The headlines sure grab your attention:

Worrisome headlines, for sure. So, what is ransomware? Isn’t this primarily a business problem? Consumers don’t need to be concerned, right?

Ransomware continues to evolve rapidly, and answers to these questions change with each emerging version. Nevertheless, this tactic impacts everyone and everyone should be concerned.

When the concept first appeared in 1989, 20,000 individuals attending a World Health Organization AIDS conference in Stockholm became targets. The distributer was a biologist and AIDS researcher who sent floppy discs to the list of attendees. Once recipients loaded the floppy data into a computer, a message popped up demanding the device owner send $189 to an address in Panama. It was just a hint of the power this concept would eventually possess.

Over the past decade, ransomware has spread like wildfire, and its use has altered. First, the lure of financial gain switched the focus from attacks on individuals who might cough up $200 toward big-time targets with much deeper pockets. As a result, higher-value targets are now the norm.

Today’s ransom demands can squeeze a single business for $10 million or more. While a company may pay the bill or hire a forensic cybersecurity firm to search for alternatives, you’ll feel the pain, too, if you’re a customer of that company. Damages can be swift and severe.

Ransomware is a software tool that infects digital devices like laptops and desk computers to prevent the owners from accessing their stored data. Crooks have always offered something in return for their hefty fee—a decrypt key is standard—but these keys don’t always work. Increasingly, hackers also include threats of exposing the stolen data online. In some cases, blackmail delivers big payoffs.

Damages tend to trickle down to all sorts of folks. That’s why you should learn all you can about the problem, solutions that work, those that don’t, and which proactive steps might help if hackers zeroed in on your business.

Ransomware senders initially used a shotgun approach to hit targets. Thousands of individuals were peppered with emails that carried malware, and names like WannaCry or CryptoLocker dominated the news cycle. Today, detailed research can lead to aiming at a single entity.

Phishing emails still deliver malicious code. For example, if a worker clicks a link in a targeted email while using a company machine, hackers often access several company data systems. In other instances, malware arrives when a device user visits a harmful website.

Once the target’s data system is locked down, hackers then download files to misuse later. Business operating systems like digital checkout registers won’t work, making it impossible to buy goods. Gas pumps may run dry. So yes, ransomware impacts us all.

“Ransomware is a long-standing problem and a growing national security threat,” a spokesman for the United States Department of Justice said this summer when unveiling a new collaborative way to report and share information about recent attacks.

Roughly $350 million in ransom was paid to malicious cyber actors in 2020—more than a 300% increase from the previous year. Unfortunately, 2021 has already featured jaw-dropping ransomware attacks, and the trend continues to worsen.

Hackers are generally one (or more) steps ahead of the hard-working people who work to block intrusion attempts. So cyber investigators play catch up as they study the hacker’s moves and search for data exfiltration.

Top targets include:

Massive attacks make headlines, yet government experts say they don’t tell the whole story. According to U.S Department of Justice (DoJ) calculations, roughly 75% of all ransomware attacks zero in on small businesses .

“Like most cyber-attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks,” the agency stated.

Small businesses face direct attacks but also suffer from attacks on their service providers. For example, in 2021, hackers aimed at a Florida-based IT firm called Kaseya. The company delivers IT assistance for businesses too small to have their own info tech departments. Perpetrators seized massive amounts of data, and schools, grocery stores and an estimated 2,000 additional firms felt the impact. Hackers demanded $70 million to reverse the damage.

Government investigators work around the clock to track down perpetrators after an attack like Colonial’s. The FBI and other law enforcement groups strongly recommend against paying a ransom, but media reports indicate that Colonial and JBS both paid millions for a decryption key.

In Colonial’s case, the price tag reached around $4.4 million, but the software received was so slow, the company couldn’t use it. As a result, the pipeline shutdown caused panic in southeastern states and empty gas tanks up and down the coast.

In late October, a group of U.S. agencies including the Secret Service, U.S. Cyber Command and the FBI collaborated with foreign governments to hack back at a ransomware gang responsible for numerous attacks. Their takedown plan knocked REvil, a group with apparent ties to Russia, offline after the crew claimed responsibility for the JBS attack and several other major incidents.

The attacks we hear about are alarming, but there’s an additional dimension—businesses that don’t report ransomware or other data breaches. Anonymous surveys of business IT teams indicate that those rates could be 35% or higher.

In June, the DoJ launched a dedicated website to address the ransomware issue and hopefully prompt more reporting. StopRansomware.gov is a collaborative effort between government agencies and the private sector. It’s hoped that a single collection point for filing reports and sharing information about new attacks will finally put a dent in hacker success rates.

The FBI’s Internet Crime Complaint Center (IC3) recently confirmed that 2021 ransomware attacks are on pace to smash the record set in 2020. Today’s thieves have doubled up on extortion efforts, too. In the current climate, some damages cannot be reversed even after the ransom is paid.

“Cybercriminals have also increasingly coupled initial encryption of data with a secondary form of extortion, in which they threaten to publicly name affected victims and release sensitive or proprietary data exfiltrated before encryption,” a recent FBI alert warned.

Written and Published By IDShield