Part 2 – 3: : Terms and Definitions for Ransomware
Term | Definition |
Ransomware | Locking you computer and requiring money in return to unlock your computer |
Crypto-Malware | Encrypting files and folders and requiring money in return to unlock them |
Offsite Backup | Storing copies of computer data at a third-party location outside of the internal network/system |
Ransomware was a major attack in the early 1990’s as attackers would utilize malware to initiate an attack on end user computers. This attack would end up locking your computer from being able to utilize it until you have paid some form of a ransom to the attacker. Once the attacker receives the ransom, they will proceed with unlocking the computer or even at times never unlock you computer as they are simply just getting you to give them money. Many businesses are prone to these types to attacks as there is larger amounts of data that are stored on servers and employee computers. For example, what would happen to a business that stores client data on a server which gets infected by this ransomware? A possibility would be that the supply chain would halt and orders would be frozen until the issue is resolved. Sometimes, computers could be locked for days or months until the ransom is paid, other times a set date is usually given or the data is completely lost and deleted by the attacker.
A newer type of ransomware called crypto-malware was introduced to encrypt all files and folders on the victims computer. Malware would utilize the OS encryption system or even its own script based encryption from the malware to encrypt every file and folder with a passcode which the attacker would have. The victim could still utilize the computer but would be unable to open any form of documents, links, and sometimes even applications until the ransom is paid. Same with typical ransomware, these files and folders could be locked forever or for a specific period if the attacker deletes the files if the ransom is not paid.
It seemed that backups were not a major component in every business many years ago, but since technology advanced in the recent years, businesses have made it a requirement to incorporate a form of backup and restore procedures incase of a scenario like mentioned. At what cost and time would a business decide on either paying a ransom or reverting all the files and systems to a previous date? Businesses may be willing to sacrifice time and work put into documents from their employees to revert to a few days ago rather than spending thousands and millions of dollars to an attacker. Be aware that local backup servers or software systems can be infected as well to the employee’s computer. That is because ransomware will look at all the network drives available on the employee’s computer and connect to the drives and encrypt those drives as well. An offsite backup is most important for issues like this. Offsite backups send all data from servers and employee computers to a third-party location outside of the business. Usually these backups are considered weekly or “once a day” backups as the backups rely on upload/download bandwidth that is available on the network. If a business has over 1000 employees modifying files and documents which may be over 100 MB or 1 GB, and which they ISP is only 100 Mb down and 10 Mb up, you can see how stressed the connections will be on a given day to have a reliable backup to restore from.