Digital hijacking: how ransomware is spreading across the web
Ransomware. For many, the simple act of reading this word can send shivers down one's spine — and no wonder. This type of malware is becoming the main threat to cybersecurity, causing what some also call digital hijacking. We're talking about malicious scripts that infect computers, encrypt all their files, and then demand the payment of a ransom (almost always in cryptocurrencies, which are more difficult to trace) to restore them. Of course, payment is not always a guarantee that the decryption key will be provided.
The first ransomware to make the headlines was WannaCry, which infected more than 230,000 systems around the globe in May, 2017. In addition to multinationals in the most diverse segments (telecommunications operators, car manufacturers, banks, hospitals, etc.), the attack also paralyzed the operations of government agencies, such as the National Health Institute of Colombia, the National Health Service of the United Kingdom, and the Court of Justice of São Paulo. The spread was only controlled thanks to the action of an ethical hacker who found a switch inside the cyber threat code.
Since then, digital hijackings have only increased. Several strains of ransomware have been created and distributed over the Internet — a priori, the main victims are end-users. However, over the past two years, organized cybercriminal gangs have realized that they can make a lot more money if they design attacks that target companies, as they cannot remain inoperative and can afford to pay larger ransoms. Regardless of size or segment, if you own a business, you are a potential target for digital hijacking.
Increasingly elaborate
Organized cybercrime has evolved so much that we now have ransomware-as-a-service (or RaaS). We're talking about entire platforms created by criminals which are licensed to independent gangs as “weapons” in independent attack campaigns. The operators, obviously, need to share some of their “profits” with the RaaS administrators. Today, the most well-known — and dangerous — group is REvil, which has already affected several Brazilian companies. In their most recent attack, the group demanded a ransom of $70 million.
As we said earlier, extensive research has shown that paying the cybercriminals isn't the best of ideas. Most of the time, the victim does not receive the decryption key and does not regain access to their files. There have also been cases that, after an initial payment is made, the gang returns to extort the victim for an additional amount. This happens mainly when the affected machines are part of critical infrastructures (such as hospitals, factories, industries, and other links in the supply chain) since these environments cannot afford to interrupt their activities.
It is also worth remembering that by paying a ransom, we are encouraging crime and showing the scammers that their activities are profitable. Because of this, in some countries, laws and regulations have been enacted that prohibit companies from making ransom payments — after all, for the authorities, by doing so, the company would be collaborating with organized crime, financing their malicious work, and not comply with their country's national security measures. In Brazil, however, this issue is yet to be discussed.
Software is good… But what about the human factor?
Being a victim of ransomware is challenging. Ideally, you should have a plan in place in case you get infected — which includes tools to prevent the threat from spreading to other machines on the network and to quickly recover systems with a suitable backup solution. However, information security awareness also plays a very important role: after all, most of these threats come disguised as malicious attachments in phishing emails in a wide variety of formats. Make sure your employees know how to identify such threats and help them become the main line of defense against digital hijackings!