Every modern business deals with a certain amount of technology. From tech companies that consist internally of nothing but professionals at computers to minimally technical industries that still rely on databases and business software to keep everything running smoothly, the need for a secure network and backups of archived business data is universal. When your data is in danger and it looks like there’s a chance of recovering anything that has been lost, most companies will jump through flaming hoops for any either planned or, worse, unplanned recovery method. That is exactly why a ransomware attack is so terrible. The hope of getting your files back after a disaster is often more powerful than the fear of losing them in the first place.
Table of contents
Estimated reading time: 6 minutes
While you may think that your files are being held hostage, your disaster recovery plan is much more reliable than any hacker’s “promise” that you’ll see your files again.
Malware Has Always Wiped Files
To understand the innovation of ransomware, it may help to have a better grasp on the history of malware as a whole. Ransomware is just one of the most recent innovations in a long chain of malicious, invasive software. In fact, while there has been a significant rise in the ability of malware to actually do something like steal credit card numbers or extortion, malware has traditionally been almost completely pointlessly evil. Worms have roamed the web since before the internet unification seeking out vulnerable systems and often infected websites are simply left up to hurt anyone who comes across them.
When an infection is successful, whether it was targeted or random, the malware’s goal is simply to cause pain. Spamware makes your system unusable with constant pop-ups, spyware steals your login information and uses it for fraud or more spam, and many forms of malware despite the name will simply explore your files, deleting or corrupting them as it goes. Hackers have always deleted files for fun and there’s no reason to assume that they’re going to stop now just because they’ve also figured out how to make a little side cash.
What Ransomware Does
When ransomware gets onto your computer, it’s first act is usually to lurk around for a while. During this time, it may finish installing itself, spread from the first computer into the local network, and map all your files. These processes usually happen quietly using background resources and the delay often masks the true infection point, whether it as a bad website, a phishing email, or an actual hacker security breach in which the ransomware was placed on your computer.
Once the lurking phase is done, the ransomware will encrypt every single file it can find whether that’s just on a single computer or every file in your entire network including servers, databases, and sometimes even router configurations. Once this is done or while it is going, the ransomware will also freeze and shut down every other process on your computer or network and show the ransom UI.
As most of us already know, once your files are fragged, a UI window will appear and will inform you that all your files have been encrypted, that they will be deleted in a certain amount of time, and that you can save your files if you pay up in BitCoin or some other crypto-currency flavor of the week. This is where the actual scam begins.
Do not believe the UI message, it’s all part of the scam. Ransomware is an incredibly underhanded hack, even as malware goes, because it not only wrecks your files and infects your network, it also gives you a false hope that your computer and files are recoverable.
While ransomware was once grudgingly praised for the innovative integration of cryptography into malware, as it turns out, this is mostly just an illusion. Above we talked about the rising threat of a ransomware attack, how malware has a long tradition of destroying files, and the way ransomware works once it attacks your computer. Below we pick up right where we left off with encryption, how it works, and why it is used on a ransomware attack.
The big confusion about ransomware is the use of encryption. At first, it was lauded as one of the cleverest upgrades to malware since email attachments but in reality, the only reason encryption is used instead of full-on deletion is to create false hope and the possibility that companies will pay up.
Here’s how it works: Encryption relies on a key, the thing that determines how the files will be encrypted. One of the simplest encryption keys is the backward alphabet where A=Z, B=Y, C=X, and so on. A more complex version might use a specific page of a specific book where A=first letter, etc. The point of the encryption key is that as long as it is sufficiently complicated or impossible to predict, you cannot decrypt anything that has been encrypted without the original key.
When your files are encrypted via a ransomware attack, it’s important to understand that modern encryption software can randomly generate one-time nonsense keys that cannot be decrypted and, if the key is lost, so too is anything that was encrypted with it. This means that unless you get the exact key used to wreck your files, there’s simply no way you’ll be able to get them back. Some hackers will promise to give you the key and a decryption tool but experience has revealed the majority of these promises to be outright lies.
The final piece to this puzzle is knowing who you’re dealing with. Let’s say that a suspicious person comes up to you in the airport and asks to ‘hold your phone’ for a dollar. Naturally, you’re going say no. Sure, you could make a dollar but you’ll probably also get your phone stolen at the same time. Along the same vein, hackers are malicious criminals. They make hurtful software and sic it on people because it’s funny and might make them a little money. Don’t forget that ransomware hackers, in particular, have willingly put patients at risk of death by targeting hospitals. Are you really going to trust them to give you the correct encryption tools and key if you pay the ransom?
Don’t Give Into False Hope
A ransomware attack is real, it’s problematic, and it is almost always permanent. The fact that encryption is used simply suffuses business owners and IT directors with false hope that lost data can be restored but there is a very low chance that paying will actually result in access to a working decryption tool. In fact, there is even a new Windows ‘ransomware’ going around that just deletes your files and then lies about it. In the face of cyber criminality at every turn, the only defense is a comprehensive set of backups from your network configuration to the day-to-day files your employees need to work.
Don’t believe the hype. As interesting as the introduction of encryption and ransom messages seemed at first, the real innovation is the psychological effect the promise of ‘easy’ file restoration has on businesses who have just been badly hacked. Don’t believe the ransom message, don’t trust hackers, and do put together a rock-solid backup and disaster recovery plan so you laugh off the hackers, wipe to factory settings, restore from backups, and get your business back on its feet in a matter of hours. For more cybersecurity tips about ransomware attacks, trends, and recent developments contact us today!