What Is Ransomware?
Definition of ransomware
Ransomware is a piece of malicious software that locks your data until you pay the hacker behind the attack. This is sometimes the creator of the software, but not always. There are off-the-shelf ransomware programs floating around the dark web that even low-skilled bad guys can customize for their own uses. Ransomware can enter your company’s infrastructure in a variety of ways, from phishing and other kinds of social engineering to software that takes advantage of an insufficiently protected system through software exploits.
The origins of ransomware
The trojan virus
A trojan virus (the AIDS Trojan) from 1989 is widely considered to be the first ransomware attack, though that term didn’t yet exist. The scheme targeted users’ mailboxes with a floppy disk containing a virus. When inserted, the floppy disk released the virus, which simply hid the user’s files and encrypted the file names. Victims had to mail away to a PO Box in Panama to receive the key that would decrypt their files. The author of the virus, Joseph Popp, was eventually caught, but promised to donate any ill-gotten funds to AIDS research.
Of course, that was only the beginning. Digital extortion tactics changed throughout the 90s and 2000s until 2005, when ransomware as we know it began to reveal itself. But it didn’t stop there—2020 broke all records for number of ransomware attacks in one year.
How does ransomware work?
Holding your data ransom
You might remember shareware from the last century, which was a free software program that you might become dependent on and want to buy that you could also share with your friends. This was from the days when we shared things on floppy disks, though shareware stuck around for a bit longer than the disks did. With in-app purchases required to unlock the full features of a “demo” application, the concept is still with us—if you want to use everything an app can do, you might have to pay. Developers aren’t charities, after all.
Ransomware is the black-hat cousin of shareware. Instead of granting you additional usefulness for a fee, ransomware takes what you already have and won’t give it back unless you pay up. Usually, those payments are only accepted in cryptocurrencies, which are harder to track than traditional payment methods. The hackers also often pretend to be law enforcement to give their lies more urgency and authority.
Different types of malware
Doxware and leakware
Although ransomware is one of the less common forms of malicious programming, they are no less dangerous today than they were yesterday. The ecology of ransomware has diversified in recent years with the invention of doxware, blurring the line between computer hacking and blackmail. Doxware and its cousin leakware both use the same threat: the hacker will reveal something you’d rather not be public unless you pay them. Since so much of our lives are online, this doesn’t just mean photos or racy texts—perhaps far more damaging is the reveal of social security numbers, credit card credentials, and other secure information.
Attackers are targeting new victims
Small businesses and educational institutions
As we mentioned above, the threat of ransomware is growing fast, and 2020 was a landmark year. You might think ransomware attackers would only attack large companies since they tend to have more cash, but you’d be surprised—a cluster of attacks in the spring and summer of 2020 targeted universities and other educational institutions. This might be because these institutions are less likely to have their cybersecurity ducks in a row.
If that sounds like your business, having a robust cybersecurity posture is one of the best protections you can have against ransomware. Ensure you have full visibility over your environment and have the resources necessary to combat attackers.
Hundreds of Fortune 1000 organizations trust ReliaQuest GreyMatter to operationalize security investments to focus teams on the right problems, close visibility and capability gaps to proactively manage ransomware and other risk and accelerate initiatives for the business. Get in touch with us today for more information.