ransomware

/ˈrans(ə)mwɛː/

a type of malicious software aimed to hinder access to a computer system until a sum of money is paid.

In a ransomware attack, victims receive an unsuspicious email attached with a malware. Upon opening the email(which might contain a URL or an attachment like an invoice, but actually contains the malicious ransomware code), their computers are infected with malicious software.

Organizations  and users are mostly not aware that they’ve been infected until they can no longer access their information or until they start seeing messages  on their systems advising them of the attack and demanding claims for a ransom payment in exchange for a decryption key. These messages include detailed directions on how to pay the ransom. Payment is usually done with bitcoins as it provides virtual anonymity.

There are two kinds of ransomware in circulation as of now:

  1. Encrypting ransomware
    It integrates advanced encryption algorithms. It is designed to stop system files and display messages for ransom and later to provide the victim with the key that can decrypt the encrypted content.
    Example: Locky, CryptoLocker, CrytpoWall

  2. Locker ransomware
    It locks the victim out of the OS, making it impractical to access any apps or files. In this case, the files aren’t encrypted, but the criminals still beseech a ransom to unlock the infected system.
    Example: Police-themed ransomware, Winlocker

Ransomware attacks are not only slowly expanding, but they are becoming more sophisticated with time. Cyber criminals have turned to spear phishing emails targeting selective individuals as systems got better at filtering out spam.

Quick Peek Into The History Of Ransomwares

27 years ago(1989), the first ransomware in history emerged called the AIDS Trojan. It spread via floppy disks, and resulted in delivering $189 to a P.O. box in Panama to pay the ransom.

Ransomware surfaced as the go-to malware to fuel the money-making machine, cyber attackers shifted from cyber vandalism to cybercrime as a business affair. The evolution of encryption algorithm and onset of Bitcoin ripened the development of ransomware.

Image SourceCERT-RO
This graph portrays the types of encrypting malwares discovered in past 10 years, and trend ever growing.

Latest Ransomware Attack On Online Business

 

Magento Commerce provides its eCommerce services to 53 e-retailers according to the newly released Internet Retailer 2016 Top 500 Guide. Online forums show the first ransom attack of 2016, in early February.

The cyber attack encrypted data on the retailer’s server with an extension called .kimcilware. Cyber criminals inserted a file that curbed access and sent out the Magento user a demand for bitcoin currency to decrypt the file. The messages read–

Magento then issued patches for Magento Commerce and eradicated the extension as a precautionary measure to defend CMS malware. The eCommerce service provider believes that the attack was not specific to its software but maybe to a more general ‘server vulnerability’. The company later urged its customers to apply all new available software patches for the version of Magento they were running on.
Why are online businesses targeted?

It only takes one person clicking on the incorrect thing, and the entire system goes for a toss. Typically, small or medium sized businesses often do not backup their data, and do not engage in rigorous cyber hygiene training. One of the major reasons is the lack of dedicated IT staff members to supervise security. It’s not that small businesses cannot afford investing in security to detect and avoid intrusion, but they are, to a large extent, oblivious to the security risks involved.

Often times, when organizations do get attacked by ransomware, they readily pay the ransom, especially small businesses, when the exhorted amount is not too large and also because small companies often cannot afford to forfeit access to their information, files or IT systems. Also, they typically can not afford losing time in  recovering or recreating their lost resources. To get rid of the problem, paying is the easiest solution available to them. Although this also leads to them being branded as a ‘paying customer’ subsequently encouragers to make more attacks.

What will come next?

We cannot guess what ransomware will look like in the future, but it is evident that over the years,  attacks have become more planned and targeted, and require minor infrastructure to be deployed. Ransomware-as-a-service is a thing you can buy now, where you can have live chat support to receive payment!

How can you shield yourself from ransomware attacks?

In an ideal world, each online business would grow not just a business plan, but also a data strategy. They should have a thorough understanding of all the information they have, where it is stored how they can access it, as well who can access it. It is highly beneficial to adopt a secure software for threat intrusion, detection and prevention. Also backing up software is critical, so that you can preserve data even after a cyber attack.

In an event of a cyber attack, like ransomware attacks, online businesses must contact their IT vendors and have them isolate systems, take them offline, wipe the systems, and execute restorations.

Whether an online business chooses cloud-based  or physical data backups depends on the measure of data an organization utilizes, and how frequently the business needs to backup its data. Either way, it is recommended to have multiple copies of data in multiple sites.

Online businesses are the nerve-endings of the economy, and becoming cyber-empowered is crucial to understanding the solutions available and using them to protecting themselves from cyber attacks.