What is Ransomware?
Ransomware is a form of malware that exploits vulnerable access points in a computer or device’s operating system and software to encrypt network-connected data and other information without a victim’s consent. To take proper steps to protect a network from ransomware attacks, one should understand how they work and what the hackers who use them hope to accomplish by carrying them out. In turn, victims’ access to their data is withheld and usually accompanied by an intimidating message with a claim that threatens to take further action. Messages always specify a ransom demand and pose an ultimatum that the ransom is paid to regain access to the encrypted data.The WannaCry ransomware attack hit over 400,000 devices in 150 countries and resulted in nearly $4 billion global costs.
The Evolution of Ransomware and its Variants
According to Kaspersky Labs, the origins of what became the basis ransomware can be traced back as far as mid-1989, with malware known as “AIDS Trojan” capable of encrypting file names. In the mid-2000s, a ransom-based malware called Gpcode was discovered, encrypting entire files instead of just file names. However, today’s ransomware is much more costly and damaging for victims – especially medium-to-large-sized companies across a broad range of industries – because it uses high-level encryption. According to the FBI and the newly-formed Cybersecurity and Infrastructure Security Agency (CISA, a part of the U.S. Department of Homeland Security), a few of the most common types of ransomware used in reported U.S. attacks to look out for are: CryptoWall CryptoWall has become one of the most successful variants worldwide and has accepted ransom payments as high as $10,000. This form of ransomware is spread primarily through phishing emails. TeslaCrypt According to Kaspersky Labs research, by 2016, TeslaCrypt had been used in 48% of ransomware attacks. This version was the first ransomware to target video game users by encrypting their game files. TeslaCrypt is distributed through several exploit kits. Locky This ransomware has infected corporate computer networks worldwide, from the U.S. and U.K. to Australia and New Zealand. Locky spreads through phishing emails that contain corrupted Microsoft Office documents or compressed attachments capable of downloading the malware.
Want to Prevent a Ransomware Virus? Here’s How to Give Your Internet-Connected Devices the Proper Vaccination
According to the FBI and CISA, there are many preventative measures internet-connected device owners and businesses can take to ensure that they do not fall victim to ransomware attacks. While some of these efforts may require the help of an experienced professional or the purchase of software, companies can implement others that will boost their security immediately at little-to-no cost. Secure your email servers To mitigate the risk of clicking on any emails containing attachments or links that may have malicious ransomware in the first place, the FBI advises the use of strong spam filters to delete phishing emails and other added protections in adjusting server settings. Prevent malware from reaching common access points The FBI advises that users with administrator permissions should set filters to prevent specific executable files from reaching end users and running malicious programs at an administrative level related to device management. Furthermore, configured firewalls should prohibit “end-user” access to known malicious Internet Protocol (I.P.) addresses. Conduct annual tests and use the least permissions Annual, quarterly or continuous network safety tests and assessments should also be conducted, particularly for larger companies that operate networks with hundreds, even thousands of users. End users should not be allowed access to a computer’s administrative privileges unless there is an essential need. If required, personnel should use an alternate set of credentials to access administrative permissions temporarily. Then, the user is expected to return to their regular group of least permissions through their standard login credentials. Install advanced antivirus software The use of legacy anti-virus software with signatures will continue to disappoint. Confronting the entire threat lifecycle to thwart the impact of attacks on endpoints is imperative. Advanced autonomous endpoint protection saves you time using multiple A.I. engines, providing complete visibility into all activity. Advanced endpoint protection and other security software types are a reliable way to ensure that devices are being monitored for ransomware and different types of malware. Establish clean network hygiene through employee training Data encrypted through ransomware attacks are rarely recovered entirely. The FBI states that the frequent backup and securing of data in a physical hard drive or cloud service is “critical in ransomware recovery.” Conduct comprehensive training programs for new and existing employees to ensure consistent, clean network hygiene across an entire company, particularly when certain practices change. Learn more about information security standards or further tips on cyber attack prevention to your data safe.Held Ransom with Encrypted Data? Here’s What to Do
So you’ve found yourself locked out of your computer or other devices after accidentally clicking on a malicious link – and now, a pop-up message has appeared demanding a sum of $10,000… or else. What should you do? For starters, U.S. government law enforcement agencies agree: to ensure the smoothest recovery process (if possible at all), paying the ransom is never advised – no matter how much money they demand. According to the FBI, some paying victims reported never receiving keys to decrypt their data. Others were subsequently retargeted in separate attacks or asked to pay more money.“Paying (a ransom) could inadvertently encourage this criminal business model.”