Strzałka w lewo
Strzałka w lewo

What are ransomware attacks?

14.02.2022
Data security

Data stored on media is usually the files that are important to us, and those that are especially important are on the disks of companies. These are scans of contracts, information on orders, production, employment and much more. In theory, it is obvious that we should systematically create backups, but practice shows that many companies skip this important step. Meanwhile, a ransomware attack can happen to them, crippling their business. What should you know about this threat?

What is a ransomware attack based on?

Ransomware is malicious software that forces payment of a ransom. As a result of such an attack, a blockade is imposed on access to system or other files, which will be lifted when a certain amount of money is credited to the criminals’ account. Such attacks can take various forms. We distinguish:

  • Screen-locker attack – there is a locking of the screen and thus the ability to perform any operations. The person using the equipment displays a window with information on what he must do if he wants to remove the lock. Dealing with such an attack is relatively easy – you can find instructions on the web on what to do depending on what has happened.
  • Crypto-ransomware attack – in this case, software is used that encrypts the files on the disk. What’s more – the attack can even affect data located in the cloud. Criminals expect a fee for the decryption key – usually for up to $1,000.
  • Disk-encryptor attack – in this case, the malware leads to the encryption of the victim’s entire disk. Thus, if it happens to you, you won’t even have access to the operating system. Most often such attacks target large companies.

A technique used by criminals to increase their effectiveness is to display messages on victims’ computers that the device has been blocked by law enforcement due to illegal software. Of course, the blocking will be removed once the indicated amount is paid.

How does a ransomware attack work?

Such an attack occurs on a similar basis to other infections. A common cause is receiving an email that contains malware. All it takes is opening the file for the disk encryption to begin.

Another common cause is the use of illegally sourced software. An Internet user is tempted and downloads an expensive application free of charge. However, it turns out that the file contains an infection. This can also happen if one visits a site that contains malware. Another reason could be the use of a program that has not been updated for a long time, in which critical bugs have been detected.

The malware that causes such an attack can also spread through public Wi-Fi networks.

Ransomware – when did it start?

The first attacks of this type occurred long ago, in the 1980s. Here are popular viruses and the consequences that were associated with infecting a computer with this software:

  • PC Cyborg – the virus demanded payment of $189 by snail mail. The criminals called it a license renewal fee.
  • WinLock – this virus blocked the user from accessing the device. It expected a payment to be made by sending a paid SMS message.
  • Reveton – this software impersonated law enforcement agencies, such as the FBI. The criminals required payment of up to $3,000 to unlock the device.
  • CryptoLocker – this program appeared in 2013. It was very effective – unlocking files without using a decryption key was impossible.

Biggest ransomware attacks

The scale of such attacks is enormous, and the financial consequences of these incidents are severe. Let’s take a look at what some of the largest such attacks in history have led to.

  • WannaCry – the consequence of a ransomware attack using this malware was, among other things, the blocking of hospitals in Ukraine. In a few days, the virus infected 250,000 devices.

Source: https://swisscyberinstitute.com/blog/5-biggest-ransomware-attacks-in-history/

  • TeslaCrypt – in 2016, this malware was responsible for as much as 48 percent of ransomware attacks. Interestingly – the infection was very difficult to defeat without the password obtained from the cybercriminals. In the end, however, they decided to publicly share the key that decrypts the files.

Source: https://swisscyberinstitute.com/blog/5-biggest-ransomware-attacks-in-history/

  • NotPetya – this malware appeared in 2016. It caused damage estimated at more than $10 million. It spread rapidly, the infection affected the devices of banks and many institutions.

Biggest ransomware attacks in 2021

Such attacks continue to be very common and affect corporations that theoretically have developed IT security departments. Here are some cases of the biggest ransomware attacks that occurred in 2021:

  • Kia Motors – as part of the attack, DoppelPaymer demanded payment of 404 bitcoin, which at the time was worth $20 million. Those responsible for the attack threatened to publish Kia Motors’ carrier data online if it was not paid on time.
  • Acer – The cost of a software attack called REvil was valued at $50 billion. Those responsible for the incident made available online, among other things, spreadsheets that allegedly presented the company’s finances.
  • Washington DC Police Department – the Babuk Group was responsible for the attack. The criminals locked the files and expected $4 billion to unlock them.

How to respond to a ransomware attack?

If it has hit your device, first of all, don’t break your hands and pay to unlock it. This may just be an incentive for criminals to do more. For many such attacks, such as HiddenTear, Jigsaw, Legion, NoobCrypt, Stampado, SZFLocker or TeslaCrypt, for example, you can download free decryption programs from the web and deal with the problem without expert help. However, remember to use such files only from verified sources. Pay attention to where you download them from.

Nowadays, security issues should be central to any organization. A firewall is an essential piece of network security and protection that should be at the front of every corporate infrastructure. It protects your infrastructure from simple external attacks, viruses contained in emails and websites as well as malware like malware. At ITH, as part of our Naas – Network as a Service or Network as a Service package, we offer access to state-of-the-art Fortigate firewalls, which we deliver for you along with full 24×7 service and support. This is an offer that will keep your business safe!

This may interest you

Protect your files - everything you need to know about data backup

23.12.2024
Hosting
In today’s digitized world, we store most of our information digitally – on computers, smartphones or in the cloud....

How to verify an unknown phone number and avoid spam?

16.12.2024
Security
Each of us has at least once encountered a situation where an unknown phone number has caused doubt –...

Sideloading - how to install applications safely

09.12.2024
Internet
Every day we use mobile apps, which we most often download from official sources such as Google Play or...
View more posts