Ransomware has quickly become the cybercriminal’s favorite form of malware. As a reminder, ransomware is malware that hackers use to enter a network or device, encrypts files, hold them hostage, and then demand a ransom to return those files back to the victims. In recent years, universities, municipal governments, small businesses, and even large corporations like Honda have been victims of ransomware. More recently, the COVID-19 pandemic has provided the perfect environment of uncertainty and disruption for ransomware to thrive.
As the threat of ransomware increases, it is important for organizations to be prepared. The best place to start is through education and understanding. By understanding ransomware, you can be better prepared to identify potential weaknesses. In this blog, we will go inside a ransomware attack and explore its progression as it takes hold of a system.
-
The Breach
The most common way hackers get access to an organization’s network is through phishing emails. Phishing is a legitimate looking email with a link or attachment that a when a user opens or clicks, the bad guys are in. Once they successfully breach, they will encrypt files on the network, making them inaccessible. Hackers have released many such phishing campaigns under the guise of the current pandemic to make emails seem legitimate and take advantage of the fear factor surrounding the situation. This includes fake emails from the World Health Organization, government agencies, and even fake applications posing as COVID-19 tracking apps.
This step is where organizations generally make their first mistake. Users (in this case, employees) are the last line of defense against phishing campaigns. Recognizing malicious emails is the first step to halting a potential ransomware attack. Therefore, it is crucial that employees are well trained to recognize and report such emails.
-
The Dig
Once hackers have breached a system, they search around the files to find critical data that can make them money. This can include company finances or confidential user information (names, contact details, social security info). So, in addition to encrypting the data they find, they also may steal the data, which they then share on dark web forums (see #3 below). After having armed themselves with this data, the hackers dig through the network in an attempt to gain access to more devices and block them from being used. While remaining undetected, they then go through the network shutting down security controls like AntiVirus and backups, making it more difficult for the victims to recover from the attack and forcing them to have to pay the ransom. These tactics help them strengthen their stranglehold on the network and build greater leverage to blackmail their victims.
-
The Demand
Having encrypted and exploited a network as much as they can, the hackers send the victims a message demanding a ransom to release and return all the files back to them. More often than not, the ransom is demanded in Bitcoin as Bitcoin addresses are not directly linked to a hacker’s identity, essentially making them anonymous. Besides the obvious threat of not getting back their files, hackers threaten victims with publishing sensitive information online, or even sharing it with other hackers through the dark web. In a panic and to avoid embarrassment, victims often pay the ransom which is very much ill-advised. Paying a ransom encourages further repetition of cybercrime and provides no guarantee against future attacks or that the criminal will permanently delete the victim’s data.
How can I protect my organization from these attacks?
The threat of ransomware is growing and can be a scary thought for business owners. Not only do they lose data and sensitive information, there is also the cost of the ransom, downtime, and public embarrassment to the company name. But with a healthy cybersecurity framework, ransomware and other forms of cyberattacks can be fought and protected against.
First of all, strongly consider partnering with a Managed Services Provider (MSP) – they have the technical knowhow to help you assess your current protections, provide guidance on improving your security posture, and help restore your files if in fact your organization does get attacked. Further steps include, as mentioned above, to engage in strong, sound security awareness training for your users so that they are able to identify and prevent hacking attempts before they happen. Testing your environment for vulnerabilities on a regular basis helps identify weaknesses that could be exploited and ensures that your patching and updating processes are effective.
Evaluate the strength of your security infrastructure to mitigate ransomware with our turnkey Ransomware Readiness Assessment! Built by our Security team, this tool provides valuable insights and expert recommendations on bolstering your environment to protect against ransomware to keep your organization and your clients feeling safe.