banner
Business

What is ransomware?

Posted May 15

The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk.

Ransomware attacks are escalating.

The technique of using a computer virus to hold data hostage has been around for decades, gaining more notoriety in recent years. But the two massive attacks that spread around the world recently -- one last month and another on Tuesday -- have taken it to a whole new level.

"It's only going to get worse and worse and worse," said Michael Gazeley, managing director of cybersecurity firm Network Box. "And it's absurd because companies have had years to prepare for this."

Here's the lowdown on this type of malicious software scam:

Related: Another big malware attack ripples across the world

How ransomware works

At its heart, ransomware mimics the age old crime of kidnapping: someone takes something you value, and in order to try to get it back, you have to pay up.

For it to work, computers need to be infected with a virus, which is usually accomplished by tricking someone into clicking on a link.

Imagine, for example, you're sitting at your computer and you receive an email that pretends to be from a well-known organization, like Fedex. The email says Fedex just tried to deliver a package, the delivery guy is still in the area, and if you click on the link, he will attempt to deliver it again in the next couple hours.

"It all looks so real," Gazeley said. "They're creating a sense of urgency, click on the link to get my parcel right now."

Ransomware can also be spread by clicking on an attachment.

In recent years, emails used to distribute ransomware typically contained documents like fake mail delivery notifications, energy bills or tax returns, according to a 2015 report from security company Symantec.

Once users click on the link or attachment, the ransomware encrypts the computer's hard drive, locking people out of computer files, including photos and music libraries.

A screen will appear threatening to destroy the files unless a ransom is paid.

Related: World's biggest cyberattack sends countries into 'disaster recovery mode'

Ransomware attacks aren't new, but here's what is

The first known ransomware attack, dubbed AIDS Trojan, happened in 1989, according to Symantec. The payment demanded was $189.

It was ultimately unsuccessful because few people used personal computers at the time, and the internet was mostly used by science and technology experts. Also, international payments weren't as common back then.

Fast forward to today: a huge amount of data is regularly stored on computers, people are connected to the internet via an array of devices, and sending money internationally takes little more than a swipe and a tap.

That's what makes modern ransomware attacks so painful. Most people would panic if they got locked out of their computers. Extorted companies lose productivity, and in the case of hospitals locked out of patient files, lives are potentially on the line.

"The way ransomware is spread now, it's so efficient, it's so effective, it's sort of -- to quote an ironic phrase -- going viral," said Gazeley.

Related: How to protect yourself from the massive ransomware attack

Ransomware makes for thriving business operations

Hospitals in the UK falling victim to the WannaCry attack in May received a lot of attention. But experts say it was an equal opportunity attack, targeting everything from hotels to fashion companies.

Gazeley likened the attack to someone shooting indiscriminately into a crowd with a machine gun and striking a grandmother or a baby. "You can't say you didn't mean to hit them, you shouldn't have been shooting into a crowd in the first place," he said.

But cybercriminals treat these attacks like a business, casting a wide net to get the most bang for their buck.

Related: 'Ransomware' crime wave growing

Some even have ransomware help desks, giving victims a few files back for free to reassure them they are not being completely conned.

But freeing the rest of your files and data will cost you. The average ransom amount is $300 per computer, and the favored payment is bitcoin, according to Symantec.

That may seem like a relatively small amount of money, but experts say asking for an affordable sum means hackers are more likely to get paid.

Comments

Please with your WRAL.com account to comment on this story. You also will need a Facebook account to comment.

Oldest First
View all