Ransomware is becoming a big business opportunity within the online criminal underworld.
Using simple exploits found in spam, hacked websites or compromised software, hackers are targeting vulnerabilities in systems to deliver their ransomware payloads.
These programs often encrypt the contents of a user’s hard drive, and any other drive that their machine may be connected to, including a cloud storage account or a mapped network drive.
Once the files on the drive are encrypted, a web page is displayed on the users screen demanding that they send Bitcoins in exchange for the key that will unlock their data. In 2015 alone, researchers believe that over $370M was paid to hackers in ransom fees.
You might think, “If I have a cloud storage account, isn’t my data safe from Ransomware?”
Quite frankly, no.
Let’s take OneDrive for example. Many users have mapped their OneDrive account as a networked drive on their local machine. Some may call it the Z: drive. Most modern ransomware works by taking over the SVCHost process on your machine.
The SVCHost process gives the malicious payload the ability to encrypt files that the user has access to on their network.
Consider this scenario: What if every user in your organization is required to be mapped to a specific drive in order to use your main line of business application?
What happens when one of your users gets a Ransomware infection? Not only would the data on the local users hard drive be encrypted, the data that the user has access to on the main line of business app could be at risk as well, potentially impacting your entire operation.
Because of these lucrative opportunities (for the hackers), the Online Trust Alliance has seen the groups behind these attacks become more sophisticated.
These groups have begun targeting organizations that possess data that could be considered valuable. The idea for the hackers is: If a company has valuable information, they may be willing to pay a premium to get it back.