Understanding the Anatomy of a Ransomware Attack
A type of malicious software designed to block access to a computer system until a sum of money is paid.
“Although ransomware is usually aimed at individuals, it’s only a matter of time before business is targeted, as well.” (Google)
Americans paid $325 million in ransomware in 2015 and attacks are on the rise. In 2015, ransomware was detected on 753,684 computers, 179,209 of those targeted by encrypted ransomware like cryptolocker. Ransomware is one of the biggest threats to businesses in 2016 and cyber criminals are attacking companies of ALL sizes.
In order to help you better understand what ransomware means for the security of your business, here is the anatomy of a ransomware attack, how it has evolved through the years to become even more threatening, and what to do if you get infected.
Anatomy of a Ransomware Attack at a glance:
1996: Concept was conceived
2013: The first cryptolocker was launched, mostly targeting Windows systems. $27,000,000 was earned within 2 months before that effort was shut down.
2014: 1st version of Android cryptolocker was launched
2015: Cryptolocker grows rapidly in their prevalence
- 17% of all infections were on Android
- Americans paid $325 million in ransom
- Detected on 753,684 computers
- 179,209 targeted by encrypted ransomware, a 24% increase from 2013
- 32% of computers were attacked by at least one Web attack (According to Kaspersky)
There were more than 10 new ransomware families introduced in 2015 alone – including the emergence of new families of ransomware, such as CrytoWall v2 and V3, TorrentLocker, CTB-Locker, and Teslacrypt.
Now, in 2016, recent enhancements have made attackers even harder to find and catch, as well as making the attacks themselves more damaging.
- Attacks are more anonymous than ever, through the use of Bit Coin and the use of Tor network or the I2P (Invisible) network
- Mobile devices (Android) are the focus of several new attacks
- Mass storage devices and attached storage are also being targeted, impacting more data than ever before
Roughly 25% of all ransomware attacks are against U.S. companies. This includes smaller organizations where a) data is critical, b) system availability is critical and 3) security defenses are low. That means service organizations like medical, financial, technology, legal, insurance, sales organizations, etc. are easier targets, draw less media attention when breached, have valuable data and value system up-time, and can also be a gateway to large enterprise partners. Larger organizations are also targeted, where leverage is high.
So, what exactly happens when a company gets attacked?
- The malware bypasses security and is installed on one of your company computers.
- The #1 attack vector today is targeted phishing email based links and file attachments (often Spear Phishing). Attachments may use .zip files, and a multitude of other innocuous files, such as .scr (screen saver files). Zero Day malware delivered via attachments, browser vulnerabilities, office applications, pdfs, Java, and Flash. Your web browser is another point of infection, through normal browsing on infected websites and through infected ads.
- The malware contacts remote command and control center (C&C).
- Additional malware is installed.
- Encryption keys are provided from C&C center.
- Your files are encrypted.
- Your system is locked.
- Extortion demands are made.
If you’re infected…
One study shows that 50% of those who are infected pay the ransom. These days, ransomware is so effective that even the FBI gave this official statement: “The ransomware is that good… To be honest, we often advise people just to pay the ransom”.
You don’t have to pay the ransom, though, if you don’t get breached. eSecurity Solutions protects businesses from a ransomware attacks through advanced security prevention, monitoring and management solutions. Contact us to get a Security Assessment and to discover your current risk level.