Beware the Many Faces and Tactics of Ransomware Attacks

Beware the Many Faces and Tactics of Ransomware Attacks

The IRS recently issued yet another warning about yet another scheme targeting taxpayers. Hackers send emails that appear to be official notifications from the FBI and urge users to click a link and download a questionnaire related to tax law changes and compliance. Of course, there is no questionnaire. The link downloads ransomware to the user’s computer.

The new Paradise ransomware, which uses RSA encryption to hold files ransom, is distributed through Ransomware-as-a-Service. Yes, ransomware is now available as-a-Service from cybercriminals who create the malware, operate a central control server and make it available for a cut of ransom payments.

Many ransomware attacks are very sophisticated and target specific users, such as finance departments, senior executives or third-party vendors with valid network credentials. However, some hackers launch mass attacks, using emails with just a few words and a link. This seems like an obvious red flag, but even if a small percentage of recipients clicks the bogus link, the hacker enjoys a major payday. One such attack involving Locky ransomware recently sent 23 million infected emails in 24 hours.

Most people assume ransomware attacks only target careless end-users. But hackers are now going after data centers, moving laterally across networks to maximize damage. A South Korean hosting firm’s Linux servers were recently infected with ransomware, which took down thousands of customer websites. Many were not recovered, even after the company paid a ransom of $1 million.

Ransomware is malware that prevents users from accessing their data unless a ransom is paid, typically via Bitcoin, which is anonymous. Hackers often use notifications claiming files have been encrypted or moved to a secure location due to a security issue. Some even offer to restore a few files for free to earn the user’s trust. Others intimidate and threaten victims, using countdown clocks to pressure users into paying a ransom before files are permanently deleted.

We’re talking about cybercriminals here, and there’s no guarantee that access to data will be restored. That’s why the FBI recommends against paying the ransom, which will only embolden the hacker to carry out more attacks. But when critical data and systems are unavailable, and the operations grind to a halt, desperation sets in, and ransoms are often paid.

An FBI report found ransomware attacks cost victims $209 million in the first quarter of 2016, an increase of more than 800 percent from the previous year. Datto, a data protection and business continuity solutions provider, estimates the true cost of ransomware is in the neighborhood of $75 billion per year. Datto research found that the average cost to a small business of an hour of inactivity resulting from inaccessible data is $8,581.

The best defense against ransomware is to proactively protect and back up your data. Datto SIRIS integrates data backup, recovery and business continuity in a single platform. It automatically protects physical, virtual and cloud environments with backups on a local device and in the Datto Cloud, and allows you to recover data quickly from multiple points in time. Datto Backupify is a cloud-to-cloud backup service that protects data and ensures accessibility even if ransomware damages data in cloud-based applications. Datto Drive is a file-sync-and-share solution that allows you to automatically back up and recover files on demand and revert to a backup created before a ransomware attack.

The Datto survey found that more than nine in 10 respondents had suffered ransomware attacks in the past year. Assume an attack will happen and plan accordingly. Let us show you how Datto data protection and backup solutions reduce risk and minimize business disruption.


Just released our free eBook, 20 Signs That Your Business is Ready for Managed ServicesDownload
+