In cybersecurity, few threats have evolved and increased over the past decade as dramatically as ransomware. Wade Baker, collegiate associate professor of integrated security in the Department of Business Information Technology, has been at the forefront of studying this ever-growing menace.
Baker, co-founder of the cybersecurity-focused think tank Cyentia Institute, is working with the Cybersecurity and Infrastructure Security Agency (CISA) on sponsored research to provide deeper insights into the dynamics, trends, and impact of ransomware attacks
Baker shared some of the information he has gleaned from his research.
What is ransomware?
Ransomware is malicious software, also known as malware, that permanently blocks access to a victim’s system or data unless a fee, or ransom, is paid. Ransoms are often requested to be paid in hard-to-trace currencies, like Bitcoin.
Ransomware is often spread through phishing emails that contain malicious attachments or through what is known as drive-by downloading. This occurs when a user unknowingly visits an infected website and then software is downloaded and installed without the user’s knowledge.
Are ransomware attacks widespread?
From 2013-18, ransomware made up around 2 percent of all cybersecurity events and 4 percent of all financial losses from said events. However, since 2019, ransomware has surged to become one of the most pressing cybersecurity risks globally. These attacks now account for 30 percent of all reported events and 27 percent of financial losses and are now the second most prevalent threat to cybersecurity.
Why have ransomware attacks increased?
The increase can partially be attributed to the COVID-19 pandemic, which accelerated the shift to remote work. This shift blended personal and professional digital environments for many, which bad actors were then able to take advantage of. With employees connecting to and accessing networks outside of their normal cybersecurity constraints, ransomware operators have been able to exploit even more vulnerabilities.
Who is the most at risk for a ransomware attack?
Attackers often target sectors where disruptions can yield quick financial gains. The most impacted area is education, which is considered “low-hanging fruit” by would-be attackers due to the sometimes-lax cybersecurity measures found at many institutions. The health care industry follows closely behind in second, with manufacturing also experiencing significant attacks.
We don’t often hear about attacks on the manufacturing sector in the media because these ransoms are often paid quickly, as costs add up exponentially each day a business is out of service.
Are ransomware attacks also a threat to small businesses and organizations?
Ransomware disproportionately impacts small business, as the scalability of the attacks allows criminals to cast a wide net, impacting a larger number of smaller organizations whose cybersecurity measures may not be as robust. Ransomware attacks encompass around 9 percent of the cybersecurity incidents at larger organizations while making up 41 percent of cybersecurity incidents at smaller businesses.
How are individuals at risk of ransomware attacks?
Ransomware innovations such as “wipers,” which destroy entire systems, signify a dangerous escalation in ransomware attacks that can cause widespread disruption and financial harm. The use of wipers has spiked, as they are meant to cause maximum disruption to their victim.
It is through this disruption, rather than through direct attack, that ransomware will victimize typical citizens. These “indirect victimizations,” be they mere annoyances or critical outages, are how most people will be impacted by ransomware attacks.
The ransomware attack on the critical infrastructure of Atlanta, Georgia, in 2018 is an example of indirect victimization. The successful attack, which shut down multiple municipal services, impacted 6 million people and is estimated to have cost taxpayers anywhere from $2.5 million to nearly $10 million.
How can people protect themselves from ransomware attacks?
There are many things individuals and businesses can do to protect themselves from ransomware. While backing up systems and data is often top of mind, that’s just one of the many things to consider. And that doesn’t actually prevent ransomware infections – it just reduces or contains the impact. Preventative measures include keeping systems up to date, training users to recognize phishing emails, and strong anti-virus or anti-malware defenses.
Virginia Tech|