Introduction
Ransomware is type of malware that is designed to compromise computer systems, hold data and/or entire system captive using power of encryption and demand ransom from the victim (individual or organisations) to regain access. It could be in the form of phishing email attachments or downloads from compromised websites and USB. The two main forms of malware that are currently used: (Source: Kaspersky)
Locker Ransomware (Block Ransomware): Similar to any other ransomware it locks users out leading to data/information being inaccessible, however it does not infiltrate the network or computer entirely hence the users will have limited access to communicate with the attacker to meet their demands.
Crypto Ransomware (Data Locker): It encrypts the valuable data (financial or personal files) from the computer but the basic function are still accessible to the users. Until the victim offers to pay the ransom they would not be able to regain access to the files or it may get deleted.
Ransomware - A Global Threat
Cyber risk is cutting across sectors and becoming a significant global security and financial threat as ransomware attacks are projected to surge in the future.
Ransomware attacks are accounted for over a quarter of all cyber-attacks with total expenditures estimated at $20 billion globally (source: Cybersecurity Ventures).
The cost of these attacks has increased, with the average ransomware attack now costing $1,500.
Source: https://fitch.com
Organisations with weak security frameworks and IT divisions might be generally defenseless against the attacks, however risk potential is higher at larger companies within different sectors as they deal with confidential data and information. Healthcare and Food industries are also victims of cyberattacks.
The Evolution of Ransomware Attack
As early as 1989, a primitive pioneer of ransomware was used. The first cases of ransomware were reported in Russia in 2005. Since then, ransomware has spread globally, with different types continuing to prove successful. In 2011, adrastic increase in ransomware attacks was observed with the introduction of 'WinLock Trojan' - A Fake Windows Product Activation.
How are ransomware attacks propagated?
Phishing emails based on intimidation, urgency, fear, and emotions are used when it comes to distribution ransomware.
Spam messages about use of unlicensed software/applications.
Impersonating law enforcement agencies.
Macro enabled files (Word, Excels).
Unlicensed software is installed on their computer.
Ransomware that Terrorised Global Businesses
WannaCry
WannaCry was a ransomware attack that targeted systems running Microsoft Windows. It encrypts data and demands Bitcoin payment. In 2017, the ransomware WannaCry was labeled a worldwide epidemic when it infected computers in 150 nations. WannaCry used the Eternal Blue exploit created by the US National Security Agency. It was made to exploit a security issue in Windows Server Message Block. The exploit was stolen and leaked by the Shadow Brokers prior to the devastating WannaCry attack.
WannaCry infected over 230,000 systems causing $4 billion in financial loss globally.
The attack highlighted the need of an up-to-date technology stack's cyber hygiene by implementing comprehensive patch management on a regular basis.
WannaCry was eventually labelled as a fake ransomware because the attackers were unable to crack the encrypted file because of the fault in coding.
Colonial Pipeline
In May 2021, Colonial Pipeline was disabled by the DarkSide Gang in which the company's corporate network was targeted that compelled the fuel supplier to suspend its operations such as: tracking fuel deliveries and billing consumers. This incident led to gas stations running out of fuel and people hoarding gasoline and diesel in unsafe materials like plastic bags. (Source : itgovernance)
Despite originally refusing to negotiate with the attackers, the company had to cave in which cost them $4.4 million according to the CEO Joseph Blount.
Basic Cyber Hygiene to Avoid Ransomware
When it comes to robust defense against ransomware, prevention is certainly better than cure and basic cyber hygiene remains fundamental. Below are the fundamental steps you can take:
Keep your device updated – Ensure that you act on the software update prompts without delay.
Beware about suspicious emails - Phishing emails are generally used for spreading Ransomware.
Protect your devices from rogue softwares – Always download from the genuine source.
Always backup your data – Use Cloud drives (Google Drive, One Drive, Dropbox etc), External Hard Disk Drive etc.
Ensure you protect your device with Antivirus/Anti-malware – Keep it up to date!
Sometimes the worst-case scenario could be unavoidable for various reasons. Below are the rudimentary steps you can take when you find yourself in such situation:
Immediately disconnect your device from the network.
Reinstall/Repair the Operating System from the backup .
Report on the Incident to cybercrime authority .
For windows users, Click Here for more information.
When it comes to protection from ransomware or any kind of cyber threat management the three things that the businesses should focus on are Identify your crown jewels and the associated risks, adopt, and maintain rigorous cyber hygiene and ensure a proactive security awareness training to fortify your best defense – human security system. In addition, maintaining a Crisis Management Framework, Disaster Recovery Plan and conducting regular simulation is fundamental for securing your business.
Contact us: info@stupa.io
.png)