The Evolution of Ransomware and Threats to Consider

The phrase “ransomware” strikes terror into the figurative hearts of corporate heads and IT professionals. A dark, malevolent cloud seems to hang over every ransomware mention or sighting. Even for the average internet user, ransomware sounds like a black plague of data, and something to avoid at all costs. The fear is valid – ransomware targets unsuspecting computer networks everywhere. And the continuous evolution of ransomware makes it a major threat. Ransomware attacks have increased over the past two decades, and each attack brings a new level of malicious sophistication. Although perpetrators of ransomware attacks can be individuals, more often the viruses come from organized groups of cybercriminals. While there are some steps we can take to protect ourselves from ransomware, we’re never completely safe from the threat of holding our data and software hostage. Ransomware may sound like the name of a cheesy villain in a 1990s B-movie, but the threat is very real. Hospitals, city governments, utilities companies, software security programs, and individuals have all experienced ransomware attacks. The damage inflicted may take weeks or months to repair. Many internet users may not be aware of the purpose behind these viruses, or how their targeted attacks can potentially impact computers, networks, and software programs. So, what exactly is ransomware? How does ransomware spread such poison? What stands as the worst case of a ransomware attack? And finally, can we protect ourselves or bypass ransomware? Ransomware is the most insidious form of malware. A ransomware program is often installed through opening a suspect email link or clicking on a questionable website. And it may elude your antivirus and firewall software. It then spreads throughout your computer operating system and locks your files and data. When attacking a computer network, the ransomware can move through undetected downloads or missing security patches and infect a whole system. On a professional level, ransomware could mean clients’ files and years of accounting records suddenly become inaccessible. On a personal level, family photos, tax returns, and private information can be erased or locked up. Ransomware holds your files hostage, and the implications can be huge. Erased files or leaked data can lead to corporate security breaches and personal embarrassment. Ransomware-related leaks can result in huge legal issues for companies. And if you’re hanging on to that scathing letter you wrote to your ex (but never sent), it may bode well to take this evidence off of your computer. Once your computer is locked and the ransomware has infiltrated its deepest corners, you’ll probably get a message from your attackers. The attackers will make a ransom request for your information. The amount of money demanded may vary based on the size of the target and how organized the cybercriminals are. A screen may pop up with a timer or countdown clock and the financial demand. The cyber thieves will give you a time limit on turning over funds, and will typically request untraceable cryptocurrency as payment. Ransomware perpetrators will: Some of the largest ransomware attacks ever occurred in 2021, but the Kayesa attack was by far one of the worst in computer history. Ransomware typically targets breaches in security patches or outdated computer systems (such as Windows 7 or Windows XP). Or it infects networks through phishing scams. The Kayesa attack marked the first time a large software security platform was hit by ransomware. And the results were disastrous. Founded in 2000, Kaseya is one of the leading providers of IT security solutions. The company, which has worldwide operations, is based in Florida, and internationally headquartered in Dublin, Ireland. In July 2021, Kaseya was targeted by a well-organized ransomware attack. The attack left over 1,500 corporations at the mercy of cyber criminals. Their day-to-day operations were, effectively, left in disarray and came to a screeching halt. Before the attack, Kaseya was warned by the Dutch Institute for Vulnerability Disclosure of weaknesses and gaps in the security of their software programs. Unfortunately, corrections weren’t made in time to prevent almost 50 MSPs (managed service providers) from a simultaneous hack attack. The Kaseya attack stands as the first to expose flaws in MSPs. It left a wide-open door to similarly exposed vulnerability in otherwise credible software programs. REvil, The Russian cyber group that claimed responsibility for the attack , also sounds like a silver screen villainous group–perhaps from one of the lesser Bond films. However, their impact had far more dire, real-life consequences than Bond’s various nemeses. REvil demanded $70 million to unlock the files and data of Kaseya’s customers. However, Kaseya (in tandem with the security firm, Mandiant) was able to uncover a universal decryption key to unlock the files, and did not give into REvil’s demands . Ukrainian citizen, Yaroslav Vasinskyi, was allegedly behind the group, and is purported to have deployed over 2,500 ransomware attacks worldwide. Vasinskyi was arrested in Poland, and faces federal charges from the U.S. Department of Justice. Nonetheless, Vasinskyi’s group proved to hackers everywhere that even the most secure computer systems have weaknesses. Although ransomware attacks such as the Wannacry attack of 2017 globally impacted millions of computers, the Kaseya attack was unique in that the very software used by corporations for security left a pathway for REvil to find a way in. The Kaseya attack was the first of its kind. But it will most likely not be the last. The aftermath of the Kaseya ransomware attack proved extremely costly for both Kaseya and thousands of its corporate customers. The IT solutions firm pledged to donate millions of dollars to help their customers recover from the attack. Most of Kaseya’s clients were safely back online within several weeks. However, even a day without operational abilities can cost a company millions of dollars. As malevolent and fierce as ransomware attacks can be, it’s important that we don’t panic in the face of these hijackings. Paying virtual ransom works much like paying ransom in physical kidnapping cases. Giving into the demands of criminals offers no guarantee of a positive outcome. We could pay the ransom (typically, the payment demands are smaller for individuals or local businesses), and the hackers could then increase the amount necessary to free our devices. The good news is that, even as cyber criminal rings continue to grow more organized and sophisticated, IT security firms are evolving their technologies to offer us greater protection. There are several steps we can take to help protect ourselves from the threat of ransomware attacks. These steps include: The Kaseya attack exposed universal vulnerabilities and a new way for ransomware programs to strike. As ransomware evolves, we must update the strength of our online security. We may never completely eradicate the threat of ransomware attacks. But as we find new ways to protect our computer systems, they’ll become far less frequent.