The recent cyberattacks have received global attention. A Russian hacker group, REvil, is reported to have carried out a massive ransomware attack against service provider Kaseya Limited.

Kaseya Limited is an IT company based in the United States whose products are used by various companies, especially convenience stores, in various parts of the world. This company helps small and medium businesses that do not have IT personnel to create managed service provider (MSP) programs that can be accessed via the internet.

The REvil attack left around 1,000 companies affected because it affected their business's vital operating systems. Swedish retail company Coop even had to close 800 stores for more than two days because of the ransomware attack.

Lastly, REvil demanded a ransom of 70 million USD or around IDR 1 Trillion in bitcoins to unlock the ransomware description.

But what is ransomware? According to the web page of Acronis, a provider of cyber protection systems, ransomware is a form of malware software that infects your system and encrypts your files. Users cannot access their data until a ransom is paid in exchange for the decryption key. Once the ransom is paid, users can only hope that the attacker will provide the decryption key and regain access to their files. After all, the ransom must be paid to the attacker in Bitcoin and usually ranges from a few hundred to thousands of dollars.

The history of ransomware was first recorded in 1989. At that time, the AIDS Trojan was created by Joseph L. Popp, a biologist with a PhD from Harvard. This ransomware, also known as the PC Cyborg virus, was released on 20,000 floppy disks and distributed to AIDS researchers in 90 countries around the world. The floppy disk contains a program that can analyze whether a person is potentially exposed to the AIDS virus through a questionnaire. 

Unfortunately, the disk also carries a malware program that remains inactive until the computer is turned on 90 times.

So how can we get ransomware? Most popular is through phishing emails. This type of email is sent to the victim and contains an attachment. Victims are tricked into thinking the email is from a credible source, so click on it, and the malware is downloaded and installed without the user's knowledge.

Another route is through malware-infected websites, where potential victims often visit malicious sites that place malware to  infect users' computers then. Attacks through social media such as Facebook, Messenger and linkedIn are also commonly used to infect computers. As a result, all user files are encrypted and cannot be decrypted without the key held by the attacker.

Ransomware usually targets websites with weak malware protection, such as individuals, small and medium-sized businesses, schools and universities that do not have cybersecurity experts on staff. The attackers also target organizations that are sensitive to files and rely heavily on files for work.

So how to prevent ransomware attacks? Several steps can be taken. The first is to train the human behind the computer. Training includes how to avoid suspicious sites, practice decisions to open and send messages. This training should continue from time to time.

The second is knowledge about malware that is up to date. This includes training the cybersecurity team to understand data protection and security through a series of procedures. This includes upgrading software and operating systems with the latest cybersecurity.

The third is the use of technology. Organizations usually have data backups to protect against ransomware attacks. This backup system can help restore data in the event of a successful ransomware attack. In the era of working remotely like today, also provide solutions to protect remotely.