Q&A: What is ransomware and why do cyber criminals use it?

Attacks more prevalent as hackers target known cybersecurity weaknesses in target organisations
Q&A: What is ransomware and why do cyber criminals use it?

Unlike other cyber attacks, ransomware does not steal data or secretly monitor computer systems, its purpose to extort money from targets. File Picture: iStock

The Health Service Executive (HSE) has been forced to shut down its IT systems this morning after being targeted in what Minister for State for Public Procurement and eGovernment Ossian Smyth has called "possibly the most significant cybercrime attack on the Irish State.”

Director general of the HSE Paul Reid has said that the health service is working with gardaí, the defence forces and third-party cybersecurity experts to respond to the attack.

The HSE's IT systems were shut down as a “precaution”.

Last Friday, US fuel pipeline operator, Colonial Pipeline, shut its entire network, the source of nearly half of the east coast’s fuel supply, after a cyberattack on its servers.

Here, gardaí have issued several warnings about ransomware and cyberattacks in recent weeks and months, following a major increase in the number of these incidents being reported to them.

Unfortunately, cyberattacks and ransomware are now more prevalent than ever.

But what is ransomware, and why do criminals use it?

What is Ransomware?

Ransomware is malicious software (malware) used by criminal hackers to encrypt a person or firm's hard drives and data. 

The encryption locks the target out of key system functions, thus preventing them from accessing important files or using their computer altogether.

Criminal hackers perform this type of attack to try and extort money from individual private individuals, groups, and organisations.

Hackers will demand payment, usually, in the form of an untraceable, digital currency like Bitcoin to decrypt their victim's data. 

The attack experienced by the HSE this morning is a 'citi' ransomware attack — essentially a 'double' attack wherein, as well as demanding payment for decryption, cybercriminals threaten to destroy the victim's files or data, or release/publish it if the "ransom" isn't paid on time.

Unlike other cyberattacks, ransomware does not steal data or secretly monitor computer systems, its purpose to extort money from targets and move on.

How do attackers gain access to someone's system?

There are a number of ways this can happen, but most often, the targeted person or firm will receive a text, instant message or email asking them to download a particular attachment or click on an embedded hyperlink.

These messages and emails can often be indistinguishable from the standard emails a company might receive every day. 

Some of these malicious messages may instruct the target to update a piece of legitimate software they use or risk losing access to it.

If the targeted person unwittingly downloads the file or clicks the link, the ransomware gains access to the person's computer. 

From here, more sophisticated ransomware is able to self-replicate and access any systems the computer is connected to.

Why do hackers use this kind of attack?

In short, because it is so easy.

There are a number of different varieties of ransomware, with many of these being openly available for free online.

Ransomware hackers usually target known cybersecurity weaknesses within their target organisations, meaning even criminals with limited knowledge can elicit large amounts of money very quickly.

By requesting payment in digital cryptocurrency, hackers are able to remain untraceable.

If a target pays a ransom, does the attack end?

Policing and cybersecurity organisations the world over will usually advise that the victim of a ransomware attack does not pay the ransom. 

If a person does pay, there is no guarantee the attackers will decrypt their files. In fact, many cybercriminals will increase the price of the ransom if the initial amount is paid. 

There is also no guarantee the cybercriminals will not keep a copy of a victim's data and publish or release it elsewhere later on.

What's the best defence against ransomware?

Experts have suggested a number of ways private individuals and organisations can protect their computer systems against cyberattacks.

Blocking suspicious internet and email accounts and avoiding downloading programs that are not secure are some of the cheap and effective ways of protecting against ransomware, but will not block all forms of the software 

People and organisations are warned to back up data on separate networks or on a cloud-based system to ensure continuity of business, should a successful attack be carried out.

Antivirus software should always be kept to date, and should only ever come from official sources.

Data from work and personal online activity should also not be mixed — ie you shouldn't use a work computer for anything you wouldn't do on your own personal computer or mobile. 

If accessing your personal or work computer through a public WiFi network, experts advise the use of a virtual private network (VPN) to enhance security. 

More in this section

Lunchtime
News Wrap

A lunchtime summary of content highlights on the Irish Examiner website. Delivered at 1pm each day.

Sign up
Revoiced
Newsletter

Our Covid-free newsletter brings together some of the best bits from irishexaminer.com, as chosen by our editor, direct to your inbox every Monday.

Sign up