Ransomware Attacks have compromised many organizations’ data by preventing access to encrypted critical business information, which directly impacts the business and its brand credibility. Chances are that you may have heard of at least one organization that has suffered a ransomware attack. It could be your local police department, a hospital, or even someone in your family. Such cases are all over the news.
There are several types of ransomware, including Wannacry, Petya, Locky, EternalBlue, LataRebo Locker, TeslaCrypt, and Bad Rabbit, among others.
Wannacry was a major ransomware infection that hit a large part of the world two years back, the impact of which is still left after two years. The ransomware attack claimed over 200,000 victims in over 150 countries. Many of the victims were locked out of their files with a ransom demanding for their release.
Needless to say, it was a disaster for the affected businesses. The attack is a demonstration of how malicious ransomware can be. It puts a billion-dollar dent in many economies all over the world. Protecting yourself against ransomware attacks is therefore becoming all the more important.
Ransomware variants of the kind of Samsam and Sodinokibi have targeted many businesses with ransomware attacks, using a wide range of brute force tactics to break into networks and multiple devices across the entire organization, placing personal and business data in jeopardy before the attackers issuing high-value ransom.
While backup and restoration services are essential elements to safeguard your endpoint security, it is just one of several safeguards within a multi-faceted approach needed to effectively mitigate the risk of a ransomware attack. Recovering from backup copies can help reduce the extent of damage to business users by saving sensitive files. Using a robust Cloud Backup service can be an additional safeguard than the routine on-premise backup. Cloud storage services will enable the protection against a situation of a ransomware attack on the entire network.
Ransomware attacks are costly
Type of Ransomware can vary in size, but it's becoming increasingly common for hackers to demand payment worth thousands of dollars to restore access to the network. And the reason these cyber criminals can demand this much money from victims is to regain access to data.
If you have not suffered a ransomware attack, then you are either extremely lucky or have put some measures in place to protect your files. Once your computer gets infected with ransomware, and you don't have a backup, you can only hope the cyber criminals make some kind of mistake. Otherwise, you will be left with the option of paying whatever ransom they demand or lose your files forever.
If there is a situation where the entire corporate network is locked with a malware attack, it means the organization can't do business. They could end up losing large amounts of revenue for each day, perhaps even every hour, the network is unavailable. For context, it's estimated that the NotPetya ransomware attack cost shipping firm Maersk losses amounting to millions of dollars.
If an organization chooses not to pay the ransomware demand, they will find themselves losing revenue for a period that could last weeks, perhaps months. They'll also likely find themselves paying a large sum of money for a security company to come in and restore access to the devices by ransomware decryption. In many cases, this might even cost more than the ransom payment. Still, at least in this instance, the payment is going to a legitimate business rather than funding the cybercriminals.
Who is mostly targeted by ransomware infections?
Since cybercriminals are motivated by money, many ransomware attacks target big businesses and corporate networks. After all, they have the most to lose if their data is encrypted. A good number of major organizations suffered at least one ransomware attack in the last year.
The main reason big businesses are the targets of these malicious attacks is that they are 'profitable' victims. Government agencies or hospitals need to immediately access their files and are more likely to succumb to ransom demands. Other organizations, such as law firms, may want to keep news about a possible breach to themselves since they have sensitive data and may look to settle the issue with the attackers.
Additionally, big firms are targeted because they can be easily infected. This is because most of the employees working outside their IT departments don't take cybersecurity seriously. Most assume cybersecurity is being handled by the company and therefore feel no need to be proactive in managing their own cyber defense networks. Such employees end up downloading risky email attachments, or visiting suspicious sites, exposing the business to ransomware attacks.
How do ransomware attacks work?
There is a variety of ways in which ransomware can get into your computer. The most common is through downloading a spam email attachment (phishing scam). The attachments are disguised as trustworthy, but once downloaded, they can take over your computer. Some ransomware has built-in social engineering that tricks you into allowing administrative access to the perpetrators.
Another way that ransomware can gain entry into your computer is by clicking on 'malverts,' which are fake ads generated by hackers. Other Ransomware, such as NotPetya, is super aggressive and can enter your computer by exploiting a security hole without necessarily tricking you into clicking anything.
Once Ransomware has gained access into your system, it typically encrypts some or all the files in your computer, making them inaccessible. Once your files have been decrypted, they can only be opened by a mathematical key only possessed by the cybercriminal. The attackers then contact you, informing you that your files have been encrypted and can only be accessed if you pay a certain amount of money. In most cases, they demand payment in cryptocurrency as they are harder to trace.
How long does it take to recover from a ransomware attack?
Ransomware attacks are disruptive and cause an awful amount of downtime for businesses and organizations that fall victim. The downtime is increasing by the day, with ransomware becoming ever so malicious. Current studies indicate that a ransomware attack lasts an average of 16 days, which is up from around 12 days a few years ago.
Increased downtime has led to more large organizations being targeted by cybercriminals since it takes weeks for them to restore their system. Restoring a massive amount of data is time-consuming and requires a lot of patience.
For instance, currency exchange provider Travelex was the victim of a ransomware attack in early 2020. It took them over three weeks to restore their online services.
The current COVID-19 pandemic means more and more people are working remotely, which has presented hackers with the opportunity to target more victims. As a result, ransomware infections and the amount of ransom are on the rise. This is expected to continue as long as hackers have something to gain from spreading malicious software. No one is safe either, and pretty much every organization can be penetrated.
What does a ransomware hacker do?
One trick that cybercriminals use to pressure companies into paying is keeping ransom prices low enough for businesses to pay within short notice. Some hackers are sophisticated enough to detect your country of residence and adjust their ransom demands to reflect the country's economy. They demand higher ransom for victims from richer countries and vice versa.
Some attackers are cheeky enough to offer 'discounts' for fast payments, encouraging you to pay before overthinking it. The ransom is mostly high enough to benefit the cybercriminals but lower than what you would normally pay to restore your computer and reconstruct the compromised data.
Some cybercriminals masquerade as law enforcement officers who have shut down your computer because it has pornography or other pirated files. They then demand a fine to unlock your computer. Victims of such an attack are unlikely to report to the authorities. In other attacks, the attackers can threaten to publicize some of the sensitive data found on your hard drive. However, finding such information requires a bit of sophistication from the attackers, and encryption ransomware is, therefore, the most common.
Should you pay Ransomware?
Once you are the victim of a ransomware infection, you risk losing vital data if it wasn't backed up. In such an instance, should you pay the ransom?
Many businesses look at the cost of ransom versus the value of encrypted data. While many big businesses have a principle against paying the ransom, most of them end up paying anyway. Naturally, this encourages cybercriminals to create more ransomware, making it a lucrative business for them. In any case, there is no guarantee that you won't be targeted again even after paying the ransom.
The most important thing is to realize that you are dealing with criminals. In some instances, they send you scareware that makes it look like your files have been encrypted. Therefore, it is vital to make sure you are dealing with actual ransomware before even thinking about paying the ransom. Another thing to keep in mind is some cybercriminals will just take your money and run without decrypting your files. At the very least, paying the ransom should be the last resort.
How to Prevent Ransomware Attacks?
Proactive Ransomware Prevention is the best form of defense against ransomware. Here are eight ways to keep ransomware attackers away:
Subscribe to blogs, join online communities, follow technical support sites, and ensure staff is trained on privacy policies and procedures while keeping them up to date about generic do's and don’ts to stay safe. After all, your workers could be your weakest link if they are not well trained on how to avoid malicious emails and attachments.
Needless to say, a ransomware attack is very serious and can have lasting effects on your business. A law enforcement agency should be notified (FBI, RCMP) immediately before any ransom is paid to the cybercriminal.
The effects of a ransomware infection can be dire even for businesses that are well prepared. As a result, many businesses are forced to pay the ransom, which seems like the easy option. However, that's what the hackers want. Paying them may end up placing a target on your back. In any case, there is no guarantee that they will give you access to your device/data once you've paid the ransom. Ultimately, paying the ransom doesn't settle over time.
Using active Security and Antivirus software/Malware, such as Norton, PCmatic, MacAfee, and others, enables firewall protection. Keep this security software up to date to give yourself the best chance of thwarting a ransomware infection. Additionally, having the antivirus software run regularly scheduled scans will help against malicious software, thereby providing ransomware prevention.
Once Ransomware is detected on a system, turn off or disconnect from the internet entirely and shut down the system that prevents the data from being sent back to the perpetrators. Assuming the system is backed up, and the infection has not been, then the system can be recovered ransomware free. Additionally, you should avoid staying logged in as an administrator to a business network for longer than necessary. Browsing and opening files while logged in as an administrator increases the chances of a ransomware attack.
Enable simpler permissions management while providing visibility into which users access information and data at any given time.
That way, if pop-ups appear, click on the X in the right-hand corner, not the buttons within a pop-up. These have most likely been reprogrammed by the cybercriminals. Additionally, keep your software up to date, especially your operating system. Hackers are constantly looking for ways to access your data and mostly succeed if you are using outdated software. Ensure you patch any vulnerabilities identified by the providers. Using the latest software ensures you benefit from the extra layers of security, making it hard for cybercriminals to infiltrate your software.
User behavior is mostly the first to expose your business to ransomware infections. You could be having a robust software defense, but all the good work can be undone if you or other users expose the system to Ransomware.
That means ensuring backups are free from ransomware infections. Ransomware is prevented from deleting any backups, and passwords cannot be compromised. If your system suffers a ransomware attack, you will be safe if you have backed up your data. Copy your data into an external hard drive but be sure not to connect it to your computer when you are not using it. Should your back up hard drive be connected to the computer at the time of the attack, the data will also be compromised.
Additionally, it would help if you tried cloud storage solutions because they allow you to return to your files' previous version. If the files are encrypted through a ransomware attack, you will be able to get back the unencrypted files with cloud storage.
If you are actively looking for a backup solution, check out these six backup features to look for in 2020’s next Backup Strategy.