Cybersecurity Blog Series: Ransomware

Ransomware attacks continue to grab headlines in Canada and across the globe every week, targeting organizations in education, healthcare, financial services, and everything in between. In its most basic sense, ransomware is a type of malware that encrypts data so it cannot be accessed until a set ransom amount has been paid by the victim, often in the form of a cryptocurrency called Bitcoin. Ransomware attacks have grown by 50% since last year, costing consumers and businesses more than $1 billion in damages.

As if we needed another reminder that the ransomware threat is massive and growing, last month the now-infamous WannaCry attacks claimed over 200,000 victims in 150 countries, including schools, hospitals, transit agencies, and private businesses of all sectors and sizes. Beyond the sheer breadth of its attack landscape, WannaCry provides a revealing glimpse into the future of ransomware development and distribution, as it is just one example of Ransomware-as-a-Service (RaaS).

Simply put, the malware business is big and booming, accumulating more talent, resources, and money with each passing day. Crimeware-as-a-Service has made it possible for virtually anyone with an internet connection to execute successful cyberattacks—no technical expertise required. Whereas yesterday’s hackers had to build and maintain their own malware, aspiring cybercriminals can now pay a fee to developers to purchase customizable and user-friendly ransomware toolkits. In return for providing these services, ransomware developers claim a percentage of the profits from successful attacks launched with their product.

In this sense, RaaS operates in much the same way as any business that provides an ongoing service for a fee. The plethora of ransomware for purchase on the Dark Web means the industry has become very competitive, with developers constantly upgrading their products to ensure their customers have access to the most sophisticated and profitable malware tools. Commonly, these ransomware service packages include:

1) A user-friendly dashboard that allows cybercriminals to monitor the progress of their campaigns, including the number of attacks launched, the number of victims who have paid the ransom, and the amount of profit generated

2) The ability to execute attacks in different languages
3) A variety of pricing options to launch different scales of attack
4) Technical support from the RaaS provider
5) An online marketplace where customers can review the ransomware packages they have purchased

With so many ransomware tools readily available for criminal use, it's not surprising that the global victim count continues to grow—and small and medium-sized businesses (SMBs) are no exception. One study revealed that 1 in 5 SMBs was hit by a ransomware attack in the previous 12 months. More concerning is the fact that 40% of SMBs that fell victim to ransomware attacks paid the ransom amount, but only 45% of those who did actually got their data back.

This raises the question as to how SMBs can protect themselves from ransomware and other common cyberthreats. The CarefreeIT Cybersecurity Centre recommends Security Awareness Training and testing for all employees as a crucial first step. It is necessary to teach staff how to recognize the social engineering tactics that are commonly used to execute ransomware attacks, as well as educate them about proper incident response protocols in the event of a data breach. Furthermore, our vCISO works with business owners to implement the technologies, procedures, and controls that are needed to safeguard critical IT systems and protect valuable data. Each day we enact our “total care” philosophy by empowering business owners and their employees with the knowledge and tools they need to protect themselves—as well as their valued customers—from cyberthreats.