High profile victims of recent ransomware attacks include companies you’ve probably heard of. Carnival Cruise Lines and Cognizant Corporation found themselves caught on the business end of costly ransomware attacks as recently as this week, strangling themselves of capital at the worst possible time. For Carnival, the world’s biggest operator of perhaps the industry most affected by the global pandemic, the extent of the financial damage is unknown at the time of this writing; Cognizant estimates damages between $50 million and $70 million USD.
At a time when Cognizant is struggling to contain costs and Carnival is seeking remediation from its considerable debt load, unnecessary losses to preventable accidents are particularly unacceptable. If multibillion-dollar companies can be vulnerable to ransomware, so can yours. But first off, what is ransomware?
How Ransomware Works
You may have had a virus that prevented your computer from booting, or deleted files, or loaded your browser with annoying pop-up ads. In these cases, there’s not much in it for the author of the virus—the damage has been done, but the author didn’t make any money from destroying your hard drive. If a run-of-the-mill virus can be compared to an act of vandalism, ransomware can be compared to theft and extortion.
Ransomware is a type of virus that literally holds your data for ransom. Once a computer is infected by a ransomware attack, it begins to encrypt the contents of its hard drive using an unbreakable key, and infects the computer with an inescapable boot splash screen that informs the user that their data is being held for ransom. A computer locked up this way is completely unusable except to facilitate the payment to the hacker. Payment instructions are provided to the likely panicked user, with the promise that the key to unencrypt the hard drive will be provided upon payment.
One computer being locked down on your network is bad enough. But enterprising ransomware authors have discovered ways to add additional viruses to the package, enabling the software to steal passwords and spread the ransomware and virus package further down your network. Your entire business could be at risk faster than you think—the NotPetya virus/ransomware combination took a mere 7 minutes to irreversibly execute, costing the company between $250 and $300 million USD by the time the mess was sorted out.
Now More Than Ever
Ransomware has existed in some form or another since 1989, when the first recorded ransom attack occurred and was subsequently prosecuted. Before the advent of digital currency such as Bitcoin, ransomware authors were able to extract payments via a number of back-channel methods such as premium-pay text messages and anonymous cash transfers.
However, the relative anonymity afforded by digital currency has made modern ransomware attacks a more attractive prospect for criminals. Payment processors and premium text messages involve third parties, which means more middlemen taking a cut of the profits, and more risk for attracting the attention of law enforcement. Cryptocurrency removes the need for these extra complications, with some currencies such as Monero offering completely anonymous and instantaneous transfers.
Secondly, businesses are just more online and more dependent upon computers and the internet than they’ve ever been before. Connectivity has never been as important as it is now. More systems and businesses to target means more money is at stake—including yours.
Preventing Ransomware From Attacking Your Business
Fortunately, you can take steps to protect your business from ransomware. To begin with, most ransomware incidents stem from a user downloading an infected email and launching an installation program attached to the email. Sometimes these installation files are disguised as other types of files—documents, compressed files, etc.—and the user may not be aware that he or she is actually opening a virus. One type of ransomware actually hides itself within a genuine PDF file, providing another way for the ransomware virus to install itself onto your system.
You can help prevent this in several ways. First, your employees should exhibit safe email handling practices. These practices include verifying the sender and looking over the entire email before opening any attachments. You may have received an email from ‘Paypal’ or ‘Netflix’, but hovering your mouse over the address might reveal a completely different and obviously fake-looking address, such as email@example.com.
Secondly, you should certainly have a powerful email-scanning system evaluating each of your incoming emails for likely spam content or malicious attachments. A good email scanning system will block nearly all malicious attachments before your employees even have to look at them. Additionally, a policy to prevent users from executing unknown files will help narrow your company’s window of vulnerability even further. Finally, maintaining backups of essential systems can provide a recovery point in case everything else fails.
You can never be too prepared when it comes to protecting your business. Ransomware isn’t just another virus—it can cripple or destroy even the largest corporations in the world. Keep your network safe from ransomware by implementing good IT practices. Your business will thank you for it!