What does Ransomware look like Today?
There are a few dominant types, or families, of ransomware in existence. Each type has its variants, and new families surface as time goes on.
Historically, Microsoft Office, Adobe PDF and image files have been targeted, but McAfee predicts new targets as ransomware continues to evolve.
Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms.To decrypt files, cyber extortionists typically request payment in the form of Bitcoins or online payment voucher services, such as Ukash or Paysafecard. The standard rate is about $500, though it can range in the thousands. The ransom can range from a mere few too many thousands of dollars. Currently, a single bitcoin is more than $6,000.
In a recent ransomware attack on the city of Atlanta, the city has spent over $5 million, and the costs continue to rise. The police dashboard camera footage was lost, residents couldn't pay for essential services like water, the city can't collect revenue from parking fines, and the police department's efficiency dropped as they were creating handwritten reports. The city government is still trying to assess the damage and what was affected by the attack. Cybercriminals behind ransomware campaigns typically focus their attacks on wealthy countries and cities where people and businesses can afford to pay the ransom.
In recent months, we’ve seen repeated attacks on specific verticals, most notably healthcare. Medical practices are enormous targets due to the simple fact that Protected Health Information (PHI) is valuable on the black market. According to a recent report, global cybersecurity insurance company Beazley, found that in 2017 45% of all ransomware attacks studied were in the healthcare sector. Imagine what the percentage would be if this report included the attacks that go unreported.
How Does Ransomware Spread?
Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering by tricking victims into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Alternatively, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files.
It can happen in the blink of an eye with a single click.
Another standard method for spreading ransomware is a software package known as an exploit kit. These packages are designed to identify vulnerabilities and exploit them to install ransomware. In this type of attack, hackers install code on a legitimate website that redirects computer users to a malicious site. Unlike the spam method, sometimes this approach requires no additional actions from the victim and is referred to as a "drive-by download" attack. The most common exploit kit in use today is known as Angler.
Angler is just one exploit kit; there are a variety of others in use today as well. Spam botnets and exploit kits are relatively easy to use but require some level of technical proficiency. However, there are also options available for the aspiring hackers with minimal computer skills. According to McAfee, there are ransomware-as-a -service offerings hosted on the Tor network, allowing just about anyone to conduct these types of attacks.
Are you concerned that your practice isn't adequately protected? Reach out to the Medicus IT team today for a FREE consultation.