Our lives are so thoroughly intertwined with technology, and we take the elaborate systems we use for granted to such a degree, that we don’t necessarily comprehend the scope of what ransomware attacks can truly do. What chaos they can unleash.
As quickly as computers gained a foothold in our day-to-day lives, the concept of ransomware followed closely on its heels with the first attack coming way back in 1989 targeting the World Health Organization.
The demanding then? A now humble $189 to unlock the system.
The evolution since has been truly breathtaking, culminating in the recent Colonial Pipeline attack and the eye-popping $5 million they paid out to get their operation back up and running.
It may sound alarmist, but those alarm bells really should be ringing for businesses big and small alike because this problem is only going to get more serious as we go.
Ransomware Is Everywhere in The News, What Is It?
With “ransom” right in the name, you likely already have a general idea of how serious it isand also a working definition in mind that’s fairly close to the mark but let’s make it crystal clear.
According to the government’s Cybersecurity & Infrastructure Security Agency, ransomware is defined as:
“an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”
As computing power, the web and technology have increased in complexity over the previous decades and as we’ve simultaneously grown infinitely more reliant on those very networks for everything from our food to our fuel, bad actors have grown more sophisticated in lockstep. Looking to leverage a lockout for ever-increasing payouts and damages.
Just in recent months, aside from the pipeline, these major and large-scale attacks have happened:
- March – Molson Coors – a suspected ransomware attack “caused and may continue to cause a delay or disruption to parts of the Company’s business”.
- April – Bakker Logistek – ransomware disrupted the food supply chain of the Netherlands with their largest supermarket chain being affected with dips in supply.
- May – Ireland’s Health Services – a significant attack “affecting all national and local systems involved in all core services” according to the BBC.
How Does Ransomware Affect Me?
Circling back to the Colonial Pipeline incident and dissecting it more in-depth, beyond the $5 million they paid, to answer the question of how it can affect you.
Consider this, “Colonial delivers 45% of the fuel consumed on the East Coast”, as USA Today pointed out.
2.5 million barrels of petroleum per day.
Adding, “it’s the largest oil products pipeline in the United States”.
Which led directly to panic buying, a run on gas that created shortages in some places and served to increase prices for the everyday consumer.
Blackfog, a leader in ransomware prevention, points out that in 2020 the top 5 industries most often targeted by this type of malware are the ones we rely on most:
And lest you think this is only a problem for massive organizations, whose consequences only graze you in passing, ransomware affects businesses of all sizes with 46% of small businesses being targeted according to The Guardian.
Chillingly, “73% were forced to pay a ransom”.
How Does Ransomware Work?
For ransomware to accomplish anything though, it must first gain access to your computer and/or network.
Most commonly this is done via something called phishing, or malicious emails. These innocent-looking emails will pop up in your inbox and contain either a download attachment or a link to a scam site. If the phish fools you and you download the file and open it, the deal is basically done.
Other means of entry forgo the trickery altogether and go straight for exploiting weaknesses in servers or networks to gain access.
Once in your system, the ransomware will start to encrypt files to hamstring your computer.
By the time you notice it, it’s too late.
Depending on the goals, any number of things can happen; sensitive information has been locked or stolen, your operations have been significantly disrupted, dominos have started to fall down the line of your supply chain, the reputation of your company is taken through the mud and more.
The final piece of the puzzle at this point is the ransom itself; what it will take to regain control of your entire system…and whether you’re willing to pay it.
How to Prevent Against Ransomware
Unfortunately, the risk of ransomware is ever-present. Fortunately, there are plenty of proactive steps you can take to protect yourself or your company from an attack.
- Ensure your antivirus software and operating system are up to date
- Get specific software to protect against a ransomware attack
- Don’t click on unknown or unsafe links in emails or messages
- Don’t open suspicious email attachments
- Download only from trusted sources
- Understand your entire network
- Scan your emails and learn to recognize suspicious content
- Develop a plan for how you would respond to an attack
- Backup important files
- Avoid using unknown flash drives/USB sticks
While it may not be feasible to be 100% safe from ransomware, it is very much possible to be smarter and more vigilant about how you go about life in the digital world.