Ransomware; What it does, and how to protect your business

in #ransomware7 years ago

Ransomware is a type of Malicious Software (Malware), that uses a simple, yet powerful scam method; extortion. Through social engineering and fear, ransomware cyber criminals can obtain money from infected victims. It locks the infected system by encrypting valuable data and then demands a ransom in exchange for a key which decrypts the data.

Ransomware criminals collected $209 million in Q1 of 2016. This year, we see 4000 ransomware attacks per day.

According to CNN, ransomware criminals collected $209 million in Q1 of 2016 alone. This year, we see 4000 ransomware attacks per day. Every organization is at risk of their data being compromised or even lost. Did you know that 52% of organizations that suffered successful cyber attacks in 2016 aren’t making any changes to their security in 2017?

Cyber criminals are expanding their dirty business from consumers to corporate victims and adjusting their prices accordingly. If a hospital, government agency or business is vulnerable to ransomware it’s not just pictures and personal documents that cyber criminals will aim for, but important data such as records, financial information or databases. Suddenly the potential loss becomes much greater. In order to keep their business running, corporate victims see no other choice but to pay.

Hospitals and Schools are on top of the list and are continuously being targeted, because of their low-security implementations and critical information. In 2015, the Hollywood Presbyterian Medical Center in Los Angeles reported paying $17,000 in Bitcoins to ransomware hackers for having their data unlocked. Happening at about the same time, Los Angeles County Health Department and two Hospitals in Germany had the same inconvenience.

Why are ransomware attacks so effective?

Cybercriminals are continuously creating sophisticated and more innovative code. CryptoWall, the most popular ransomware tool, has evolved to CryptoWall 4.0 with updates to deal more damage. Other popular names, such as Locky and Cryptolocker, have been successfully infecting consumers and corporations over the past year. On top of that, with the existence of Malware as a Service “MaaS” platforms, any less technically experienced criminal can easily create and benefit from the malware. The low startup investment, low risk and potentially high returns for an illegal ransomware business make it irresistible to many criminals out there.

Luckily, most ransomware criminals usually work in a “professional” manner; they will quickly send the decryption key after the ransom has been successfully paid, however, there are no guarantees. It’s better to be prepared than to simply hope your data will be safely returned to you.

In the beginning of 2016, common ransom demands varied from $250 to $300 depending on the ransomware type. Now criminals are projecting how much money the victim can pay. If it’s a large corporation, the ransom can be excessively high from thousands to hundreds of thousands of dollars.

How do ransomware attacks work?

Cybercriminals trick their victims and spread their malicious software using two skillfully crafted social engineering methods. The first is a malicious Email attachment and the second is a compromised website. Once the victim opens the attachment or visits the website, the system is exposed and infected by ransomware, and then it takes the following steps:

Sends information and a public key of the infected system to the ransomware creator’s Command and Control.
Encrypts critical data such as Office documents, Databases, HTML files, Photos, etc, using strong methods such as RSA-2048 and AES-128.
Erases all Operating System automatic backups to avoid data recovery.
Displays a notice on the desktop with instructions on how to recover the data and directions on how to pay the ransom (usually in Bitcoins). The notice is usually a kind of threat, insult or a trick (such as an FBI notice).
If the ransom has not been paid, the files are left encrypted without the possibility to decrypt them. If the ransom is paid the decryption key is (hopefully) received and the files can be unlocked.

Why are companies vulnerable to ransomware attacks?

Let’s be frank; on the Internet, no one is safe from attacks. Ransomware attacks are frequently targeting popular Microsoft devices. However, news has recently spread that the first Apple computers and Linux servers have also been infected. It’s not only PCs that are at risk, some Android ransomware applications have been discovered as well.

Ransomware looks for common Operating Systems vulnerabilities; if a system is not updated and backed-up frequently, it is at high risk. The same is for security systems such as Antivirus, Firewalls, Intrusion Detection Systems “IDS”, which may not find the threat because they are not updated properly.

Social Engineering can find its way through even the strongest security systems. 90% of attacks online is said to be delivered through skillfully crafted scams. No Antivirus, Firewall or IDS will work if the user lacks knowledge on security awareness and does not have the necessary skills on how to protect from social engineering.

What can we do to stay safe from ransomware threats?

Backup your data
Update your systems
Hire a professional IT Consulting Company

Ransomware is continuously altering its exploit and evasion techniques. Having the latest security mechanisms and updated Operating Systems might help, but they do not guarantee 100% protection from any kind of malware. Most of the time it is human error that gets systems compromised. Accidents can be greatly reduced with the help of regular employee security training, and a little common sense. The following are 6 best practices to stay safe from ransomware:

Create regular backups, encrypt and keep them offline and offsite.

On your computer systems, enable “view file extensions” so that the file types can be easily spotted and potential harmful hidden files can be identified.

Be suspicious when opening unknown Email attachments. If you do not know the sender, do not open the file. Even if you know the sender, did you expect this attachment?

Update applications often to avoid vulnerable security holes. Malware does not always depend on attachments to infect a system; it also uses security holes in applications such as Microsoft Office or the Windows OS.

Keep security systems such as Antivirus, IDS, Firewalls, updated and well implemented.

Operate in non-administrator user accounts for day-to-day activities. Restrict the log-on time in administrative mode.

…and finally, there are solutions!

Sophos has an awesome product called Sophos Intercept X which will prevent ransomware before it infects the system. Read more about it here.

Ransomware is difficult to defeat and can put you in a tough situation. Many victims pay the ransom and accept the monetary loss as a cost of doing business. Don’t give up and don’t panic. Some malware out there has known fixes which can help significantly with a properly trained IT support technician. The best way to protect yourself is to use the right tools, and have a trained professional help you.

As James Scott (from the Institute for Critical Infrastructure Technology) said: “It’s more psychological than it is technical”. Fear is a strong emotion that can make you take a rash decision without looking for alternatives.

To learn more about how Leveldesk can help prevent Ransomware, visit our website today.


Leveldesk is a New York Technology Consulting Company

Read some more of our articles here:

Managed IT Support Services
IT Network Support Services
SEO Marketing Services

Sort:  

Congratulations @leveldesk! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!