Ransomware attacks are nothing new to the IT security scene, but never before have organizations and people been subjected to fraud at such a high density as they are today. As the digital world continues to grow at a rapid pace, so does the sophistication and number of cyber criminals targeting directly at consumers and producers for critical information. Cyber-criminals are feeding off of the boom of computers and the internet in all industries and markets by targeting innocent users with malware. The earliest wave of modern ransomware started back in 2005, but wasn’t as effective and complexed as the attacks are today. Since the beginning, ransomware has been directly organized around revenue generating attacks. Now given the sophistication and ease of infiltration, ransomware will continue to be a large risk for organizations.
There are two basic types of ransomware:
- This is the most common type of ransomware. These attacks aim to encrypt (or prevent access to) data or files until a ransom is paid in bitcoin payment for the decryption key. As everything becomes digital, people are storing more and more important data on computers and devices. Many people don’t know the importance of their data until it is gone and without regular backups, you could be left in a sticky situation.
- Locker Ransomware is when a cybercriminal will lock your entire computer or device. This happens by locking the interface and then asking to pay a fee in order to gain access again. It has been seen that hackers will not only lock your system, but leave your keyboard and mouse with limited capabilities to allow only for entering in payment codes.
Ransomware attacks are doubling every year, and it is predicted to continuously grow in the years to come. The more real-time business data being digitized (especially in markets with sensitive data – healthcare / banking) has created a huge pool of victims for cyber criminals to target. As we continue to digitize, threats will continue to become sophisticated and prudent to our lives.
HOW DOES IT WORK?
There are many elements to ransomware attacks besides the malware. The carefully planned attack usually comes from something that might not always be immediately clear. Attacks are becoming obviously more sophisticated than before and it easily creates a bunch of new paths for the ransomware infection to sprout from. Here are some of the main techniques used by attackers to infect a victim’s computer:
- Traffic Distribution System
- A common method used is to buy redirected web traffic from a traffic distribution service vendor and point it to a site hosting an exploit kit.
- Malicious Advertisements can get pushed onto legitimate websites in order to redirect traffic to a site hosting an exploit kit.
- Spam Email (Phishing Email)
- Email spam is distributed with all types of malware. The spam email will have a malicious attachment or a link in the email leading to a site hosting an exploit kit. There are all kinds of different emails that can be sent, some included: invoices, mail delivery notification, job seeker resumes, tax returns, and many more.
- Once a downloader infects a computer, its job is to download secondary malware onto the compromised system. Once the cybercriminal has control of the system, they can offer a malware-installation service onto the computer at a price to other malware authors.
- Social Engineering
- Some ransomware also contain the functionality to spread. They will sometimes not only lock the device and encrypt files, but they will deploy a worm-like virus that can spread to all your contacts by sending a fraudulent text message or email.
What systems are at risk of ransomware?
There are exploit ransomware kits built for a large variety of systems, but the majority of ransomware success happens on Windows. As of recent, cyber criminals were able to create exploit kits for Mac OS, which has been known to not have any ransomware issues. Some other systems to pay attention to could be Android and Linux.
What organizations are likely targets for ransomware attacks?
The easiest targets are the organizations that are digitizing personal sensitive data. Some of the big targets as of recent have been health care, public service, and anywhere that processes loans or credit cards. For example, car dealerships, stores that offer credit cards, title companies, etc.. This is not to say that not all industries are at risk though, because any organization can be a likely target.
What defensive steps can you take?
The overall goal is prevention of infection. This goal is becoming hard to accomplish though because of the ease and sophistication of recent attacks. The best tactic to take is a combination of preventative actions and an incident remediation plan. Below we have listed a few preventative actions along with a remediation plan.
- It is so important to educate your staff about the risks of ransomware. Make sure that employees who receive a large number of attachments through emails know the risk and what to look for in spam. Here are a few spam tips:
- Spam often includes misspelled words
- Hover over links to see where they direct you to, if it doesn’t look trusted don’t click.
- The best rule, if you don’t know who it is or what it is, toss it out.
- Monitor for infections
- It is important to regularly monitor your machines to keep everything up to date and to make sure that everything is running smoothly. With routine monitoring you will be able to detect infections before any real damage happens
- Keep up on patches
- It is important to keep employees’ computers running on the most up to date versions. This will lower your chance of infection and can help with security.
- Reduce automatic drive mapping
- If you reduce or totally eliminate drive mapping, you can prevent infections from spreading to the whole entire system.
- Be cautious
- If something looks alarming, don’t click or fill anything out. Don’t fill anything out that asks for passwords or sensitive data. A good habit to start with is to double check requests from employees. Give them a call and make sure that the request is valid and that they sent it over to you. This can reduce risk of filling out a spam request.
If something looks alarming, don’t click or fill anything out. Don’t fill anything out that asks for passwords or sensitive data. A good habit to start with is to double check requests from employees. Give them a call and make sure that the request is valid and that they sent it over to you. This can reduce risk of filling out a spam request.
If you find yourself in the situation where a system has been locked or your employees’ data is encrypted, the options can be very slim to none. It can be very tough to reverse the ransomware attacks, therefore leaving you with the options to restore from backups or pay the ransomware. If you do not partake in regulatory backups, unfortunately you could be out of luck. Having a solid and strong incident remediation plan is very important to the success of your organization. Creating a cloud data backup plan with a clear path to disaster recovery can save your organization the time and money in these sticky situations.
NetServe365 is a Pittsburgh based IT Managed Service Provider that can help your organization prepare for the worst possible situation. We specialize in Managed IT Services, Cloud Computing, and IT Consulting. Contact one of our expert team members to have an in-depth conversation about how we can help your organization battle the big hack.
Liked this article? Here are some similar postings…