Ransomware: How criminals cash in on your files

It’s a message you never expect to see when you open your computer at work: “… if you want to decrypt your files, your organization must pay a fee ...” Learn what your organization can do to avoid becoming a victim of ransomware.

Tags: Cybersecurity, Risk mitigation
Published: April 12, 2018

It’s your usual morning routine: You arrive at work. You boot up your PC. You grab a cup of coffee. You log onto the network. Wait a minute. Has your coffee not kicked in yet? You reread the message on your screen: “Your important files have been encrypted, including your documents, spreadsheets, photos, videos, etc. If you want to decrypt your files, your organization must pay a fee of $15,000.”

This is ransomware.

It’s a scenario that, unfortunately, is becoming more of a reality for businesses and public institutions across the country. According to PhishMe, a security solutions company, 97 percent of all phishing emails contain ransomware.


Ransomware is malware that holds data hostage

Resourceful cyber criminals use ransomware to rake in a fast reward and then swiftly move onto the next target. Most ransomware cybercriminals demand reasonably small sums ($5,000-20,000). This encourages companies and institutions to pay quickly, so they can regain control of their data.

Ransomware is downloaded and installed onto your PC using email attachments, embedded hyperlinks within emails, internet browsing sessions or web application vulnerabilities. Once installed, the malware encrypts files, drives and shared networks. It then locks down the system. The hackers then send messages demanding money to decrypt your organization’s files.

Hackers often target critical infrastructure, such as healthcare facilities and local governments, because these organizations can’t afford to shut down for long periods of time.

For example, in 2016, hackers successfully forced a Los Angeles-based hospital to pay $17,000 to unlock its computer files. The hospital attempted to recover its data for over a week, but eventually agreed to the hacker’s terms after determining their backup, and restore options had failed. During the one-week standoff, hospital staff was unable to access email or electronic records. They had to update records manually and they needed to transfer some patients to other hospitals.

Other common targets include small to medium-sized businesses and public institutions. These targets often have outdated security measures due to the expense of adding multiple layers of protection to their network and information assets. Larger organizations tend to have resources in place to prevent and detect malware.

Like most malware, ransomware is challenging to detect. Most users don’t realize it’s been installed on their PC or network until they receive a message demanding a ransom payment.


A layered approach to security is the best prevention. Here are some suggestions:

1. Identify gaps: Implement employee security-awareness training and create restrictive roles for your employees with privileged access. When properly trained, employees serve as the first line of defense.

2. Protect and prevent: Deploy layers of security that include endpoint security, email security, network security, applications security software and advanced malware threat detection. Although it can be pricey, this long-term investment can help prevent costly and reputation-damaging breaches.

3. Detect: Use risk-based detection. Analyze which organizations, countries and/or individuals pose a threat to your organization. Don’t ignore warning signs.

4. Respond and remedy: Incident response readiness and preparation can help you quickly respond to potential threats. Run test scenarios to improve employee response.

5. Prepare for recovery: Don’t forget to backup and encrypt your servers. Do this regularly, and keep a recently encrypted backup copy off-line.

This risk isn’t likely to go away in the coming years. Current perpetrators are succeeding, which encourages them to continue their activities and expand their targets and tools. This is also be likely to inspire copycats. Because of the potential consequences, ransomware will continue to be a major risk area.

The FBI has created a helpful document on preventing, responding to and recovering from ransomware. It’s available on the U.S. Chamber of Commerce website. The Financial Services Information Sharing and Analysis Center (FS-ISAC) also has some tips for safeguarding against ransomware. We encourage you to review these documents, stay engaged and learn more about this and the other cyber risks we face.


©2018 U.S. Bank.