The continual evolution of malware has come to a point that the threat has seen the development of perhaps one of the most profitable methods of hacking for cybercriminals: Ransomware.
So, what does Ransomware actually do?
Just like its name suggests, ransomware is a type of malware that puts a user’s computer into a state of ‘lock down,’ effectively holding the computer at ransom. Ransomware attacks are commonly transferred through email phishing; specifically, by creating a fake duplicate website, tricking unsuspecting users into typing personal or login information such as IDs and passwords into it. Other methods of infection can include simply using an infected USB stick.
An infected network blocks regular access to the system, further encrypting all the data within. The cyber criminals responsible then ‘ransom’ the key to unlock the data to their victims. These individuals demand their victims to pay a hefty ransom to in order to regain access to their data.
There are many kinds of ransomware currently in circulation. For example, Ryuk Ransomware can disable a windows’ system restore option, thereby making it impossible to restore any encrypted files without a backup. Many organizations in the US have recently been the targets of this specific type of Ransomware. In an August 2018 report, the estimated ransom raised from such attacks exceeded $640,000.
Ryuk Ransomware: A Uniquely Dangerous Example
The ‘Ryuk ransomware’ is currently becoming an overarching threat to the world of business as a whole. As cited from ComputerWeekly.com, Ryuk ransomware had affected several newspapers/news agencies in the U.S. last year. These include the San Diego Union-Tribune, The Wall Street Journal, Los Angeles Times, The New York Times, and the Tribune Publishing Company. These outlets faced severe printing and delivery issues because of these ransomware attacks.
Also, The Chicago Tribune had reported that its print edition was published without any paid classified ads due to the attack, though no customer or financial information was leaked.
Officials of the U.S. Coast Guard (USCG) recently disclosed a Ryuk ransomware infection that had taken down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) facility for more than 30 hours. According to USCG officials, the ransomware had interrupted security cameras and any physical access to control systems. A malicious email sent to an employee was the entry point for the infection.
The ransomware had corrupted files on the enterprise’s IT network, subsequently encrypting them. This prevented the facility’s access to critical files. The attack had also interrupted Industrial control systems used in monitoring and controlling cargo transfer operations.
Ransomware Attacks and Government Institutions
Ransomware attacks pose a unique threat to government entities. The threat had affected 70 institutions this year alone. The Barracuda Networks, an IT security company, found that two-thirds of US 2019 attacks affected government organizations. For example, the city of Atlanta had to pay a $52,000 ransom to cyber criminals. Although refusing, they spent a larger sum of $2,6 million in order to restore its systems.
Atlanta choosing to deal with the ransomware threat in this way is the standard example response in handling ransomware attacks. It is an important case study. Experts warn that such incidents will continue to grow throughout the 2020 period. Indeed, It is only when society as a whole ceases in legitimizing such malware ransoms as a source of income for cybercriminals, that hopefully this malicious trend will lose its popularity.
Services offered by Logique Digital Indonesia
To improve your company’s website security and application systems, Logique Digital Indonesia is offering penetration testing services. We have an IT security team to help ensure that your website and applications don’t have security holes. Please contact us in order to improve your application or website’s cybersecurity.