Ransomware is a type of malware scammers use to target victims’ devices by threatening to delete or publish their data until a ransom is paid.
You might have heard about the Bad Rabbit, WannaCry, and GrandCrab cyberattacks. We’ll go into more detail about them later but all of these hacks can be called ransomware, one of the most dangerous online threats facing businesses and individuals today.
If you look at the latest ransomware statistics, you’ll see the risk is growing at an annual rate of 350%. But what does this mean? Why is the ransomware epidemic expanding so quickly? More importantly, how can we stay safe? Let’s delve deeper.
How does ransomware work
Let’s start with a definition. Ransomware is a form of malicious software based on a simple concept. It blocks and encrypts data by invading a computer, then preventing access to all your documents and photos. Your information stays on your device, but you can only restore access once you pay the ransom.
In most cases, cybercriminals set a specific deadline for the victim to pay up. If victims do not meet this, they then risk permanently losing access to their data. There may be other threats as well, such as the timing of when scammers are going to publish your personal data or how they plan to use it to their advantage. However, you can’t rely on the integrity of cybercriminals. After all, even timely payment doesn’t provide you with any guarantees of getting your precious files back.
Fighting off ransomware is a real challenge, costing individuals and organisations a lot of money and nerves. It is much more sensible to explore how to run a malware check to prevent an attack on your device in the first place.
How does ransomware spread
So, how do you get ransomware?
Protection technologies are evolving, and attackers have to change their tactics to get to a specific system. Targeted attacks often spread through well-crafted phishing emails.
However, recently malware developers started paying attention to remote employees. To attack them, they find poorly secured remote access services such as RDP (Remote Desktop Protocol) or VPN (Virtual Private Connection) servers with vulnerabilities. That’s why companies with employees working from home need to take extra care.
There are even ransomware-as-a-services on the darknet, providing everything one needs for a particular organization or person attack.
Attackers are looking for any weaknesses in a corporate network to penetrate it. For example, attempts to infect service provider networks have become popular with hackers. Cloud services are in high demand these days, and the infection of a popular service allows them to attack dozens or even hundreds of victims at the same time.
Once the ransomware is delivered, and web-based security management or backup consoles are compromised, attackers can take further actions. They may disable protection, delete backups, and ensure their malware is deployed throughout an organization. That’s why experts recommend carefully protecting all service accounts using 2FA (two-factor authentication).
Types of ransomware attacks
Attacks can have many forms. But there is one thing common to all of them: the demand for ransom. Read more about five of the most common types.
This is one of the newest and most insidious threats because it can go unnoticed for a long time. In 2019, 38% of all companies across the world were infected by such malware.
Hackers have several ways of accessing a PC or device. The first is to load cryptomining code through phishing-like tactics. That’s why you shouldn’t click on all the links in your emails.
The other method is to implement a script on a website or ad. It automatically executes when victims visit these pages. If you don’t have prevention software, it is impossible to avoid such attacks.
This type of program usually attacks Android-based devices. It infects an operating system, completely blocking access to any files. If you’re downloading cracked games or other illegal software, you may receive a Trojan.Downloader file with it.
The next type of ransomware is fake software. Users install this because they think it is an antivirus or cleaning tool to help them remove any problems with their devices. Instead, you get a program that locks your computer or sends pop-up messages forcing you to pay for “services”.
It blocks your data, but it doesn’t steal it. What happens then? Doxware threatens to post it on the web. So if you don't want your personal and confidential files to appear online, you need to pay the ransom.
Mobile devices’ ransomware
Since 2014, mobile devices and tablets have been attacked alongside computers. After installing malicious applications, users receive a message about their gadget being blocked.
Ransomware attack examples
Below you’ll find the most infamous ransomware attacks. Of course, it is impossible to list all the attacks within one article, so let’s look at five of them.
Locky ransomware was first used in a hacker attack in 2016. Victims receive fake emails with malicious attachments. Once they open them, they install a Trojan horse that encrypts various files used by developers, testers and designers, etc. In total, Locky is capable of encrypting over 150 different file types.
The WannaCry epidemic began in May 2017 and has infected more than 230,000 computers in 150 countries. It is believed this ransomware was developed by the National Security Agency. The vulnerability of the program allowed the hacker group The Shadow Brokers to steal it and distribute it in the public domain.
So far, the global damage from this ransomware program has reached $4 billion.
This is another notorious ransomware virus from 2017. It spreads through infected websites using the drive method. For instance, a compromised webpage redirects you to another one, which is controlled by cybercriminals. Once the target opens a legitimate website, a malware dropper is downloaded. Some victims may not even notice this until the hackers put forward their demands.
By visiting random, previously hacked pages, users unintentionally agree to the installation of a hidden virus program. In the case of the Bad Rabbit attack, it was Adobe Flash. By downloading the application, users exposed their computers to hackers.
This malware was allegedly used to target many prominent newspapers in different countries. Once it gets into a network, it quickly spreads from device to device, encrypting files with an unbreakable code. When users tried to access the data, they received a ransom note. In exchange for the decryption key, the attackers demanded users make a bitcoin deposit.
On May 7, the computer network of the Baltimore administration was attacked by a ransomware virus. An administration network of approximately 10,000 computers was infected with a relatively new and aggressive ransomware virus called RobbinHood. It attacked city archive data, the online payment system, real estate transactions, and the emails of the municipal authorities. The estimated damage cost about $18.2 million. Sounds scary, right?
Mac Ransomware Vulnerability
Can Macs get ransomware? Apple computers are considered to be reliable and safe, but are they secure from these attacks?
Surprisingly or not, Mac computers can become infected with ransomware. The good news is these situations are quite rare.
There was an infamous case in 2016 when KeRanger attacked Apple's custom systems through the Transmission application. Once the program was launched, it encrypted the files of its victims. Fortunately, neither this nor any other examples have led to serious outbreaks. However, you should take care of your computer security to ensure the safety of your data.
Ways to prevent ransomware
- Use prevention software. You need a good antivirus like MacKeeper to detect and protect your device from threats.
- Update your software regularly. New threats continue to emerge, so you need the latest cyber defense software to stay secure.
- Update your operating system. Newer versions often include fixes addressing security vulnerabilities hackers may become aware of.
- Don't open email attachments from untrusted sources. They may contain phishing spam capable of attacking your device.
- Be wary of any messages telling you to enable macros. If you are unsure about the authenticity and reliability of the source, then simply delete.
- Take care of backing up important data. It would be wise to save it using an external hard drive. It means after eliminating any infection, you can easily restore your files.
- Rely on cloud services. They reduce the risk of malware infection by retaining previous versions of your files. Also, install a tool designed for malware removal for Mac
You can also check an official Apple guide on what to do if you get ransomware.
They recommend you customize the Security & Privacy section and only allow apps downloaded from identified developers.
Should you pay ransomware?
Most cybersecurity professionals and authorities don’t recommend paying the ransomware or contacting the attackers. They’ve explained the logic here: the more people willing to engage with the scammers and hand over their money, the more motivation there is for hackers to develop new malware.
However, many users are tempted to simply pay the ransom to hackers. They set prices in the range of $700-1300 and this can seem like an affordable sum to regain control of one’s data.
But remember you are dealing with criminals who do not necessarily follow a code of ethics. Firstly, what looks like hacker software is probably just a tactic to scare you. Secondly: does paying ransomware work? You don’t know. There are no guarantees you will get your files back even if you have fulfilled all the terms of the transaction.
Thus, the surest way to avoid ransomware is to take preventive measures. MacKeeper has your back. It can check whether your computer is secure enough. If it has some weaknesses in its security system, then you’ll know about them. Don’t let scammers access your data!