top of page
  • Raghav Sand

Ransomware: The Malicious Software

According to the 2021 CrowdStrike Global Security Attitude Survey, conducted by independent research firm Vanson Bourne, ransomware has been a persistent threat, costing organisations nearly $2 million on average.


India has been the worst hit by ransomware in the APAC region, with 76 per cent having suffered a ransomware attack this year, as compared to 61 per cent in Japan, 64 per cent in Singapore and 67 per cent in Australia. Additionally, 27 per cent of Indian respondents said that they have paid between $500,000 – $1 million as extortion fees on top of ransomware as compared to 33 per cent in Japan, 29 per cent in Singapore and 19 per cent in Australia. Globally as per the survey, the average ransomware payout has increased 62.7 per cent in 2021 (from $1.1 million in 2020 to $1.79 million in 2021).


“While attackers aren’t getting quite the amounts they are seeking, they are still earning massive payouts. CrowdStrike attributes this to companies understanding both the threat and their exposure, and their ability to negotiate with attackers,” the report said.


Further, “organisations are almost universally getting hit with “double extortion,” when threat actors not only demand a ransom to decrypt data, they additionally threaten to leak or sell the data unless the victims pays more money,” the report said.


What is Ransomware?


Ransomware is malware (malicious software) that encrypts your files or stops you from using your computer until you pay money (a ransom) for them to be unlocked. If your computer is connected to a network the ransomware may also spread to other computers or storage devices on the network.


Some of the ways you can get infected by ransomware include:

  1. Visiting unsafe, suspicious, or fake websites.

  2. Opening file attachments that you weren’t expecting or from people you don’t know.

  3. Opening malicious or bad links in emails, Facebook, Twitter, and other social media posts, or in instant messenger or SMS chats.

You can often recognize a fake email and webpage because they have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).


Ransomware can target any PC—whether it’s a home computer, PCs on an enterprise network, or servers used by a government agency.


Organizations often learn about their cyber-attack when they receive a notification from an infected machine informing them that their data has been targeted. There are typically a few steps within a typical ransomware attack. First, the system or control server is compromised to install the malware. Next, the malware takes control of the machine by encrypting data with the ransomware. Then, the compromised machine displays a message with the “ransom note” with the attacker’s demands for the individual or corporation, telling them that their encrypted files will not be accessible until the ransom is paid.


Types of Ransomware


In particular, two types of ransomware are very popular:


Locker ransomware: This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window containing the ransom demand in order to make the payment. Apart from that, the computer is inoperable. But there is good news: Locker malware doesn’t usually target critical files; it generally just wants to lock you out. Complete destruction of your data is therefore unlikely.


Crypto ransomware: The aim of crypto ransomware is to encrypt your important data, such as documents, pictures and videos, but not to interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom demand: “If you don’t pay the ransom by the deadline, all your files will be deleted.” and due to the number of users who are unaware of the need for backups in the cloud or on external physical storage devices, crypto ransomware can have a devastating impact. Consequently, many victims pay the ransom simply to get their files back.


Targets of Malicious Attacks


Ransomware can spread across the internet without specific targets. But the nature of this file-encrypting malware means that cybercriminals also are able to choose their targets. This targeting ability enables cybercriminals to go after those who can — and possibly are more likely to — pay larger ransoms.


Here are four target groups and how each may be impacted:

  1. Universities fall into this category because they often have less security along with a high level of file-sharing.

  2. Government agencies, banks, medical facilities, and similar groups constitute this group, because they need immediate access to their files and may be willing to pay quickly to get them. An example of this is the ransomware attack on Colonial Pipeline in 2021. The U.S. fuel pipeline operator had to shut down its entire network and ended up paying the hackers a ransom of $4.4 million in Bitcoin. Some of the ransom was later recovered.

  3. Law firms and similar organizations may be targeted, because cybercriminals bank on the legal controversies that could ensue if the data being held for ransom is leaked.

  4. Cybercriminals go for the bigger payouts, which means targeting corporate entities. Part of this involves focusing on the United Kingdom, the United States, and Canada due to greater wealth and personal-computer use.

Protection is Better Than Cure


There are steps you can take to help protect your computer and devices against being infiltrated by ransomware. Here’s a list of tips to remember:

  1. Always back up your data. If you’ve made an external backup of your files, then you should still have access to your data if cybercriminals try to steal and hold it hostage.

  2. Install reliable ransomware protection software.

  3. Stay updated. Keep your operating system, programs, and security software up to date. This helps to protect you against the latest malware with the latest security patches.

  4. Never click on email attachments or links from unknown sources. They could have malware embedded in them.

  5. Be cautious when online. Malicious websites and pop-up ads are just waiting for you to click on them.

  6. Don’t surf the web on public Wi-Fi networks. Using a VPN — short for virtual private network — can help keep your data private.

  7. Never use USB sticks from unknown sources. You don’t want to provide an easy gateway for hackers.

bottom of page