The Dangers of Ransomware
The COVID-19 pandemic has spurred many to work remotely to curb the spread of the deadly virus. A recent survey from Clutch found that two-thirds of employees nationwide are working at least part of the week, and 44 percent work from home five days a week remotely. You might panic when you notice that your computer starts to run slower in such unusual circumstances because you don’t have ready access to your usual in-house IT team. What if you can’t access documents or media files? Maybe you are getting error messages from Windows. You probably feel a little panicked.
Your level of stress probably hits code red if you find yourself completely locked out of your system. You scramble to Slack your remote work team and discover if others are experiencing the same problem. Sadly, you find that others are also locked out of the system, and everyone is wondering what is going on.
Unfortunately, you have been infected with ransomware!
Ransomware Attacks are Increasing
Ransomware attacks are increasing and becoming extremely dangerous. Corporate networks that sustain an attack that encrypts sensitive information can lose hundreds of thousands or millions of dollars. As 2020 comes to a close, Threat landscape Report 2020 by Bitdefender reports that global ransomware attacks have increased 715 percent. Without a doubt, cybercriminals have capitalized on the many COVID-19 remote workers and upped their nefarious games. Scams and phishing attempts have increased dramatically across all platforms.
The Bitdefender report found:
- Four out of 10 emails that are related to COVID-19 have become a spam risk.
- Coronavirus themed Android threats are taking center stage.
- Targeted attacks are turning their focus to social engineering and steering away from malware sophistication.
The cost of ransomware attacks is skyrocketing. Cybersecurity Ventures has put global cost estimates at $20 billion next year. That is a sizable increase of $11.5 billion from 2019 and the reported $8 billion from 2018.
Ransomware targets all industries such as insurance, gas, oil, education, and tech. In 2019, ransomware hit over 500 schools. At the start of 2020, ransomware attacks were figured at 41 percent of cyber insurance claims, according to reports released by Coalition.
In the Coalition report, they stated, “We observed a 260% increase in the frequency of ransomware attacks amongst our policyholders, with the average ransom demand increasing 47 percent.” The cyberattack groups known as the Maze ransomware gang demanded six-figure amounts. They were responsible for launching an attack on Conduent, a New Jersey business service firm that boasts 67,000 employees and reports $4.47 billion in revenue.
Understanding How Ransomware Works
Ransomware spreads through social engineering networks, spa, and phishing emails. In some situations, it can also spread through websites or by using drive-by downloads that infiltrate an endpoint and then go on to penetrate the network. Infection methods are very intricate and constantly evolving.
There are countless ways technology can sustain an attack by ransomware. Once the ransomware has taken control, it locks all files, and there is no way to obtain access with strong encryption. As the name denotes, ransomware depends on a ransom (usually Bitcoins) to decrypt the files so you can again gain full operation of your afflicted IT system.
- Encrypting ransomware (also called cryptoware) is the newest version of ransomware.
- Non-encrypting ransomware or lock screen works by restricting access to files and data. However, it does not encrypt them.
- Ransomware can encrypt the Master Boot Record (MBR) of a drive or the Microsoft NTFS, so your computer systems will not boot up in a live OS environment.
- Mobile device ransomware targets smartphones by using fake apps and downloads.
- Leakware (also called extortionate) steals and damages data and then threatens to release the information if a ransom is not paid in full.
Staying Up-to-date on Malware
Yes, Ransomware continues to be a serious threat to businesses worldwide and in all sectors. Some areas, such as healthcare, get hit with greater frequency and severity.
In 2016, 172 ransomware attacks hit 1,446 clinics, healthcare businesses, and hospitals. They cost the industry $157 million. Individual ransoms and attacks ranged from $1,600 to $14 million.
Recently, social distancing has caused remote workers who are struggling to perform functions at home. The increased online activity has only increased the online security risks, with targets now focusing on the healthcare organizations and governments. Cybercriminals have honed their strategy and methods of attack to receive the highest payback.
At this point, businesses cannot wonder if a ransomware attack ‘might’ occur but ‘when’ it will occur. A breach is inevitable. You must prepare with optimum IT security. You need to have your systems backed up and everything secure. TREYSTA Technology Management is here to help your business and workers defend themselves against ransomware.
Understanding a Typical Ransomware Attack
Here is the outline of how a typical ransomware attack occurs:
- Infection: After the ransomware is delivered to the system either through an email, infected application, phishing email, or another method, then it installs itself on the endpoint and all devices with access.
- Secure Key Exchange: The ransomware takes command and control. The server is then operated by the cybercriminals who generate the cryptographic keys within the system.
- Encryption: The ransomware starts to encrypt the files quickly and effectively into the computers and the network.
- Extortion: Once encrypted, the ransomware provides instructions for the act of extortion and how to make the ransom payment. If you do not provide them with payment, then they will destroy your data.
- Unlocking: You can either pay the ransom and hope that the files are decrypted, or you can try to recover and remove the infected files and systems. Then restore your data and clean your backups. Honestly, you cannot usually negotiate with cybercriminals, and even if you pay the ransom, you will not get the criminals to decrypt your files.
Who Does Ransomware Attack?
Ransomware can attack organizations of all sizes. No one is safe. They will hit small to large businesses with ease. Also, attacks are increasing in the private sector.
Even the World Health Organization (WHO) was not immune and suffered a phishing attempt. Although it was unsuccessful, it still shows the vulnerability of all organizations. Currently, the United States ranks the highest for the largest number of ransomware attacks. Germany takes second place, followed by France. Windows computers are typically the leading target, but there is ransomware that attacks Linux and Macintosh. No one is safe.
Ransomware is so widespread that it has become a certainty that just about all companies will suffer exposure and sustain either malware or ransomware attack. You must prepare and understand the best ways to minimize and avoid a ransomware attack.
“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication,” states James Scott, Institute for Critical Infrastructure Technology.
Malicious email attachments, phishing emails, and visiting compromised websites all put you at an increased risk of infection. Also, weaknesses in Microsoft’s Server Message Block (SMB) and the Remote Desktop Protocol (RDP) can all let crytpoworms spread in a system. Desktop applications, Microsoft Office, and more are also prone to infection.
Petya, WannaCry, and CryptoLocker have all spread across networks and are all versions of crypto worms.
Okay, you have been attacked. Now what?
- Isolate the infection. You must prevent it from spreading.
- Identify the infection. You can use messages, evidence, and identification tools as clues to discover the strain of malware plaguing you.
- Report the infections so you can get support and start to coordinate an effective counter-attack.
- Look at your options. You have several ways to deal with the infection, so you’ll want to explore every avenue.
- Restore and refresh using safe backups, programs, and software sources so you can restore your computer and create a new platform.
- Prevent future occurrences by carrying out a complete assessment so you can learn how the infection happened and what measures you can take to prevent it from happening again.
Preventing a Ransomware Attack
Yes, a ransomware attack is devastating. You will lose valuable and, in some cases, irreplaceable files. Sadly, the attacks continue to evolve and become more sophisticated. If you implement good planning, then you can prevent ransomware attacks. TREYSTA Technology Management can help you prevent a ransomware attack.
Learn How Viruses Enter Your Computer
You must understand how ransomware will enter your system. The pathways that they use are called attack vectors.
There are two types of attack vectors: human and machine.
Human Attack Vectors
Human attack vectors rely on humans to enter a computer and then depend on social engineering. They use a combination of deception and manipulation to convince an individual to divulge confidential or personal information they can use than an employee for fraudulent purposes. People can easily be tricked into giving up information via the following:
Phishing relies on bogus emails to convince people to click on a link or open an attachment loaded with malware. The mail is often sent to only one person or the entire organization. The email is often targeted to make it seem more credible. With such a strategy, an attacker takes the time needed to research the target, so their email looks real truly. The sender might appear as someone the person knows or contain important subject information to entice them to open the message. In such a situation, it is referred to as spear phishing.
With SMSishing, text messages are sent to the recipients to navigate to a site. They are then asked to enter personal information on their device. They might use authentication messages or ones that appear to be from a financial provider. SMSishing ransomware attempts will send themselves to all contacts on your device list.
Fishing is a form of email and SMS. It relies on voicemail to trick the victim. The voicemail person must make a call that is spoofed and seems legitimate. The caller is then taken through a series of instructions which have the victim install the malware on their computer.
Social media has become an avenue to convince a victim to download an image or listen to music or a video that can then infect its system.
With instant messaging, a cybercriminal can hack and distribute the malware to all on the victim’s contact list.
Machine Attack Vectors
This is another type of attack that depends on a machine to machine spread. The attack is automated and can quickly invade your computer or network.
Drive-by is a term used to lead the victim to open a webpage that contains a malicious code or image.
Cybercriminals learn about a system’s vulnerabilities to break in and install their ransomware.
This is a form of drive-by but uses ads to infect the malware into the system. The ads are often placed on search engines or other popular media sites.
Ransomware enters the system and then scans the files and starts to spread throughout the shared system. If a company does not have adequate security, then it can quickly become infected.
Shared Service Propagation
Online services use file-sharing or syncing to propagate ransomware.
How to Defeat Ransomware
Security experts always advise you to seek professional help to defeat Ransomware. TREYSTA Technology Management is here to help.
You can take some preventative measures to avoid a ransomware attack:
- Always use anti-virus and anti-malware software.
- Make frequent backups of all your important files.
- Maintain offline backups of data
- Stay up-to-date with security updates.
- Deploy security software to protect your endpoints
- Exercise caution when opening emails
- Segment your networks
- Turn off admin rights for users who do not need them.
- Restrict all write permissions
- Educate yourself and your employees
The best way to prevent a ransomware attack is to have a skilled IT tech team on your side. TREYSTA Technology Management is here to help you stay safe from ransomware or cope with an attack. Please contact us to learn more.