On May 7th, 2021, the Colonial Pipeline was threatened by ransomware through hackers who threatened to release the 100 gigabytes of data that they had stolen to hackers around the world if they did not receive a ransom of $5 million dollars in bitcoin. The attack caused the Colonial Pipeline to shut down its core assets, the largest pipeline in the U.S. traveling from Texas to New Jersey, delivering over 100 million gallons a day. Within days, the Colonial Pipeline paid the hackers $4.4 million for the ransom.

Although this was a terrible attack, it could have been worse as the thieves were able to steal information on the assets used by the pipeline, including a list of seeds used in the oil farms, and trade information for customers in 14 states.

However, this is not an isolated incident. Ransomware attacks have lost companies millions of dollars in data as well as entire countries’ economies. The main reason? It’s a lucrative business model that threatens governments and businesses alike making it a growing threat to world security.

The majority of ransomware infections are carried out by criminal gangs or hackers who compromise corporate networks and attempt to extort money from companies. The malware is spread either via spam emails or through infected websites using custom-made software such as stolen remote desktop protocol (RDP) credentials. Once the ransomware is in place it spreads throughout the network, encrypts data held on the computers and then demands that an online ransom be paid.

The most common type of ransomware is called Cryptolocker. It’s a form of Ransomware-as-a-Service (RaaS), where cybercriminals use malware created by others and then charge a fee for its use. The operator of the malware is paid 40 percent of the ransom paid by the victim, while the RaaS creator gets 60 percent.

Unlike most other forms of ransomware, Cryptolocker has been found on both Windows and OS X machines in addition to Linux ones. It is made up of two files: a dropper and an encryptor. The dropper installs the ransomware by copying itself and its associated files to locations used by various legitimate system services, which then execute the malware during system boot. The dropper also installs an extension in all web pages with an embedded script that will be called when a user opens a webpage containing this extension and will inject code into every webpage to decrypt specific files when accessed using this extension.

Data loss caused by ransomware attacks causes companies to lose faith in the security of their networks and files. The amount of data that has been lost in recent years is staggering. For example, on December 22, 2013, the UK’s National Health Service (NHS) lost files containing up to 1,234,200 patient records due to a ransomware attack. In the United States, over 600 large companies were affected by a series of attacks between October and December 2013 that collectively resulted in millions of dollars worth of damage. A US Department of Justice investigation found that the criminals involved had generated an estimated $100 million from their activities since at least as early as June 2011.

How Does Ransomware Work?

Ransomware encrypts data files, creates copies of those files, and then displays messages on the computers informing users that their data will be permanently deleted if they do not pay a fee to recover it. If a person has backed up their files they may be able to recover them. However, for individuals and businesses that have not backed up their files the situation can result in significant financial losses and damage to an organization’s reputation.

Ransomware typically arrives via email or through malicious websites that users visit. Most ransomware is installed on a user’s computer when they download software from the Internet, open an infected attachment or by clicking on a link in a phishing email.

The top attacked country? India. The top attacked organization? The Indian Railways. Source: Ransomware Attack Distribution Insights

Who’s Behind the Attacks?

Most ransomware attacks are associated with cybercriminals based in Russia and Ukraine, but the ransomware used in the late December 2013 attack against the NHS was a strain from North Korea. On January 28, 2014, a cybersecurity researcher posted what he claimed to be a piece of malware from North Korean hackers. Who are the innovators that will stop the ransomware crisis?

Want to know if your business is protected against cyber-attacks? Effective Cybersecurity Assessment Answers These Questions will cover these important questions.

Thanks for reading…Please feel free to give us a call at 864-991-5656.

ransomwareIf you would like TSVMap to assist your business with assessing your essential systems and applying the TSVMap methodology to ERP SystemsMRP SystemsCyber SecurityIT StructureWeb ApplicationsBusiness Operations, and Automation, please contact us at 864-991-5656 or info@tsvmap.com.