How ransomware changed the face of cybersecurity

In a popularity contest for cyberattacks, Ransomware would definitely win and its (bad) reputation among the general public is well deserved. Ransomware is probably the type of attack that had the most significant influence on the cybersecurity industry in the last 10 years. Here is why.

The Prevalence

Compared to other classes of attacks – like common malware, brute force attacks, and many others – ransomware, as we know it today, is a rather new type of attack. Although early forms exist since 1989 (AIDS Trojan), ransomware really took off after 2010. CryptoLocker, in 2013, is one of the early ransomware “stars”.

You may wonder: Why is it so successful? Are the affected devices unprotected? Most of them have at least a form of protection. So, why did the endpoint security solutions (aka Antiviruses) fail to defend the devices? Ransomware was, and o some extend still is, difficult to identify. Attackers used over time ransomware components in conjunction with other threat vectors, like phishing or worm behaviors, to affect a wide variety of victims, from large groups of victims worldwide (WannaCry) to very specific industries and geographies (NotPetya).

The Psychology

Leaving the tangible economic damages aside, Ransomware has a particularity: a special psychological impact on people. While other classes of attacks can have more costly consequences, there is something unique about having the computer that you own or operate, encrypted and locked in front of your own eyes. It is a form of terrorism.

The fear of losing access to your lifetime digital photos, for example, is something that everyone can relate to. In the last 10 years, the people and businesses that desperately asked me for help almost exclusively were victims of ransomware attacks. And in most cases, there was nothing to be done, except for paying the ransom. But, unfortunately, paying the ransom doesn’t guarantee the recovery of data.

The Long Tail

Ransomware affected cybersecurity but had an impact on other industries too. One of the big issues when asking for a ransom is how to get paid and get away with it. Bank transfers are complicated and traceable while cash payments are risky and impractical. The answer to the problem has a very well-known name: Bitcoin. The transactions with cryptocurrencies, unregulated and far more difficult to trace, are a key enabler for the global ransomware’s “success”. On the other hand, ransomware also contributed to the rise of Bitcoin, by generating demand. While cryptocurrencies gain popularity due to many legit use-cases, the need for untraceable money transfers, generated by illegal activities, pushed the crypto market to higher valuations.

What to do?

Chances are, with all the efforts from law enforcement agencies and security solutions providers, ransomware will be with us for the years to come. So, how can you, individual or organization, avoid becoming a victim? There is no simple answer to the question, but there are proven strategies to reduce the risk of being infected with ransomware and, in case you do, limit the damages.

First, and I cannot emphasize this enough, do yourself a favor and backup your data! And do that regularly. Backups enable you to restore the data encrypted by ransomware but are also great from many other perspectives: hardware failures, lost or stolen devices, and even accidental deletion or unintentional modification of data.

Second, mind the clicks! We are flooded with emails and that lowers our alertness. But educate yourself, your loved ones, or your employees to think before clicking links. User awareness is one of the key tactics against all sorts of cyber threats, not only ransomware.

Third, use a good prevention-based endpoint security solution! There is a lot of hype around threat detection and incident response these days. But ransomware is a class of fast evolving attacks that leaves little time to react. Your automated security solution will be the second line of defense (second to user awareness)

If you are looking for a comprehensive approach to dealing with ransomware infections risk, here are some good starting points: The Mitigating malware and ransomware attacks guide from UK’s NCSC and the Stop Ransomware resources from CISA.