Ransomware is malicious software (malware) that cybercriminals can use to either block or threaten to publish a victim’s data unless a sum of money or ransom is paid.

Ransomware attacks are all too common these days. Major companies in North America and Europe alike have fallen victim to its trap. Cybercriminals will attack any consumer or any business and victims come from all industries.

Several government agencies, including the FBI, advise against paying the ransom to prevent encouraging the ransomware cycle, as does the No More Ransom Project. Furthermore, half of victims who pay the ransom are likely to suffer from repeat attacks.

The History of Ransomware

The idea of ransomware, initially known as “cryptoviral extortion,” was introduced in 1996 by Moti Yung and Adam Young from Columbia University. This idea, born in academia, illustrated the progression, strength, and creation of modern cryptographic tools. Young and Yung presented the first cryptovirology attack at the 1996 IEEE Security & Privacy conference. Their virus contained the attacker’s public key and encrypted the victim’s files. The malware then prompted the victim to send asymmetric ciphertext to the attacker to decipher and return the decryption key … but for a fee.

Attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous. For example, notorious mobile ransomware Fusob requires victims to pay using iTunes gift cards instead of normal currencies, like dollars.

Ransomware began to soar in popularity with the growth of cyptocurrencies, such as Bitcoin. Cryptocurrency is a digital currency that uses encryption techniques to verify and secure transactions and control the creation of new units. Beyond Bitcoin, there are other popular cryptocurrencies that attackers prompt victims to use, such as Ethereum, Litecoin and Ripple.

Some of the worst ransomware attacks have included NotPeyta, WannaCry and Locky.

Popular examples of Ransomware include CryptoLocker, WannaCry and CryptoWall. Some Reddit users have shared personal experiences of being hit by CryptoWall ransomware. One user shared that they saw people lose their PhD theses and an author lose a 1,000-page book.

A newer ransomware attack called SpriteCoin uses social engineering to lure victims, promising profit in the form of cryptocurrency. Once the ransomware is downloaded, attackers ask for Monero, a newer form of cryptocurrency, in exchange for a key to decrypt the victim’s files. Users that pay the amount are instead given additional malware that possesses more capabilities like image parsing and activating the victim’s webcam.

Social engineers have become more innovative over time. The Guardian wrote about a situation where new ransomware victims were asked to have two other users install the link and pay a ransom in order to have their files decrypted.

Should You Pay Ransomware Ransom?

So, what should one do after a ransomware attack? As mentioned earlier, the FBI advises against paying the ransom for a few reasons.

Andrew Hacker, a cybersecurity expert at Harrisburg University, told Fox 43 News that people oftentimes do pay the ransom but are not given the decryption key and are unable to gain access to their files. A new malware called Ordinypt labels itself a ransomware, but is actually a wiper. This malware infects the victim’s machine, encrypts files, and requests a ransom — but the victim’s files are actually destroyed.

Oftentimes, the data will not be restored, even if the ransom is paid. Other government agencies also advise against paying the ransom since it further encourages this pattern of behavior, proving to cybercriminals that their tactics work. The goal of the attacker is to receive payment, which may or may not remove the ransomware.  In a recent study from State of the Channel Ransomware Report, over $301,000,000 was paid in ransoms by small to medium-sized businesses between Q2 2016 and Q2 2017.

Instead of paying the ransom, it is recommended to restore the lost data via backups. Unfortunately, backups are often outdated or corrupted. That’s why organizations should focus more ransomware prevention awareness instead of remediation alone. Check out our interactive training modules, including Ransomware Prevention which educates end users using proven learning science principles.

Learn how to equip your employees with the education they need to fend off ransomware and other cybersecurity threats, and be sure to visit our ransomware awareness resources page for valuable information to share with your end users.

Defending Against Ransomware

User education is one of the most powerful weapons in the fight against ransomware — especially as ransomware continues to evolve. According to the FBI’s Internet Crime Report, “Recent iterations target specific organizations and their employees, making awareness and training a critical preventative measure.”

Unfortunately, our data shows that not enough security awareness training is being done about ransomware. In our 2017 User Risk Report, an independent third-party survey of more than 2,000 working adults showed that 30% of working adults still don’t know what phishing is, and less than half of the respondents were able to accurately identify what ransomware is.

“Ransomware has really reshaped the threat landscape in general, and the phishing threat in particular, during the past few years,” said Gretel Egan, Brand Communications Manager for Wombat. “With this type of malware, we see that end-user mistakes can result in immediate and crippling business impacts. It’s absolutely critical that organizations not only educate their users how to identify and avoid this type of attack, but also encourage them to recognize and report any potential ransomware infection since quick action is essential to minimizing impact.”