Ransomware has plagued its victims for decades, starting as early as 1989 with the first documented ransomware known as the “AIDS Trojan.” The use of ransomware scams has grown internationally ever since as Internet and email has been deeply embedded in our way of life. Traditionally, ransomware has been defined as a bad actor (a person or organization that does not have any technical skill sets) or hacker using malware to encrypt files on a victim’s computers. The victim would pay the extortionists a ransom to decrypt their files.
Ransomware has evolved significantly in recent years. While this classic type of attack still occurs, the standard enterprise ransomware attack now involves “double extortion” techniques, where a cybercriminal will both encrypt and exfiltrate (steal) data. If a victim refuses to pay the ransom – having backups to restore their systems – the attacker can threaten to leak the data to the public, should the victim not pay the ransom demand.
Double extortion techniques have become the norm in enterprise-level ransomware attacks, but they are by no means the only avenue threat actors use to extort money from their victims. One emerging trend involves stealing data without actually encrypting any of the victim’s files. This is sometimes referred to as “extortionware.” The underlying idea is if someone encrypts your data, you’re just going to recover from known, good backups. Instead, the bad threat actors will simply steal as much data as possible and then use that as ransom. Weaponizing sensitive information/data can be a powerful tool to get victims to pay ransom demands, whether combined with encryption or not. Industries that deal with sensitive or high value data like healthcare, banking and finance, and education are typical targets for this type of ransomware. For example, a Finnish psychotherapy practice experienced a theft of patient records in 2018 that later resulted in patients being extorted directly.
In other cases, encryption may be the most effective weapon to get a ransom payment. As an example, industrial settings utilizing internet-connected operational technology (IoT devices) and industrial control systems (ICS) can often fall prey to ransomware attacks. These types of attacks are particularly devastating because the nature of industrial and critical settings means work may come to a halt or critical services may be disrupted, impacting production, timelines and even safety. This occurred recently in May of 2021 with the attack on the Colonial Pipeline: Colonial Pipeline Hack Explained: Everything You Need to Know.
We are now also beginning to see “triple extortion” techniques emerge. In these attacks, cybercriminals encrypt data, steal data, and also threaten distributed denial-of-service (DDoS) attacks against the victim organization. These DDoS attacks are designed to flood a target server with traffic until it crashes, rendering a website or network useless. This results in revenue losses and damage to the company’s reputation.
The key to ending ransomware attacks is prevention. Often, there is detectable suspicious activity prior to a loss of data or a cybercriminal reaching out for ransom. Having updated security and malware detection software can provide valuable visibility into your IT ecosystem before your data is put at risk. At Computer Solutions, we can help you audit your security protocols and assess your threat landscape. Contact us today to protect your organization from cybercrime.
