Ransomware has been one of the most prolific malware families for years, generating financial losses for targeted users and organizations, as well as significant revenue for cybercriminals. In 2017, the FBI issued a warning stating that ransomware alone was responsible for an estimated $1 billion in earnings for cybercriminals. By the end of 2018, losses could surpass $2 billion.
However, financial losses for businesses hit by ransomware can be significantly higher, peaking at billions of dollars on a global scale, as the issues is not just recovering from lost data, but also investing in new security solutions that can prevent similar attacks.
Ransomware Getting Greedy
Traditional ransomware was all about infecting as many victims as possible, either via spearphishing campaigns or via infected websites, and demanding a fixed amount of money. Regardless of the number of types of encrypted files, ransom notes would usually range between $300 and $500 dollars, depending on the ransomware family.
However, since the ransomware-as-a-service business (RaaS) has started boominh, cybercriminals, have added the option for “clients” to customize the ransom note based on the victim’s profile and the type of encrypted files.
For example, if the average user would receive the lower end of the ransom note, recovering encrypted information from a server hosting sensitive data could set you back thousands, if not hundreds of thousands, of dollars.
GandCrab is one such family. It requests anywhere between $600 and $700,000 dollars for allowing users to regain access to their data. Fortunately, security researchers have managed to create a free decryption tool for GandCrab versions 1, 4 and 5, allowing victims to freely recover their data without giving in to the ransom note.
Multi-Layer Ransomware Protection
While ransomware is at its core considered malware, the fact that each sample is unique for each victim – a process called polymorphism – makes it difficult for security solutions to identify new and unknown samples as ransomware with 100 percent accuracy.
Consequently, there could be instances where one user risks being infected with a new ransomware strand. While there are multiple security layers built into each security solutions, all augmented by machine learning algorithms and behavior-based detection technologies, ransomware has become such a nuisance that security vendors have started implementing new security technologies specifically designed to both detect the threat and minimize any damages caused by an inadvertent infection.
Once such feature is called Ransomware Remediation, which ensures data is protected against any type of attack. Documents, pictures, videos and music are just a few of the file types protected by it, enabling users to instantly recover them if a ransomware infection has somehow made its way on to the system and was not detected in time by other security layers.
Basically, important files will be backed up and users will be presented with a restore option if they’ve been encrypted. They can either be restored in the location where they were originally present, or in a different location if there’s insufficient disk space or users want to save them on a different partition.
Other ransomware protection layers even allow users to set up special folders that ensure ransomware will not be able to touch any file placed in it. These protected folders will always be under surveillance by the security solution’s technologies, making sure that no unauthorized or unknown application, such as ransomware, will have the ability to encrypt them.
If Ransomware Hits, Be Prepared
One way of making sure that your data remains safe regardless of what happens to it - whether it’s a hardware failure or a ransomware infection – is to perform regular backups of critical files. By storing critical information on external drives, it constantly remains safe and you can always get it back at your own discretion.
Always maintaining all your software up to date with the latest security updates and patches ensures that no vulnerability can ever be exploited to deliver any form of malware, including ransomware.
It’s also considered good practice to avoid opening email attachments from senders you’ve never heard of, especially if the email is either vague about the contents of the attachment or if it exploits a sense of urgency regarding the importance of you reading the attached file.
Of course, having a security solution installed is always the best course of action, as it usually employs several security layers – some specifically built to protect against ransomware – that can prevent and protect against any type of infection.