What is ransomware? It’s possible you’ve seen articles on it, but don’t understand quite what makes ransomware such a unique threat to businesses small and large alike. There are a number of factors that make ransomware a big problem.
Let’s get into it!
What is Ransomware?
Ransomware is a family of malware that locks a user out of their device with programming that’s tough to crack: it encrypts user data when it infects a device, and only the hacker has the key to un-encrypt it. Once the virus is on the device, the creator will demand payment to unencrypt it, a ransom, which is how it gets its name.
It’s usually delivered as a Trojan, either hitching a ride on legitimate files that the user downloads or disguised as a legitimate file itself, but not all of them are – famously, the WannaCry ransomware was able to travel between computers on a network (sometimes off of different networks too) all by itself, no user movement required after one download on that network. Notably, WannaCry was also using an exploit that the NSA knew about and then didn’t tell Microsoft about until after that information leaked outside the NSA, at which point Microsoft had to scramble to patch it. And the patch worked, but basically every computer affected by WannaCry didn’t have it! The initial wave was around 300,000 computers, and the actual estimated damages are all at least six-digit numbers, sometimes more depending on where you look.
WannaCry was a special case, however. Not all ransomware is this insanely advanced – many ransomwares are possible to crack or don’t fully encrypt a device, whether that’s because the ransomware itself is trying to use a vulnerability that has been patched, or because the device has a good enough antivirus to sense files being encrypted and then isolate the program doing the encrypting. Maybe the person writing it was inexperienced, or maybe their resources are more directed towards scaring someone into complying vs. actually completely encrypting the machine.
WannaCry was unique because it used a zero-day exploit, which is a kind of exploit that relies on flaws in an operating system that the operating system’s creator doesn’t know about. The OS creator not knowing about the problem is the critical key; once they know, they patch it! That’s what happened with WannaCry, but because so many people were reluctant to patch their machines even after that exploit was discovered (choosing instead to just take their chances with WannaCry on the loose, likely not knowing how bad it was) the worm spread and did -illions of dollars of damages across Windows devices.
What does Ransomware cost?
Ransomware costs businesses across the entire spectrum of size hundreds of millions of dollars a year. Ransomware attacks are steadily increasing, and the variety of ransomware viruses out on the web are going up too. Including less direct costs, the total rises to a whopping 16.6 billion dollars of losses in 2024, according to the FBI. Worse, these attacks seem to be on the rise as the new hot way to defraud businesses, with that number being a 33% increase from 2023. (Report here: https://regmedia.co.uk/2025/04/23/2024_fbi_ic3report.pdf). As mentioned above, a lot of this is coming from trojans – people downloading programs pretending to be something else until they’re on the computer, at which point the actual ransomware is triggered into encrypting all the files on the device. It’s a tough nut to crack, and a big problem for everyone, not just individuals or businesses.
Cities, states, provinces, countries are all suffering attacks trying to use ransomware to encrypt critical systems relating to government management. In many ways, they are a perfect target for criminals, because on smaller scales many cities and states are woefully underprotected and also using outdated systems to perform things like waste management and water treatment, things that cannot wait because people can die as a result. Our state of Nevada recently suffered a ransomware-like attack that took down SNAP among other programs, and left people in the lurch over a weekend. In short, ransomware costs so much because it’s not only demanding money, it’s also demanding hours or days of downtime, and it’s always aimed at the people who can afford it the least.
What does BitCoin have to do with it?
You might notice BitCoin or other blockchain products like Ethereum coming up in the same conversations as ransomware. The thing about digital money today is that it’s usually pretty easy to track. Banks can actually see what products were bought in a given transaction, and credit card processors recently decided that they can just prevent certain purchases from being made on sites where they are the only real options for checkout, effectively banning that content from sale. That’s really annoying! So you’re saying that sometimes you cannot buy a product that is fully legal, that one party really wants to sell and another party really wants to buy, basically for reasons that boil down to “don’t feel like it”? The problem there is that the payment processors have a monopoly on payment portals in the U.S. in a way they simply do not in other countries. Brazil and Japan have systems that allow people to walk into a physical location with cash to pay for a purchase being made online, but the U.S. does not because those major payment processors have cornered the market.
This is relevant because BitCoin was initially intended as a way to escape this! By buying some BitCoin, you can use BitCoin anonymously to buy things you might not be able to buy with your regular credit card. As a reminder, Visa decided they didn’t want to process sales on completely legal items, so this is not just shady research chemicals and rare endangered bird specimens we’re talking about here. Imagine going to Chuck E Cheese and buying 20$ worth of tokens: the credit card processor can’t see which games you put the tokens into, or what you spent the tickets on in the prize shop afterwards.
This comes with downsides. Anonymity is a double-edged sword, and once money is sent, it can’t be recalled thanks to the way the blockchain works. So, if you send Bitcoin and don’t get your product, that sucks, and you can probably leave a review somewhere, but you can’t get the Bitcoin back by going to a central authority because none exist for Bitcoin. Getting scammed on a credit card is no longer lucrative because credit card processors generally have a way to stop payment, which is why scammers were asking for 500$ gift cards for a long minute since those can’t be yoinked once payment goes through. Bitcoin re-opened an avenue for scammers, but the downside to that is that the person being ransomed has to know how to buy BitCoin, and then from there how to send it, which is a lot, and the gift card demands are still pretty common as a result.
How do you protect against ransomware?
Ransomware doesn’t have to be a monster keeping you up at night. By setting up a full stack of protection, you can shore up weaknesses and/or make your business a less appealing target, which is sometimes all it takes to evade an attack.
Employee training is crucial – many attacks start with an employee downloading something onto a work computer, which was (outside of that download) almost impossible to breach with a malicious file. Anti-phishing and internet safety training can shore up these types of weaknesses! In the case of WannaCry, it didn’t even necessarily need a new antivirus to stop it, it just needed that single patch to fix the vulnerability the worm was sneaking in on, something employees were reluctant to allow on their computers because of the fear of breaking other apps that were still running, or creating downtime. The cost of not allowing maybe fifteen minutes of downtime while the machine rebooted was instead a compromised network and hours or days of waiting for the key, so the trade is certainly not worth it.
Better antivirus programs that can isolate a computer on a network can also save a lot of grief, as can a regular backup system. By regularly backing up devices, the ransomers lose the leverage they have to hold important files and the computer itself hostage.
If you’re looking for someone to shore up weaknesses, make sure your devices are adequately protected, and provide training software to your employees, get in touch with us. We offer plans tailored to your business, and your needs. We can explain the Swiss Cheese model, get you set up on an all-you-need-fixed plan, and ensure your emails are filtered so the Trojan problem doesn’t take your entire system down.
We don’t stop there, either – if you’re looking to improve systems and get set up with better tech, we can do that too. We can vend computers and enterprise level software you may not be able to access yourself, or help you set up MDMs for your business’s tablets, for example.
If this sounds interesting, get in touch with us – we’d love to talk to you! https://elixistechnology.com/contact/
