Overcoming The False Hope of a Ransomware Attack (Part 2)

By Georg Tichy

security

Welcome back to the second half of our two-part article on how ransomware is built to deliver false hope in order to scam businesses harder than hackers have ever scammed before. While ransomware was once grudgingly praised for the innovative integration of cryptography into malware, as it turns out, this is mostly just an illusion. Last time we talked about the rising threat of ransomware, how malware has a long tradition of destroying files, and the way ransomware works once it attacks your computer. Join us again today as we pick up right where we left off with encryption, how it works, and why ransomware uses it.

Ransomware Encryption

The big confusion about ransomware is the use of encryption. At first, it was lauded as one of the cleverest upgrades to malware since email attachments but in reality, the only reason encryption is used instead of full-on deletion is to create false hope and the possibility that companies will pay up.

Here’s how it works: Encryption relies on a key, the thing that determines how the files will be encrypted. One of the simplest encryption keys is the backward alphabet where A=Z, B=Y, C=X, and so on. A more complex version might use a specific page of a specific book where A=first letter, etc. The point of the encryption key is that as long as it is sufficiently complicated or impossible to predict, you cannot decrypt anything that has been encrypted without the original key.

When your files are encrypted through ransomware, it’s important to understand that modern encryption software can randomly generate one-time nonsense keys that cannot be decrypted and, if the key is lost, so too is anything that was encrypted with it. This means that unless you get the exact key used to wreck your files, there’s simply no way you’ll be able to get them back. Some hackers will promise to give you the key and a decryption tool but experience has revealed the majority of these promises to be outright lies.

Trusting Hackers

The final piece to this puzzle is knowing who you’re dealing with. Let’s say that a suspicious person comes up to you in the airport and asks to ‘hold your phone’ for a dollar. Naturally, you’re going say no. Sure, you could make a dollar but you’ll probably also get your phone stolen at the same time. Along the same vein, hackers are malicious criminals. They make hurtful software and sic it on people because it’s funny and might make them a little money. Don’t forget that ransomware hackers, in particular, have willingly put patients at risk of death by targeting hospitals. Are you really going to trust them to give you the correct encryption tools and key if you pay the ransom?

Don’t Give Into False Hope

Ransomware is real, it’s problematic, and it is almost always permanent. The fact that encryption is used simply suffuses business owners and IT directors with false hope that lost data can be restored but there is a very low chance that paying will actually result in access to a working decryption tool. In fact, there is even a new Windows ‘ransomware’ going around that just deletes your files and then lies about it. In the face of cyber criminality at every turn, the only defense is a comprehensive set of backups from your network configuration to the day-to-day files your employees need to work.

Don’t believe the hype. As interesting as the introduction of encryption and ransom messages seemed at first, the real innovation is the psychological effect the promise of ‘easy’ file restoration has on businesses who have just been badly hacked. Don’t believe the ransom message, don’t trust hackers, and do put together a rock-solid backup and disaster recovery plan so you laugh off the hackers, wipe to factory settings, restore from backups, and get your business back on its feet in a matter of hours. For more cybersecurity tips, trends, and recent developmentsĀ contact us today!

Leave a Reply