Ransomware, what is it really? You may have heard it on the news or at the office. The truth is, that ransomware has gained popularity due to a gradual but steady increase in attacks over recent years. In the first quarter of the 2020 financial year, there was a significant increase in incident reporting. This is a result of the working-from-home transition. The reason behind it was the lack of remote work cyber security practices and policies for employees by the organisations. Hence, cyber criminals have been using this opportunity to exploit vulnerabilities in small and medium businesses.
Let’s have a brief look at what is ransomware attack, how it works, and how it can be removed from an infected system.
What is Ransomware?
Ransomware is an advanced malware program that encrypts and locks the files of a victim’s computer system. Afterwards, the cyber attacker demands a ransom amount from the target to restore their access to the files after receiving payment.
The victim of the cyber attack is given payment instructions to get the decryption key. Usually, the payment has to be made in cryptocurrency, preferably bitcoin, since it’s not possible to trace the receiver.
Some types of ransomware attacks can even freeze your entire computer system until the ransom is paid. It can affect both organisations and individuals alike, and can cause serious financial damages to a business in addition to downtime and recovery costs.
How Ransomware Works
Ransomware can enter your computer in several ways. The most common method is via a phishing scam. This is commonly an email posing as a person or organisation you trust and asking you to download an attachment. Once the target opens and downloads the attachment, the attacker takes over their computer. Other sophisticated strains of ransomware such as NotPetya exploit vulnerabilities in computer systems and infect them without the need to trick a user.
There are many things ransomware can do once it infects a victim’s computer, but the most common action is to encrypt the user’s files. Once encrypted, it’s not possible for the files to be decrypted without a key known only to the attacker.
In some instances, the attackers pretend to be from law enforcement agency and claim to shut down the victim’s computer because of illicit material or pirated software. They then demand the victim to pay a “fine” to make them less likely to file a report against the attack.
Another variation, called doxware or leakware, threatens publicising the victim’s sensitive data. However, since finding this kind of information is not easy, encryption ransomware is still the most commonly preferred method by hackers.
How to Protect Yourself from Ransomware
The following are some of the defenses you can use to prevent yourself from potential ransomware infections. These are general security best practices, and following them can protect you against a range of cyber-attacks.
- Conduct regular penetration testing and vulnerability assessments to look for potential vulnerabilities in your system. Take help from professional vulnerability assessment services for detailed accurate results.
- Don’t install unknown software programs or give administrative privilege to any software unless you are sure of its authenticity.
- Always update your operating system and install all latest patches to decrease vulnerabilities in your system.
- Install antivirus and whitelisting software to detect malware and prevent unauthorized apps from running in your system.
- Keep a backup of your files and perform the backup regularly. This step cannot stop ransomware attack but it can help you recover your data without paying huge ransom amounts.
- Follow best practices for keeping passwords including strong passwords, creating a different password for every account, and preferably using a password management tool.
- Train your employees about safe online behavior such as using the web and email safely. Also teach them about phishing scams and why they should never click on links or download attachments received in email from unknown addresses, even if they seem very appealing.
- Disable Macros in Microsoft office. Macros are useful for making simple MS Office tasks automatic but can also be used for malicious purposes.
What to Do in Case of an Attack?
If your computer is already infected with ransomware and you don’t have a backup while also being locked out of your machine, here are some steps you can try taking to regain control of your system on windows 10 operating systems:
- Reboot your windows to safe mode
- Install anti-malware program in your windows
- Scan your system to locate the ransomware
- Restore your machine to a previous date
While these steps will help you take back control of your machine and remove the ransomware, it will not help you decrypt the already encrypted files. The files have already become unreadable and the decryption key only lies with the attacker. In fact, you should take this step only if you plan on not paying the ransom to the attackers, since by removing the malware you exclude the probability of restoring your files.
Recent Ransomware Attacks
Ransomware is a big market with a lot of money and has expanded rapidly since the early 2010s. In year 2017 alone, ransomware attacks caused $5 billion losses to different businesses as a result of paid ransom amount and recovery costs. This was approximately 15 times more than 2015. Some industries, such as healthcare, are more prone to ransomware attacks. This is due to them storing critical patient data, and are more likely to pay the ransom amount. Approximately 85 percent of malware infections globally in the healthcare sector are ransomware attacks. Similarly, the financial industry is another desirable target for cybercriminals, with an estimated 90 percent of financial institutions being a target of ransomware attacks in 2017.
One of the most noteworthy ransomware attacks affecting Australia in 2020 was Mailto attack in February. This affected shipping and logistics company, Toll Group. The ransomware infected at least a thousand servers of Toll Group and forced them to take down their customer-facing apps.
Maintaining Good Cyber Practices
The best approach towards maintaining good cyber practices and preventing ransomware attacks is to have a proactive approach towards them. KMT’s cyber security vulnerability assessment is designed to evaluate your organisation’s vulnerability to potential ransomware attacks. Book a FREE Cyber Security Vulnerability Assessment with us today to determine the likelihood of a ransomware incident, its potential impact on your organisation, and how quickly you are likely to recover.