users could simply reboot their computer and the “police lock” would be gone. Only in rare cases could they not use their computer again until the fine had been paid in full.
The New Wave
Locky became the first of a new wave of ransomware in 2016. This malware actually ensnared a California hospital that became so desperate to access their files that they paid $17,000 in ransom to the hackers. Locky is still a major problem because its users constantly evolve and change the software, making it harder to detect and get rid of.
On May 12, 2017, WannaCry struck the world and really brought this whole crisis to international media attention with the biggest global hack to date. During the course of this attack, over 300,000 computers were infected with targets ranging from private individuals to major corporations and even government agencies. Russian banks were crashed along with the United Kingdom’s healthcare organizations. Renault, the car company, had to shut down their production lines while they dealt with the crisis.
Many agencies pointed to North Korea as the culprit, but there is no definitive proof of that. A new virus, however, has started to spread in South Korea hinting that ransomware may be the next stage in global cyberwarfare. By the time the virus was temporarily contained, it had infected computers in at least 64 countries.
One of the main problems with ransomware is that it is able to manipulate a security flaw in Microsoft’s popular Windows operating systems. Microsoft has issued a patch to take care of the vulnerability, but it is only good on recent operating systems. Those running older versions of Windows are still susceptible.
Even though WannaCry has relatively gone away for the time being, there is no doubt that ransomware will continue to be a major issue in the IT security field. It is easy to spread, easy to infect, and relatively easy to manipulate so that new versions can be released on the unsuspecting public. Many people have asked if it is just easier to pay the ransom and receive immediate access to files. This may not be the best solution for two reasons.
First, during the initial WannaCry attack, some computers were told to send the ransom to a specific email account that was shut down. That meant that no matter if the users paid or not, they would still not get access to their encrypted files. Secondly, law enforcement and computer security experts warn that if you give in to the demands of the hackers, you are making yourself an easy target of other hackers. Once they determine that you are an easy mark and will roll over quickly and pay the ransom, you may be inviting other hackers to take a shot at your system so that they can enjoy the spoils.
Even if you don’t pay out on the hack, you can expect that ransomware will be costing you money in the future as it will require added security software and employee training. The fact that smartphones running Android operating system are also susceptible just adds to the potential crisis. This ransomware attack is just the first salvo of what looks like it will be a costly Internet war.