Ransomware: How Does It Spread in a Network?

Ransomware is increasing. The FBI’s Internet Crime Complaint Center has received a 62% increase in ransomware reports from 2020 to 2021. There were 78.4 million recorded attempts in June 2021 alone. 

It’s important to educate yourself and your company on ransomware, especially when nearly two-thirds of the global population is connected to the web. There are ways to be proactive in order for businesses to protect employees and executives from this malware.

What Is Ransomware?

Ransomware is a type of malicious software that infects a computer system, and then ransoming the data for payment.

There’s typically an on-screen alert popup message that explains the user’s system has been locked or their files have been encrypted when a ransomware attack occurs. Other attacks would prefer to go as long as possible without being discovered. Ransomware is the opposite–it makes itself known.

Many ransomware attacks now steal data before encrypting files. The goal is to offset the data from backing up since many organizations try to backup data as a result of previous ransomware threats. The attackers steal sensitive data and use that data to extort the user. 

The amount of money asked in a ransom varies. For example, in 2020, the average ransom payment for mid-sized businesses was $170,404.

Examples

Let’s take a look at businesses that have been the victims of ransomware. 

Brenntag

In May 2021, Brenntag, a chemical distribution company, paid $4.4 million in Bitcoin to DarkSide. DarkSide is a ransomware group behind many high-profile attacks.

DarkSide encrypted Brenntag’s devices and stole approximately 150 GB in unencrypted data. DarkSide demanded $7.5 million, but they eventually settled for $4.4 million.

Acer

In May 2021, REvil, another hacker group, targeted Acer, a computer manufacturer, with ransomware. REvil hacked Acer’s server to gain access to their files. They then used these files to leak bank balances, bank communications, and spreadsheets. REvil requested $50 million from Acer, mentioning that they would double the ransom if the $50 million was not paid on time.

How Does Ransomware Spread on a Network?

There are several ways ransomware can spread throughout your organization.

Malvertising 

Ransomware attackers purchase ad space on legitimate high-traffic websites, then list ads that entice users to click on them. The ads are connected to a kit, which targets vulnerabilities on a device or application.

Compromised Credentials

The easiest and fastest way for threat actors to penetrate your network is to use credentials that are compromised. Since credentials are easily available on the Dark Web or through Network Access Brokers (also known as Initial Access Brokers), threat actors will then impersonate an authorized user and gain access to data.

Email Attachments 

Attackers spend time looking into information available on the Surface, Deep, and Dark Web, as well as Social Media about your employees and executives to build a realistic email that staff members are more likely to open.

These phishing emails can contain email attachments with malicious software. Once you open the attachment, the ransomware can access and encrypt your files.

Malicious Links

Phishing emails or smishing texts, compromised websites, and/or malicious social media profiles may contain malicious links embedded in them. There is usually an urgent message in the links, encouraging users to click on them. Once the user clicks on the link, the ransomware is downloaded and can encrypt your files. 

Drive-by Downloading

Malware can be downloaded without the user’s knowledge if they visit an infected website, There is no human interaction. 

Are There Consequences of Ransomware?

Reputation

Reputation is important in business and it’s at risk with a ransomware attack. 46% of businesses said their reputation suffered after cybersecurity attacks. Ransomware also affects the experiences of your clients/customers by influencing your operations.

Safety 

The safety of your employees is impacted by a ransomware attack. 92% of executives have their credentials exposed. Exposed data puts your employees, and even their families, at risk. Executives are most at risk since they are most likely to possess confidential information.

Time

There is typically a lot of downtime during a ransomware attack.  According to Statista, the average downtime of ransomware attacks is 22 days. This is a three-week delay that can cripple your organization’s performance and potentially affect your customers’ lives. 

Cost

Cost is the most quantifiable consequence of ransomware. Whether simply through disruption to operations, the efforts to recover encrypted data, or from paying the ransom. Remediation costs from ransomware attacks more than doubled within the past year, according to the 2021 State of Ransomware survey. The average cost in 2020 was $761,106 and in 2021 it was $1.85 million, which is an increase of 143%. The number of businesses that had to pay a ransom cost went from 26% in 2020 to 32% in 2021.