#Ransomware #AITsecurity #MSSP #MicrosoftPartner #SilverSpringTech
Ransomware is the emergence of a new form of malware in Cyberspace. It is also called as cryptovirus which has drawn attention among information security researchers and practitioners. No cyberthreat better represents the difficulty of hitting a moving security target than ransomware, which encrypts a computer’s files and demands the owner pays a ransom, usually by transferring funds to the designated online currency accounts such as Bitcoins, Webmoney, eGold or by purchasing a certain number of pharmaceutical drugs from the attacker’s designated online pharmacy stores to get the data back. Phil Lacombe, vice president/manager of Information Systems and Security at Parsons Corp said – Cybersecurity “is not a problem for which we can design a solution and then move on. It’s like locking your front door. Once you start, you don’t get to stop”. Ransomware has evolved into forms that are even harder to block and has resisted FBI crackdowns on the largest perpetrators. Attackers are looking for unlocked windows and new ways to open the door.
• Crypto malware – this is a well-known form of ransomware and can cause a great deal of damage. One of the most familiar examples is WannaCry ransomware attack in 2017, which targeted thousands of computers around the world and spread itself within corporate networks globally. Crypto malware installs itself onto your PC is exploiting a known vulnerability. It can encrypt records on the victim’s computer, and also shared drives that connect to the computer. The ransom demand can range around $200 and $5,000.
• Lockers – this ransomware infects the operating system which will completely lock you out of your computer, where you cannot access any applications, files. Lockers are of two types:
• CTB (Curve-Tor-Bitcoin) Locker’s – it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.
• Torrent Locker – harvests email addresses from the victim’s mail client to spam itself to other victims. Fox-IT calculated at one point that Torrent Locker had amassed some 2.6 million email addresses in this manner.
Scareware. This is fake software which acts like a cleaning tool or antivirus. Scareware will find issues on the computer and demands money to resolve the issue. Some types of scareware may lock your computer, or fill your screen with annoying pop-up messages and alerts.
• RaaS (Ransomware as a Service) This malware is hosted invisibly by a hacker. These criminals handle everything from distributing the ransomware and collecting payments to managing decryptors software that restores data access in exchange for their cut of the ransom.
Doxware. Commonly referred to as leakware, doxware threatens to publish your stolen information online if you don’t pay the ransom. As more people store sensitive files and personal photos on their computers, it’s understandable that many individuals panic and pay the ransom when their files have been hijacked.
• Doxware – commonly referred to as leakware, doxware threatens to publish your stolen information online if you don’t pay the ransom. As more people store sensitive files and personal photos on their computers, it’s understandable that many individuals panic and pay the ransom when their files have been hijacked.N
Not updating software
Not enough backups – A lack of validated backups the primary ransomware recovery tool — can leave us out in the cold and unproductive. It’s a simple equation: if you have backups, you choose recovery over the ransom.
User awareness – Users simply don’t understand the threat, the impact, or the cost of a ransomware infection. But, nor should they really, they have a job to do in accounting or sales, not IT security. Even so, putting in solid phishing training and testing can make a material difference.
Lack of end-user cybersecurity training (Open Documents, pdf, excel files from unknown). Poor user practices/gullibility (Open any MAIL (Spam))
A lack of least privilege – The more access a user has, the greater the scope of infection the ransomware can have. With 71% of the end-users say they have access to company data they should not be able to see, IT has some serious work to do to ensure privileges are locked down.
No layered defense – A single security solution, such as antivirus, can only do so much to protect the organization. You need solutions like IPS, an email gateway, endpoint protection, and more all working in concert to give ransomware as little a chance of succeeding as possible.
Effects of Ransomware Attacks
As the threat of ransomware grows, so does the cost.
For example, In Australia:
Cybercrime has cost $1.2 billion in the past year, An average 24,000 attacks occur each day, costing between $420-$700 per incident and 13.7 hours are lost per attack.
But a ransomware attack implication beyond the cost of the ransom itself. Businesses that experience a ransomware attack face:
- Cost of replacing compromised devices
- Loss of proprietary data
- System downtime, which affects the ability to operate
- Reputational damage
- Potential legal penalties arising from poor security or handling of data
there are many different types of these viruses around these days, keep in mind the following three main tips and execute accordingly. Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.
According to Sophos and other experts; “Email will remain the primary attack vector threatening corporate cyber security, especially in the case of targeted attacks”. Therefore, securing this main source of vulnerability is essential to everybody who runs a network or connects to the Internet.
Remember: Most ransomware attacks are triggered by a normal email with an infected attachment such a document, photo, video or other type of file. Hackers don’t even need much knowledge to insert a piece of malware into a file; in many cases there are many articles and YouTube tutorials on how to hide code, making it child’s play.
With this in mind, opening an email attachment from an unknown sender should always be avoided. If you are sure that this email is not addressed at you, delete it immediately and also inform your company data security advisor or IT team.
If you think it might be from a colleague but you are unsure, do not open it until you have made a phone call or reached the sender in another way, to check their identity and ensure the legitimacy of the file. Remember, keeping your company’s IT systems and data secure is always the right decision.
Make your network and IT environment secure
One single computer encrypted by ransomware is undoubtedly a serious problem, but when it spreads all over the network it can become not only a nightmare for the IT department, but endanger the business as a whole.
Companies who have not already done so should consider implementing a data security software solution which is specifically designed to check all incoming emails before they are delivered from their Exchange server to the intended recipient. With such a solution, the risk that a virus spreads over inside a company network is reduced dramatically. Additionally, IT administrators and management should consider implementing network security software, which automatically monitors the network and its files for threats.
Such a solution would alert administrators if a ransomware attack is trying to encrypt vast quantities of files over the network. These solutions also frequently check outgoing traffic, so when the ransomware tries to connect to their external server to start the encryption process this could be terminated as early as possible to mitigate damage.
Experts say regularly backing up computer data is the best defense against ransomware and most types of malware. In the event of a ransomware infection, a recent backup lets you ignore the extortion attempt and simply reformat your computer, reloading it to the state of the most recent backup. As pointed out so often, hackers only really get successful when the victim has gaps in their data security policies.
Make your employees smart
We have written about ransomware and malware in our blog before, but what we see is that in the case of an encryption attack even the most experienced computer users get into a panic. Therefore, every employee in a company should exactly know what to do if they get attacked by ransomware, even high-level execs and IT Directors.
A ransomware attack should not only be part of a business continuity plan for higher management or IT experts, but precise tips on what to do, when hit, should be visible and understood in every office. These can be simple, but effective, for example:
- Disconnect from the internet and internal network
- Try to properly shut down the device or immediately call IT security/IT administration
IT security and administration staff alike should always be best informed about the latest developments in cyber security and hacking. Reading the latest blog news, keeping up to date about new developments in this scene and loop holes in networks or software solutions should therefore be a necessity for these employees.
A better alternative is to use a good software solution, such as Microsoft 365 Business, which will have the necessary experience, tools, and tactics to attempt to rescue your data. Ransomware remains a popular means of attack, and new ransomware families are discovered every year. Reported attacks in the U.S. dropped from 2,673 in 2016 to 1,783 in 2017. However, the threat of ransomware is still incredibly active on the internet, so you should take precautions to help avoid becoming a victim.
Article curated by Aarthi R.
WE ARE DIGITAL TECHNOLOGIST PROMOTING BUSINESS VALUE THROUGH DATA SUPPORTED SOLUTIONS.
PLEASE SIGN-UP FOR ATG NEWSLETTER!
TAKE ADVANTAGE OF OUR 1 HOUR FREE IT CONSULTATION