Cyberattacks, across the board, are never a good thing; and depending on the severity of the attack and the business you engage in, each kind of cyberattack can be ranked in how damaging and how severe each attack is to your server. Let’s say, for example, you engage in book selling, like Amazon but on a smaller scale. A DDoS attack, or Dedicated Denial of Service attack, can keep your audience from accessing your website on the day a new book comes out from a popular New York Times Bestseller. A data breach could be even more damaging as your records, both online and in-store transactions, could be stolen from your local databases and sold to cyberthieves looking to drain your customers’ bank accounts.
However, when it comes to the severity of cybercrime, ransomware is universally feared and despised by all.
Here’s how ransomware works, if you are not familiar with the term or why it strikes fear in those who regularly do business of any kind online. Black hat hackers breach your security and get hold of your data. That data could be anything from customer databases to project materials that may be coming up for delivery, you name it – if it is data and it is on your servers, hackers will get their hands on it. Once your data falls into their hands, hackers will contact you and offer the stolen data back for a fee. Once the fee is paid in full, a digital key is sent that should be able to unlock your data.
Will your data be intact and without additional malware installed? Again, this is another reason ransomware is so terrifying. You don’t know.
And these ransomware attacks come at a very steep cost.
South Korean hosting firm Nayana announced last month that it had suffered a massive breach affecting more than 150 of its servers, in which the attackers had managed to take control of an immense amount of user data. In exchange for getting the stolen data back, the hackers demanded nearly $4.4 million in Bitcoins.
Yes. $4.4 billion. And as it was to be in Bitcoin, it would be completely and totally untraceable.
Both hackers and Nayana held negotiations over what was deliverable, and they finally agreed on a ransom of $1 million in Bitcoins, which Nayana would pay out in three installments. At the time of writing this, they’ve made the first two transactions. The third installment is yet to be done. There is a strong possibility that the arrangement stipulated delivery of the third installment after the data is restored in full.
At the time of posting this, Nayana is currently in the process of transferring the stolen data back to its servers. The next step would be to create back-ups of the data and perform analysis to confirm the integrity of the recovered files. Provided the data is not corrupted. The company estimates the entire process will likely take between four to seven days to complete. Stolen data is expected to be properly restored back to the almost 3,500 affected clients shortly after.
This ransomware incident marks yet another unfortunate case in a string of ransomware attacks. Beginning with the WannaCry cyberattack, this most recent incident has been so successful you can expect to see more of it in the future. The Dutch cybersecurity firm Trend Micro conducted research that seems to suggest that the attackers relied on a variation of the Erebus ransomware that was specifically designed for Linux.
Remain vigilant, and consider frequent backups as your best defense against ransomware.
A research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratford University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.