Be Aware of Ransomware!
Be Aware of Ransomware!
  • Reporter Song Geun-seok
  • 승인 2022.11.13 01:03
  • 댓글 0
이 기사를 공유합니다

▲Ransomware Illustration / Security Intelligence
▲Ransomware Illustration / Security Intelligence

 On Aug. 30, an antivirus software, Alyac, caused confusion among the users as it diagnosed normal files as ransomware and warned the users to restart the computer. As a result, some of the 16 million users' PCs were severely damaged or blacked out. What is this ransomware that such a widely used antivirus software had to urgently warn users?
 Ransomware is currently the biggest troublemaker in the IT industry. A combination of 'ransom' and 'software,' ransomware refers to malware that demands money via file encryption. In other words, the malware makes data or files inaccessible by blocking them, and victims are threatened to pay for restoration.
 The first documented ransomware appeared in 1989, and the number of ransomware scams has grown exponentially since then. According to the statistics provided by Cybereason, a cybersecurity technology company, the global financial damage due to ransomware was approximately 20 billion USD, which is double the damage in 2020. Experts also predict that this increasing trend will continue in the future. According to the 2022 Acronis Cyberthreats Report provided by the cybersecurity company, it is projected that global damage caused by ransomware will hit 30 billion USD in 2023. Wai Kit Cheah, senior director at Lumen Technologies, mentioned that ransomware will become the next pandemic, and victims may be extorted with data exfiltration.
 Similarly, the complexity of encryption patterns has been significantly improved. While early ransomware was mostly based on simple algorithms so that decryption was relatively easy, more sophisticated algorithms such as one-way encryption have been developed so that the victims cannot avoid making payments for decryption. For example, the ransomware called 'Cryptolocker' infected more than 250,000 systems with highly sophisticated encryption algorithms in 2013. As its name implies, victims had to pay via cryptocurrency Bitcoin for decryption, making it even more difficult for the attackers to be caught.
 Another problem with ransomware is that its scope has expanded from individuals to large companies and even national organizations. Attackers are targeting such companies as they are capable of paying huge amounts of money, so more advanced ransomware algorithms specific to a company are being developed. Particularly, small and medium enterprises (SMEs) that lack security infrastructure and have been impacted by COVID-19 or companies with highly entangled supply chains are easily put at risk. Attacks on companies or organizations are dangerous because confidential information or customer data may be extorted and potentially lead to secondary damage. However, there are already so many cases where global companies and organizations have been attacked by ransomware. In South Korea, some well-known companies such as Hyundai, CJ, and LG all have been attacked by ransomware in 2021, and the total damage by ransomware skyrocketed from 110 billion KRW in 2015 to 2.5 trillion KRW in 2021. 
 There are several ways ransomware is spread. The bigger problem is that not only the PC is infected by ransomware, but also Android or iOS are vulnerable to the attack. First, Remote Desktop Protocol (RDP), which functions to connect other computers using the network, accounted for the most ransomware attacks in 2021. Developed by Microsoft, RDP allows the acquisition of user credentials, which then may be used to access other clients' data and spread ransomware. Second, email phishing is one of the most common ways to spread ransomware. The attacker, disguised as a credible figure, may send an email with an attachment that includes harmful data. Once opened or downloaded, the automatic ransomware infection process begins. Third, software weaknesses are abused. In particular, weaknesses related to Microsoft Exchange Server and Log4j are mostly targeted for ransomware spread, and these two accounted for the most abused software in ransomware attacks in 2021.
 So, how may one prevent ransomware? Although many countries around the world are looking for ways to prevent ransomware, there is no perfect way to do so. New technologies are developed every day, meaning that there is a more sophisticated way to spread ransomware, and new software weaknesses are targeted for attacks. Experts say that only thorough prevention may reduce the probability of ransomware attacks. Thus, it is important to store important data and files in separate storage from the PC, or they must be readily uploaded to backup or cloud servers so that data are not lost or damaged.