Episode 65 - Ransomware Basics
This podcast episode explores ransomware from preventive, legal, and communications angles. While there’s no 100% effective vaccination against a ransomware attack, there are steps enterprises and each of us can take to beware, prepare, and take care.
Ransomware. It’s the modern equivalent of kidnapping – except people aren’t grabbed and held hostage. Instead, an enterprise has its computer and information system locked by a criminal. Data gets encrypted and unusable until and unless the organization pays a ransom to the thief, who is known only by a digital address and often demands untraceable payment in cryptocurrency.
Ransomware is a type of malware – software installed in a system by an outside party for bad purposes. Unlike malware focused on stealing data, ransomware aims to extract a ransom payment in exchange for decrypting and restoring the victim’s data.
From a criminal’s perspective, ransomware is a simpler, less expensive way to get money than malware that aims to export (or exfiltrate) and resell data. It can be an “in and out” operation, not requiring search, download, categorization, and reselling of purloined data. Despite this, because data has great value, Blackfog estimates that 70% of ransomware attacks include data exfiltration, so that the attacks not only temporarily freeze data usage but result in a release of personal and business data to third parties as secondary damage.
Ransomware theft is rising. Security sector experts report a 7-times increase in ransomware attacks between 2019 and 2020, with the average ransom demand increasing more than 3 times the prior year’s figure. Blackfog predicts cybersecurity theft will approach $6 trillion for 2021. CrowdStrike’s comprehensive summary of 2020 and early 2021 reports a four-fold increase in interactive intrusions in the past two years, with 149 criminal syndicate followed as tracked actors on its list of named adversaries. Ransomware is organized crime on a massive and global scale.
For units of government, businesses, and non-profits (like universities and hospitals), ransomware can strike like a rogue wave at sea. But it’s often an attack more like a time bomb, lying in wait until the criminal gang is ready to demand its ransom at a time of its choosing. And when this happens, it can immobilize the organization’s ability to operate. Immediate action is required. How do we get our data back? Do we pay the ransom? If we do, will we get the data back? Even then, how do we know it’s safe? How can we prevent this from happening again? If it does, how do we deal with the immediate issues, recoup the data, and ensure it’s clean and usable?
If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.