Ransomware is a distinct threat to all businesses and domestic users. Around for about ten years or so, it first emerged as a major threat in 2013 and has spread from corporate users to domestic and small business users, and latterly to Cloud-based systems.
In its basic form ransomware is delivered to systems via a phishing email. A user clicks on a link and is taken to an infected website. The malware downloads and installs the ransomware application automatically. The ransomware then encrypts systems and data on the user PC, including any mapped network drives and renders the PC useless.
It spreads through network links to other PCs and to corporate servers and can bring down an entire installation. When the ransomware is activated, the user is presented with a message asking for money, usually in Bitcoin, before a decryption key is provided. Often the key doesn’t exist or isn’t provided.
Interestingly enough, one ransomware variant checks the location of the site it is attacking during installation, and if it is in the Russian Commonwealth, doesn’t continue.
The ransomware variants currently in play include:
Although now not seen as a major ransomware exploit, in its heyday in 2016 it accounted for over half of all ransomware attacks. It was unusual in that rather than currency, it suggests using iTunes gift cards for payment.
After the first appearance in 2016, Petya was used for a major global cyber attack, targeting Ukraine in particular. Because there was no decryption key, it was assumed to be a disruptive rather than a financial exploit.
WannaCry is probably one of the most successful and celebrated ransomware exploits. It infected nearly a quarter of a million computers in over 150 countries. Many major corporates and government were affected including the British National Health Service. The exploit included a variation in which files were deleted after seven days if no ransom was paid.
This variant appeared in late 2017 and is similar to Petya and WannaCry. It spread over corporate network structures, being found in many countries in Europe, the Far East and the US.
SamSam is different in that it uses a brute force attack to bypass the normal vectors of phishing and illicit downloads. It was directed against servers with a weak security profile. The virus attacked mainly government and healthcare sites in the US.
The effects of these ransomware variants can affect businesses in several ways:
The market value of a business can be hit and hit badly if the business is hit by a ransomware attack. For example, Verizon reduced the price they were willing to pay for Yahoo by $360 Million after the authorities released information to the media that a ransomware attack had been reported to them by Yahoo.
If ransomware affects the ability of a company to do business for an extended period, that could be terminal.
Consumers, particularly those intending to make online purchases need to know that their information is secure, and that the website is adequately protected against malware. They are more likely to transact with the business if it has the profile of a business that is secure and trustworthy.
If a business reveals that data has been stolen from its website, or the site is made unavailable because of a ransomware attack, the business profile of the organisation will take a severe dent.
This may translate into loss of future business because consumers are less likely to trust them and buy from their online shop.
Manufacturing Control Systems
If an organisation uses computer-based manufacturing control systems, then ransomware could make continuing with production impossible. If the systems affected include safety control systems, then even if production could continue, Health and Safety regulations may make that impossible.
Purchasing, Sales and Delivery Tracking Systems
Many companies rely on computer-based systems to purchase raw materials and to turn successful sales orders into delivery instructions. Some provide online systems where consumers can track the progress of their orders.
If a ransomware attack makes it impossible to track sales, purchases, and deliveries, monitoring and control of the business will be seriously affected.
All-in-all, if ransomware hits a business, there will be trouble.