A ransomware attack is one of the most devastating malware scams that business users can experience. You get locked out of your PC and you see a scary message appear on your screen demanding thousands of dollars worth of, say, Bitcoin (an anonymous form of payment that’s kept in a cryptocurrency wallet) to be paid to an anonymous address. These messages usually have a countdown timer, adding a sense of impending doom to an already stressful situation. In the case of small to midsize businesses (SMBs), the data in their computers and systems could constitute viable client information, financial accounts, top-secret patents, and other types of priceless information. Without a decryption key, the only option is to restore your PC from a recent backup, provided you have one. If you pay the ransom fee, then you become another victim of the ransomware scourge that’s been plaguing SMBs far and wide.
Ransomware, or cryptoware, is a form of malware that’s the cyber equivalent of holding a hostage for cash, except in this case, the hostage is your company’s data. You won’t notice ransomware when it’s first deployed because all it does is silently encrypt your files. But then, once it’s encrypted enough of your data, it makes itself known. First, by locking you out of your own data by using an encryption key only its owner knows, and then with a message to you stating that it will provide you that key as long as you pay up first. In the meantime, you can’t read your data anymore. Unfortunately, even if you pay the ransom, you have no idea if you’ll get your data back. After all, the transaction is completely anonymous, and there is nothing to stop the attacker from graciously accepting your payment and then ignoring you. While getting your data back isn’t impossible to do without paying the ransom, it’s difficult, so it’s more likely you’ll be digging though your most recent cloud backups by the end of the day.
Probably the most well-known ransomware threat was 2017’s WannaCry. Its signature move was to use a back door in Server Message Block (SMB), the Microsoft Windows file sharing protocol. The exploit’s name was EternalBlue; it gained quite a bit of notoriety in the public eye since the origin of EternalBlue was the Equation Group, a cyber-espionage group with suspected ties to the US National Security Agency (NSA), if you believe the sources. It would slip in, do its dirty work, and spread to nearby systems that were vulnerable. Fortunately, for a while this stopped being an issue in Windows 8 since the exploit was no longer effective against the way that Windows was handling memory management. Unfortunately, the threat is back again due to some intrepid hackers porting EternalBlue to work with all versions of Windows.