In May 2017, the world looked up and took notice as an estimated 230,000 computers fell victim to the WannaCry ransomware attack. WannaCry had a particularly severe impact on the UK healthcare sector, reportedly costing the National Health Service (NHS) £92 million in disruption to services and IT upgrades. Some three years on and we continue to see cybercriminals run rampant over an increasingly digitalised world.
The Origins of Ransomware
According to Becker’s Hospital Review, the first known case of ransomware dates back to 1989, when Joseph Popp, Ph.D., an AIDS researcher distributed 20,000 floppy disks to fellow AIDS researchers worldwide. Dr. Popp had told the researchers that the floppy disk contained a questionnaire-based application that could gauge a person’s risk of contracting AIDS. What the researchers didn’t know was that Dr. Popp had infected the floppy disks with malware that would activate after their computer was turned on 90 times.
Once activated, the malware would display a ransom note on the screen demanding a sum of up to $378 for a software lease. Looking back at this attack—which made no use of cryptography—it was rather primitive. However, it laid the foundations for what we consider ransomware today.
Typical Modern-Day Ransomware
Modern-day ransomware often employs a form of crypto malware that will encrypt data on the victim’s device which can only be decrypted with a certain digital key or password. This essentially makes data irretrievable and unusable until it has been decrypted. Savvy ransomware targets will have a relatively up to date backup of their critical data, allowing them to revert back to a point in time before the ransomware attack. This essentially reduces the ransomware to a mild (but still potentially time-costly) nuisance.
However, the playing field is changing. As people and businesses have become more resilient to traditional cyber attacks, cybercriminals have become increasingly adaptive in how they develop and administer malware. A new era of ransomware is now upon us. No longer will backing up critical data safeguard victims from the crippling damages inflicted by this new approach to digital ransoms. This type of ransomware has been coined ‘Ransomware 2.0’.
What is Ransomware 2.0?
The way that ransomware 2.0 infects systems and propagates through networks hasn’t changed. Data is still encrypted with a virtually uncrackable algorithm and a ransom is still demanded from the victim. However, where ransomware 2.0 deviates from the traditional form is in how they extort the victim into paying up. If the victim decides not to pay the ransom, the attacker threatens to publish their data online.
The effect that this could have could be devastating. A potential mass exposure of personal and sensitive data that could cause irreparable reputational damage to an organisation, loss of business, and some hefty fines from regulatory bodies like the ICO. The harm this could inflict on the data subjects, for example, a business’s clients and wider stakeholders could also be severe; imagine being a healthcare provider and having thousands of sensitive personal health records leaked. Once online this data would likely be permanently accessible.
How to Prevent Ransomware Attacks?
When it comes to keeping you or your business secure, you want to implement preventative measures wherever possible, following a defence-in-depth strategy. Here are some of the ways to keep yourself secure:
• Keep Backups: Ensure that you keep regular backups of all your business-critical data so that even if a successful attack occurs you can quickly recover your systems. Store these backups both offline and offsite (away from your production network/systems) or use a cloud backup service. It’s important that backups kept on physical media are encrypted at rest.
• Be Careful What You Download: You need to be especially careful of what you download from the internet. Ensure that you are only downloading applications from trusted sources. Businesses should adopt a policy (preferably alongside a technical control) to pick and choose what employees can download.
• Implement Antivirus: Ensure you have installed antivirus software that actively scans for malware on your device, preferably with web protection. Make sure that the antivirus is kept updated to the latest version and signature are up to date.
• Implement a Firewall: By default, most of your devices should have a firewall enabled but check that this is the case. The firewall will often block unauthorised traffic to your devices that have an inbuilt firewall.
• Keep Software Updated: You need to make sure you are keeping your software up to date. This includes your operating system and applications.