In the eight years since the first reports of what the FBI then referred to as an “internet scam,” the ensuing ransomware outbreak has allowed malicious hackers to access the private data of millions of Americans and collectively swindle victims worldwide out of billions of dollars.
While some US companies and organizations have regularly taken steps to protect themselves from the malware, perpetrators have developed new variants of the malicious software to stay one step ahead of their targets by finding new ways to commit the next-largest data breach possible.
Many networks today, including those used by businesses, are still considered vulnerable to ransomware attacks. This is especially so in the manufacturing space, according to a research study from Deloitte which states that more than 40% of manufacturing firms experienced a cyberattack between 2018 and 2019. Here’s how to find out if your company’s computers and internet-connected devices are prepared, and what to do if they aren’t:
What is Ransomware?
Ransomware is a form of malware that exploits vulnerable access points in a computer or device’s operating system and software to encrypt network-connected data and other information without a victim’s consent.In order to take proper steps to protect a network from ransomware attacks, one should have a basic understanding of how they work and what the hackers who use them hope to accomplish by carrying them out.
In turn, victims’ access to their data is withheld and usually accompanied by an intimidating message with a claim that threatens to take further action. Messages always specify a ransom demand and pose an ultimatum that the ransom must be paid in order to regain access to the encrypted data.
The WannaCry ransomware attack hit more than 400,000 devices in 150 countries and resulted in a global cost of nearly $4 billion.
In most reported ransomware attacks, victims were each sent a phishing email with an attachment disguised as a legitimate source that when clicked on, instead executes the malware that encrypts data and begins demanding payment.
Within a short period of time, hackers have developed increasingly-sophisticated ransomware variants, and today attacks almost always demand payment in Bitcoin. Many cybersecurity experts consider the 2017 coordinated ransomware attack known as WannaCry to be the worst in the history of cyberattacks. These attacks infiltrated more than 400,000 devices in 150 countries and resulted in a total cost of nearly $4 billion.
The Evolution of Ransomware and its Variants
The origins of what became the basis ransomware can be traced back as far as mid-1989, according to Kaspersky Labs, with a malware known as “AIDS Trojan” capable of encrypting file names. In the mid-2000s, a ransom-based malware called Gpcode was discovered, finally able to encrypt entire files instead of just names.
Today’s ransomware, however, is much more costly and damaging for victims – especially medium-to-large-sized companies across a broad range of industries – because it uses high-level encryption.
According to the FBI and the newly-formed Cybersecurity and Infrastructure Security Agency (CISA, a part of the U.S. Department of Homeland Security), a few of the most common types of ransomware used in reported U.S. attacks to look out for are:
CryptoWall has become one of the most successful variants around the world, and has accepted ransom payments as high as $10,000. This form of ransomware is spread primarily through phishing emails.
By 2016, TeslaCrypt had been used in 48% of ransomware attacks, according to Kaspersky Labs research. This was the first ransomware to target video game users by encrypting their game files. It can be distributed through a number of exploit kits.
This ransomware has infected corporate computer networks around the world, from the U.S. and U.K. to Australia and New Zealand. Locky is spread through phishing emails that contain corrupted Microsoft Office documents or compressed attachments capable of downloading the malware.
Want to Prevent a Ransomware Virus? Here’s How to Give Your Internet-Connected Devices the Proper Vaccination
While some of these efforts may require the help of an experienced professional or the purchase of software, companies can implement others that will boost their security immediately at little-to-no cost.
Secure your email servers
To mitigate the risk of clicking on any emails containing attachments or links that may contain malicious ransomware in the first place, the FBI advises the use of strong spam filters to delete phishing emails and other added protections in adjusting server settings.
Prevent malware from reaching common access points
At an administrative level related to device management, users with administrator permissions should set filters to prevent certain executable files from reaching end users and running malicious programs, the FBI advises.
Furthermore, it is recommended that firewalls be utilized to prohibit “end user” access to known malicious Internet Protocol (IP) addresses.
Conduct annual tests and use least permissions
Annual, quarterly or continuous network safety tests and assessments should also be conducted, particularly for larger companies that use networks with hundreds, even thousands of users.
End users should not be allowed access to a computer’s administrative privileges unless there is an essential need. If required, an alternate set a credentials should be used to temporarily access administrative permissions. Then, the user would be expected to return to their normal set of least permissions through their standard login credentials.
Install advanced antivirus software
The use of legacy anti-virus software, with signatures, will continue to disappoint. Confronting the entire threat lifecycle to thwart the impact of attacks on endpoints is imperative. Advanced autonomous endpoint protection saves you time by using multiple AI engines, providing complete visibility into all activity. Advanced endpoint protection and other types of security software is a reliable way to ensure that one’s devices are monitored for not only ransomware, but other types of malware.
Establish clean network hygiene through employee training
Because data encrypted through ransomware attacks is almost never able to be recovered completely, the FBI states that the frequent backup and securing of data in a physical hard drive or cloud service is “critical in ransomware recovery.”
In order to ensure consistent, clean network hygiene across an entire company, comprehensive training programs for new and existing employees should be conducted, particularly when certain practices change. Learn more about information security standards or further tips on cyberattack prevention to your data safe.
Held Ransom with Encrypted Data? Here’s What to Do
So you’ve found yourself locked out of your computer or other device after having accidentally clicked on a malicious link – and now, a pop-up message has appeared demanding a sum of $10,000… or else. What should you do?
For starters, U.S. government law enforcement agencies agree: to ensure the smoothest recovery process (if possible at all), paying the ransom is never advised – no matter how much has been demanded.
According to the FBI, some victims who paid reported having never been provided keys to decrypt their data and others were subsequently retargeted in separate attacks or asked to pay more money.
“Paying (a ransom) could inadvertently encourage this criminal business model.”
“Paying could inadvertently encourage this criminal business model,” the agency advises.
While police and local governments are valuable resources at first, CISA recommends that for a more accurate response, authorities including itself, the FBI or even the Secret Service should be contacted as well.
Data recovery is the most expensive component of all cyberattacks, according to Accenture. But Certitude Security can help ensure your business is never but in this difficult position by putting all the necessary preventative measures in place.