The fight against ransomware is getting tougher. Here are five basics everyone should know about it.
- What is ransomware? Ransomware is a type of malicious software, or malware, that denies access to files and data until a ransom is paid. There are two distinct types of ransomware. The most common is crypto ransomware, which encrypts sensitive data and files until a ransom is paid. The other type, locker ransomware, locks a device, completely preventing the victim from using it. In most cases, ransomware encrypts personal files, blocking users from accessing them. Victims are given instructions on how to pay the requested ransom, and only after doing so, are they given a decryption tool that will unlock the files.
- How does ransomware encryption work? A well-designed ransomware strain will typically use an asymmetric encryption algorithm, which leverages a pair of keys – one public and one private. The data that is encrypted with the public key can only be unlocked by this matching private key and vice versa.
- How do victims pay cyber ransoms? Ransoms are typically paid in the cryptocurrency Bitcoin due to its anonymity and difficulty to trace.
- How much is a typical ransom? Requested ransom amounts can vary wildly. In the WannaCry attacks, victims were asked to pay between $300 to $600 via BitCoin to have their files unlocked. This may not seem like much, but it’s important to consider the other, more severe, costs resulting from such attacks due to downtime caused by lack of access to systems. Shockingly, it was recently reported that South Korean web hosting provider paid $1 million in bitcoins to hackers after a Linux ransomware infected its servers and encrypted the websites data hosted on them. A big jump from the amount the Hollywood Presbyterian Medical Center reportedly paid last year.
- How do I mitigate risk? Ransomware prevention measures can seem particularly daunting as administrator rights are not always required for some of today’s advanced strains of malware to compromise an end users’ machine and infect the endpoint. This means that while privilege management can play a role in mitigating risks, many strains of ransomware can encrypt data using standard user rights. So even if an organization has removed local administrator rights, this doesn’t necessarily mitigate the risk.