Common types of ransomware
Ransomware attacks are an ever-evolving threat that have cost organizations millions of dollars.
While ransomware can threaten organizations of every size, we provide common ransomware attack examples to help inform your teams so we can fight together.
Generally, there are two main types of ransomware: locker and crypto.
Locker ransomware locks up essential functions of the computer except to allow the user to pay the ransom and communicate with the cyber-attackers. It was more commonly seen against consumers and home-users during the early history of ransomware attacks.
Crypto ransomware encrypts data, making it irretrievable without the decryption key. This can cause panic as users can typically see the files, but won’t be able to access them, which can damage a company’s bottom line every day it remains locked.
Famous ransomware examples
The increase of ransomware attacks has seen different types of ransomware used to exploit system vulnerabilities in different ways.
Ryuk ransomware is a crypto ransomware that also disables the file recovery function on Windows computers, making it impossible to access the affected files without an external backup.
Locky is commonly deployed via email, where victims download malicious software that locks up their local files.
Causing over $4 billion of damage worldwide, Wannacry ransomware exploited a weakness in Windows-based operating systems and locked users out of their computers.
A drive-by ransomware attack, Bad Rabbit was deployed on websites that were compromised by cyber-attackers. Visitors to the affected site would then download what appeared to be an Adobe Flash installer that actually contained malware.
Named after the villainous puppet from the Saw movie series, every hour the ransom was not paid, more files would be deleted.
Ransomware attack examples for healthcare businesses
All types of organizations have been targeted by ransomware attacks, and healthcare organizations, including hospitals, are no exception.
Compromised protected personal information (PPI) data
In many ransomware attacks, files are encrypted so that they cannot be accessed or systems are locked so that they cannot function. However, there have also been significant breaches that compromised sensitive personal data.
In one case, cyber-attackers infiltrated the network of a healthcare organization and accessed personal data of patients and donors. From February to May, the cybercriminals covertly accessed the data and made copies for themselves, which included names, personal addresses, and donation history. This prompted their victims to eventually pay a ransom for the copied data to be deleted.
The lesson to be learned from this example of a ransomware attack is to protect stored data as much as you protect your network.
Mimecast offers cloud security solutions to empower organizations to safely (and simply) store and access sensitive data.
Rise in healthcare ransomware attacks since COVID-19
According to Comparitech, ransomware attacks cost the US healthcare industry over $20 billion in 2020 alone.
Compared to previous years, healthcare organizations and hospitals saw an unprecedented spike in ransomware attacks during 2020, and some speculate that COVID-19 made hospitals more vulnerable to cyberattacks and perhaps even more willing to pay ransom.
One thing that can be learned from this trend is that an organization can be even more vulnerable during times of crisis. That’s why it’s best to prepare today for tomorrow’s potential ransomware threats.
Examples of ransomware attacks in enterprise businesses
In addition to being compromised by the methods noted above, enterprise businesses can be particularly vulnerable to compromised passwords (given the size of their organization). Additionally, when they are compromised, they may consider paying a ransom to cut losses, but recent examples prove that paying ransoms may not be effective in preventing future losses.
A compromised password is a password that someone outside the intended organization has access to. Cyber-attackers can use a compromised password to gain direct access to a network.
In other cases, credentialed employees have intentionally compromised passwords by selling them on black markets.
This is what many suspect happened in a major cyberattack in April of 2021. On one hand, there’s not much that can be done to stop disgruntled employees from selling confidential company information, but additional layers of protection can be implemented to safeguard against this behavior.
For example, access points for cyber-attackers can require multiple passwords from multiple users in order to access them (multifactor verification). To learn how Mimecast’s email security programs can help protect passwords, schedule a demo.
When to cut losses?
According to a report published by Cybereason, 80% of companies that paid ransom suffered another attack, nearly half of those suffering a repeat attack from the same cyber-attackers.
In many recent instances of cyberattacks that impact businesses, cyber-attackers have claimed that paying their ransom is more cost-effective than hiring attorneys to pursue legal action or hiring a company to help them unlock compromised systems and data. While it’s difficult to know whether or not paying a ransom is the easiest or cheapest solution, paying a ransom doesn’t always make the problem go away.
This is one of many reasons why cyber experts typically advise organizations not to pay ransoms: after all, there’s no guarantee cyber-attackers will honor their terms of the deal to delete data.
Protecting your business from ransomware attacks
Email and cloud security services can help organizations take the necessary steps to protect themselves from ransomware attacks.
By learning from the past, we can create a more secure future together for all organizations.
While ransomware remains an ever-evolving threat, Mimecast offers data and email security solutions that can help prevent ransomware from infiltrating your systems. To learn more about protecting your team from a ransomware attack, schedule a Mimecast demo today.