Ransomware has been targeting victims since the late 1980s. Although it originated during the era of the floppy disks, modern cybercriminals have developed new-age tactics that are more sophisticated and often less understood.
In this article, we will explore the history of ransomware attacks, the tactics used today, and the proactive measures you can take to protect your law firm from this growing cyber threat.
Ransomware, a Malicious Form of Malware
Ransomware is a type of malicious software that takes control of a victim’s sensitive data or device, making it inaccessible until a ransom is paid. The malware encrypts files, effectively locking users out, and the attacker demands payment in exchange for the decryption key.
Ransomware attacks generally fall into two categories:
- Encrypting Ransomware (Crypto-Ransomware) – This is the most common type, where data is encrypted and held hostage.
- Non-Encrypting Ransomware (Screen-Locking Ransomware) – Where the attacker locks the entire device, preventing access.
In addition to these main types, there are many subcategories and related ransomware variants out there, such as leakware, wipers, scareware, and mobile ransomware.
The Story of Dr. Popp and a Floppy Disk
Ransomware has been a cyber threat for decades. The first known attack occurred in December 1989, delivered via a mailed floppy disk, misleadingly labeled “AIDS Info Disk”.
This first attack is known as the AIDS Trojan Horse. The “AIDS Info Disk” or “PC Cyborg Trojan” was a DOS (denial-of-service) trojan horse malware that targeted a computer’s C-drive, scrambling and encrypting files.
Those who received the diskette were under the impression they were receiving valuable information about the emerging AIDS epidemic. However, what they inserted into their computers was a slow-crawling malware that infected the operating system. There were no immediate signs of a cyber infection until around the 90th reboot of the computer.
After that final reboot, a ransom note appeared on their screens, informing the users that their files had been encrypted. The note instructed them to pay a minimum fee of $189 mailed to a specified PO Box to receive a decryption key, referring to this payment as a “software lease from PC Cyborg Corporation”.
While the cybercriminal and Harvard-educated Dr. Popp didn’t get rich from this attack, many victims worked in the medical field and lost invaluable research data when they wiped their hard drives in a panic.
Ransomware Evolution
Ransomware attacks didn’t immediately take off after the 1989 AIDS Trojan attack. It wasn’t until the 2000s, when personal computers found their way into homes across the country, that ransomware attacks started to increase significantly.
Since its inception, ransomware has evolved into a multi-billion-dollar criminal enterprise. Cybercriminals and malicious software developers now operate with a single goal: to profit from anyone with a digital device.
Today, ransomware is a prominent threat. According to IBM’s Threat Intelligence Index, 20% of all recorded cyber threats involve ransomware.
To Pay or Not to Pay a Ransom
Handling a ransom demand for your sensitive data is personal and terrifying. The cybercriminal has control of your data and is demanding payment to release it back to you.
Unfortunately, there have been many instances where the victim paid the ransom, only to be faced with a second—and sometimes even a third—payment demand.
U.S. federal law enforcement agencies have unanimously discouraged paying ransom demands. Instead, they encourage ransomware victims to report attacks to the appropriate authorities prior to taking any action.
Additionally, in certain situations, paying a ransom may be illegal. Some victims could be subject to compliance requirements that impose specific legal obligations when responding to a ransomware infection.
Regardless of the circumstance, the first step should always be to report the attack.
Tips to Defend Against Ransomware
Reduce your exposure to ransomware attacks and protect your data with these tips:
- Maintain backups of sensitive data and system images.
- Apply patches regularly to help combat ransomware attacks that exploit software and operating system vulnerabilities.
- Utilize cybersecurity tools, such as antimalware software and Security Information and Event Management (SIEM) systems, to help security teams intercept attacks in real-time.
- Commit to employee cybersecurity training so users can recognize and avoid the tactics commonly used in ransomware attacks.
- Implement access control policies such as Muli-Factor Authentication (MFA) and network segmentation to prevent malware from reaching sensitive data. Identity and Access Management (IAM) controls can also stop cryptoworms from spreading to other devices on the network.
- Design a formal incident response plan to enable yourself and security teams to intercept and remediate breaches swiftly.
To mitigate risks and reduce the vulnerabilities cybercriminals prey on, educate yourself and your team on the threats and bulk up your defenses. Knowledge is truly a cybercriminal’s nightmare, making education every target’s hidden superpower.
Another tip is to have Cyber Liability Insurance. This may not seem like a conventional tip, but the benefits of insuring your business go further than paying out for a claim. Carriers often offer tools, resources, and support to help prevent attacks and provide guidance and support.
What to Do After a Ransomware Attack
You’ve been hit. Your device and network are infected, and your sensitive data is being held hostage with a costly ransom demand from a criminal actor. Now what?
First and foremost, stay calm. This frustrating experience tends to induce panic. However, panic will only result in rash decisions, like the medical researchers who impulsively wiped their drives clean in 1989.
Next, document the attack. Take a picture of the ransomware message for evidence. Remember, this is a crime, and you need to document evidence for your report.
After documenting the attack, report it to the proper authorities. They will guide you through the next steps. Make sure you have the following actions outlined in your cybersecurity response plan:
- Determine the impact and isolate the system immediately.
- Cut off all incoming and outgoing network connections.
- Backup your data to an external drive or secured cloud account.
- Disconnect external storage devices.
- Safely wipe your hard drive and reinstall your operating system.
- Reset all your passwords, including the passwords of any connected apps or MFA methods.
Once the direct connection to the infected device is severed, wait for clearance and a response from the authorities before reconnecting to your network.
If you have a Cyber Liability Insurance or Data Breach Insurance policy, contact your carrier immediately for guidance and support.
Wrapping up
Ransomware attacks have existed for decades, evolving into increasingly creative and devastating threats that target businesses and everyday users to encrypt sensitive data and demand a ransom for its release.
Cybercriminals don’t need to develop their own ransomware. They can purchase malware through digital marketplaces like the dark web or partner with developers through affiliate programs.
However, ransomware attacks are preventable. Educating yourself on the red flags, recognizing common tactics, and implementing strong preventative measures can significantly reduce the risk of falling victim to a ransom attack.
