From social media pages to the television, stories of ransomware attacks are becoming harder to ignore. These online security attacks can disrupt services, cause supply chain issues, and force prices to escalate. They can also force smaller companies to close their doors for good.
But what is ransomware in simple terms, and is it a computer virus? In a nutshell, ransomware is a type of malware that prevents people from accessing their computers, systems, and data while demanding payment to restore access. And no, ransomware isn’t a computer virus. A computer virus is a type of malware that corrupts data but doesn’t hold it hostage. Let’s clear some more misconceptions about ransomware:
Misconception #1 Paying the Ransom Automatically Restores Access
Paying ransomware attackers isn’t always a good idea for several reasons:
- Researchers believe that attackers using many popular ransomware strains like WannaCry, Petya, NotPetya, and Nyetyaare incapable of restoring data.
- There’s no guarantee that an attacker will restore data even if they can. Instead of sharing a decryption key or remotely returning access, they may disappear to cover their tracks.
- Some ransomware attackers use double-extortion strategies, where they only restore access to one layer of files after receiving payment.
Misconception #2There is nothing ransomware victims can do after an attack
Organizations usually pay hackers the money because they feel helpless. But a specialist cybersecurity team may be able to help by using a decryption key or isolating the attack. Companies can also restore data from air-gapped backups to minimize downtime.
Misconception #3 Ransomware Only Hits Large Organizations
While most ransomware attacks making the news involve large companies, the malware can infect any computer. Targeted ransomware strains like DarkSide usually hit massive organizations like the Colonial Pipeline, but ransomware with worm-like capabilities like WannaCry spread readily.
Misconception #4 Ransomware Only Spreads Through Phishing Emails
Ransomware typically spreads through phishing emails, which are fraudulent emails that carry ransomware in attachments or lead victims to websites with drive-by ransomware downloads. But phishing emails aren’t the only ransomware attack mediums. Unsecured RDP ports, infected USB drives, smishing attacks, and Trojans are common ransomware threat vectors.
Misconception #5 Attackers Always Drop Ransomware Immediately
Research indicates that ransomware attackers usually drop their ransomware within hours after breaching a system. However, this isn’t always the case. Attackers may take days to analyze their target’s systems or spread the malware to backups. They may even need time for data exfiltration. That way, in the event the ransomware attack is unsuccessful, they can threaten to dump the stolen files on the Dark Web for money.
Misconception #6 It’s Impossible to Recover the Ransom
Extortionists usually ask for payment in bitcoin instead of cash, checks, or bank wires because cryptocurrency is more challenging to retrieve. But as the FBI proved after the Colonial Pipeline attack, it’s not impossible. Still, it’s best for companies to adopt ransomware mitigation strategies to avoid the situation.
The best way to stop malware that hijacks your data or computers is to train your staff to recognize phishing and other social engineering attacks. Smart anti-malware software that uses machine learning to recognize threats in time can also help. With cybercriminals using increasingly complex attacks, organizations also need security teams to finetune their defenses.