Ransomware attacks have cost individuals and businesses millions of dollars over the past five years, so it’s essential for tech leaders to know what they’re up against and how to combat the threat. This ebook offers an overview of how ransomware works, its many variants, and steps organizations can take to protect themselves.
From the ebook:
Ransomware is a type of malware attack characterized by holding device control—and therefore locally stored data—for a ransom, which victims typically pay in Bitcoin or with other virtual currencies, though premium SMS messaging and prepaid credit cards are also frequently used by attackers. Sophisticated ransomware attacks employ disk or file-level encryption, making it impossible to recover files without paying the ransom demanded by the hackers.
Historically, ransomware has invoked the image of law enforcement organizations to coerce victims into paying. These messages often display warnings with the FBI logo and a message indicating that illegal file sharing was detected on the system, prompting users to pay a fine or risk criminal prosecution. As ransomware attacks have grown into the public consciousness, attackers have taken to crafting payloads that clearly indicate that a device has simply been hacked and that victims must pay the hackers to return access.
Other attacks, such as the WhiteRose ransomware, display mystifying and scarcely grammatical messages to unsuspecting victims about nothing in particular, describing such idyllic settings such as a hacker “sitting on a wooden chair next to a bush tree” with “a readable book” by William Faulkner, in a garden in a remote location.
Ransomware attacks are often propagated through file-sharing networks and are also being distributed as part of a malvertising campaign on the Zedo ad network, as well as through phishing emails that disguise the payload as maliciously crafted images or as executables attached to emails. WannaCry, perhaps the most well-known single ransomware attack, uses a flaw in Microsoft’s SMB protocol, leaving any unpatched, internet-connected computer vulnerable to infection. Other attacks leverage unsecured Remote Desktop services, scanning the internet for vulnerable systems.