Ransomware on the Rise: How to Prevent and Recover from Attacks. With record-breaking demands, paying the ransom is not the easy way out.

November 7, 2021

Ransomware- a type of malicious software designed to block access to a computer system until money is paid- is a rapidly growing malware threat. One ransomware attack reached a record-breaking demand this year: $50 million dollars.

You have 24 hours to submit the payment. If you do not send the money within the provided time, all your filles will be permanently encrypted and no one will be able to recover them.

Once the user’s access has been blocked, the cyber actor demands the ransom payment. After receiving the payment, the cyber actor may or may not allow the victim to regain access. A recent report found 42% of organizations who paid the ransom did not get their files decrypted. Ransomware attacks can lead to temporary or permanent loss of information, financial harm, disrupt operations, and harm an organization’s reputation. A ransomware attack sometimes looks like this: “You have 24 hours to submit the payment. If you do not send the money within the provided time, all your files will be permanently encrypted and no one will be able to recover them.”

Common methods used to deploy ransomware attacks

  • Email phishing: This is when cyber attackers send emails containing malicious links or files that deploy malware when the user clicks on them.
  • Remote Desktop Protocol (RDP) vulnerabilities: RDP is a network protocols that allows individuals to control the resources and data of a computer over the internet. Cyber attackers can gain unauthorized RDP access through trial-and-error techniques typing credentials. Credentials can also be purchased on dark web marketplaces. Once cyber criminals have RDP access, they can deploy malware- including ransomware- into the systems.
  • Software Vulnerabilities: Cyber attackers can gain control of victim’s systems and deploy ransomware using security weaknesses in software programs.

Ransomware attacks are becoming more and more common. According to the 2020 FBI’s Internet Crime Report, the Internet Crime Complaint Center (IC3) received 2,474 complaints in 2020, up from 1,493 in 2018. Adjusted ransomware losses in 2020 were over $29.1 million, up from merely $3.6 million in 2018. These losses don’t even include estimates of lost business, time, wages, files, equipment, or any third-party remediation services used to recover from the attack. Additionally, these numbers only reflect losses reported directly to the IC3, and do not include losses reported directly to local law enforcement, FBI field agencies, or not at all. Thus, the overall ransomware loss rate is likely much higher.

Anyone can fall victim to ransomware attacks. In March 2021, one of the nation’s largest school districts in Fort Lauderdale, Florida was hacked. The hackers threatened to erase the files and post students’ and employees’ personal information online unless the school paid them $40 million.

How can you prevent ransomware attacks?

  • Educate yourself and employees.
  • Be aware of phishing emails.
  • Never click on unsolicited ads or links and be wary of ones that look suspicious. 
  • Enable strong spam filters to prevent phishing emails from reaching the inbox.
  • Scan all incoming and outgoing emails to detect threats and filter files.
  • Configure firewalls to block access to known malicious IP addresses.
  • Set anti-virus and anti-malware programs to conduct regular scans automatically.
  • Back up data regularly and secure your backups into the cloud or physically store them offline.

What should you do if you fall victim to a ransomware attack?

  • Isolate the infected computer.
  • Isolate or turn off affected devices that have not been completely corrupted.
  • Identify the infection.
  • Immediately secure backup data or systems by taking them offline.
  • Contact law enforcement.
  • Change any account and network passwords you still have access to.

Paying the ransom is not the easy way out – there are risks associated with paying and the FBI discourages it. When considering whether to pay a ransom, victims should consider many factors: the cost of the ransom, the technical feasibility of paying the ransom, and the costs of restarting systems from backup. Additionally, paying the ransom does not guarantee regaining access to data. Individuals and corporations often pay the ransom and are not provided with decryption keys, or a second fee is demanded for access after paying the first ransom. Also, some victims who paid the ransom were targeted again.

Ransomware attacks have steadily increased over the past five years, with a 350% increase from 2016. The best way to protect yourself or your business from an attack is to be cautious of what you click on, be wary of who give your credentials to, and install preventative software on your systems. If you do fall victim to a ransomware attack, call law enforcement and report it immediately. Weigh your options carefully and consider the risks before paying the ransom. Additionally, make sure to regularly back up your valuable data to ensure your losses will be minimal if you do suffer an attack.

Arianna Pearson

Arianna is a second-year law student from the Outer Banks of North Carolina. She graduated from the University of North Carolina Wilmington in 2018 with a B.S. in Political Science and a minor in pre-law. Arianna transferred to UNC after her first year of law school and plans to pursue a career in corporate law.