Ransomware protection is used to protect against cryptoviral malware that blocks victims data until a ransom is paid, known as ransomeware. Ransomware utilizes cryptoviral malware to encrypt and lock users data so it is inaccessible until the victim pays a ransom to the perpetrator.
Ransomware is a common problem for individuals and corporations ranging from personal users to multinational cybersecurity companies. Research by Sophos found that half of all organizations were targeted by ransomware in 2019, and in 75% of cases the attackers were able to encrypt data. While most of these companies were able to recover their data, two-thirds of them did so through backups as opposed to paying the ransom. The amount of ransomware phishing attacks doubled in 2020, and a report by Chainalysis states that over $350 million USD has been transferred to cybercriminals in 2020 alone.
Typically ransomware attacks are carried out using a Trojan file, or dangerous file which grants perpetrators access to a person's computer, hiding as an innocuous looking file which is downloaded by a victim. Common methods that infected files infiltrate networks are malicious links in emails, infected websites, fake applications and malicious advertisements. Once the file is downloaded, it begins to infiltrate the computer or system in question silently before the ransomware is initiated and the victim is blackmailed for money or other ransom.
Due to ransomware often being spread through encrypted Trojan files and unsuspecting victims voluntarily (and unknowingly) downloading dangerous files, antivirus security software is often ineffective at stopping ransomware. Another challenge for protecting against ransomware comes from the time it takes for security experts to diagnose the virus and create protections to stop its spread.
While it is usually relatively simple to remove the malware in question, ransomware often encrypts data so that deleting the virus results in deleting sensitive or needed infected files. Sometimes ransomware will attempt to delete any hot backups stored locally or on accessible networks, which creates a need to host backups in locations not accessible from the infected system.
As a result of these challenges, security experts suggest the best ways to protect against ransomware is precautionary measures and cybersecurity education for users. Key security measures for protecting against ransomware include regularly backing up critical files, educating users on detecting malicious files and proper network safety and ensuring security measures are updated promptly.
The strongest way to combat ransomware is by backing up data regularly. While storing data backups on a network or local server still leaves data exposed to ransomware threats, it is recommended backups are stored in offline or inaccessible locations. Having regular backups of data ensures that even if a computer or system is targeted and infected by ransomware, the user still has access to their information. This eliminates one of the biggest threats of ransomware, e.g. the danger of not being able to access the data if it is deleted with the ransomware or is unable to be decrypted.
In cases where backups are not available or protections failed, it is sometimes possible to decrypt the targeted files without the assailant's cipher key. While it is possible to gain access to the encrypted files, it depends on the strength of the encryption. If the attacker used a weak cipher, used the same encryption key for all files or there is both encrypted and uncorrupted backups, it is most likely possible to decrypt the files in question using crypto-analysis. If the attack uses more advanced encryptions or encrypts each file individually, however, it is likely the files are not recoverable without the cipher key.
WannaCry is a ransomware that gained prominence in May 2017, infecting over 230,000 computers in 150 countries. The attack affected large corporations worldwide, including the British National Health Service, FedEx, Deutsche Bahn, Honda and the Russian Interior Ministry.
Ryuk is a ransomware often spread through phishing emails, with varying ransom amounts being requested per attack. More than 100 companies suffered Ryuk attacks in 2018, causing more than $60,000,000 in damages.
Fusbo is a major mobile ransomware, accounting for more than half of mobile ransomware cases in 2015 and 2016. The virus hides as a pornographic video player, and only targets devices that are not set to Russian or other Eastern European languages.
As ransomware attacks and cybersecurity risks associated continue to grow, ransomware protection has become a key focus of antivirus and data security software companies. While the majority of ransomware protection is included in larger antivirus packages, some companies offer standalone ransomware defense services. Key focuses and differences between ransomware protection software providers is backup ability (offline or via the cloud), pricing, configuration, flexibility, detection rates and decryption capabilities.
