It’s no secret that ransomware attacks continue to grow each year and can be devastating for small and mid-sized businesses.  One simple security mistake can quickly spread ransomware throughout your organization’s network.

Ransomware is particularly appealing to hackers of all skill levels due to its ease of use coupled with the fact that ransomware strains are readily available on the dark web for purchase.

One of the first steps to better protect your organization and your data is to understand the ransomware threat.

What is Ransomware?

Ransomware is an ever-evolving form of malicious software that encrypts a victim’s information, rendering files and devices unusable. The cybercriminal holds data hostage while demanding a ransom in exchange for decryption.  Ransomware is often designed to spread across a network and target database and file servers, quickly paralyzing operations and bringing businesses to a sudden halt. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses.

Ransomware is different from your typical cyberattack because the hackers are not primarily interested in stealing data from your business. Instead, they want to hold it hostage. For example, imagine a burglar for an analogy. A burglar will break into your home and take your TV.  But in the case of ransomware, they’re going to break into your home, change your locks, put bars over the doors and windows, and tell you that you have to pay them to get back into your house again.

There are two main types of ransomware.  The first type can lock a user out of the computer, making it inaccessible.  The second type, and most common form, will encrypt files stored on the computer.  In each instance, a ransom note will appear, providing instructions on the cost associated with retrieving the data or unlocking the computer and a time frame for which to pay it.  The ransom amount and consequences will vary depending on the type of ransomware that has infected the computer and the hacker deploying the script.

Who is Behind a Ransomware Attack?

State-Sponsored/Criminal Enterprise

When most people think about who is behind ransomware attacks, they imagine a bored teenager behind a keyboard.  However, the most brutal and far-reaching ransomware attacks are really run like a business by cohorts of hackers working in tandem.

Much like a business, ransomware perpetrators work in a coordinated organizational hierarchy and are often backed by state-sponsored foreign adversaries. These groups delegate labor by skill sets and operate with the express intent of generating “revenue.”

Just like a business, they reinvest the “revenue” to grow their criminal enterprise further, enabling them to develop even more sophisticated ransomware.  Cybercriminals continue to adjust and evolve their ransomware tactics over time.

Bad Actors

There’s an entire growing and evolving world of bad actors lingering just below the surface of the internet.  Bad actors of all levels and skill sets hang out in dark web forums. These forums are home to shady chat rooms where these bad actors exchange information, tips, and tricks from their latest conquests, often even bragging about their trophies.

But these forums also serve as malware bazaars where hackers are often hawking different forms of malware. Ransomware and the popularity surrounding Ransomware-as-a-Service (RaaS) make it simple for hackers of all skill levels to gain access to and deploy attacks.  The chilling fact is that just about anyone with $150 in a bitcoin purse can get their hands on RaaS, and with very little skill, they too can launch attacks.

Who Are They Targeting?

Anyone with a computer connected to the internet is a target. Advancements in technology, including migration to the cloud and increased usage of phishing campaigns, have drastically leveled the playing field between large corporations and SMBs regarding their cybersecurity attack surface.

The enterprise is simply a numbers game for bad actors that have invested time and money into ransomware.  By purchasing lists on the dark web, they know that the more businesses they target, the higher the chance hackers have of turning a profit. This means that everyone is a target.

Where is Ransomware Located?

Ransomware threats are lurking in almost every corner of the internet, including but not limited to email links and attachments, online advertisements, smartphone and tablet apps, in the cloud, and through injection via system vulnerabilities.

  1. Phishing emails generally contain links that, once clicked, will reroute the user to an infected website.  Unless the email is from a trusted source, or if there is any doubt, never click on the link or the attachment.
  2. Online advertisements connected to a ransomware attack are known as malvertising.  The user can unknowingly begin installing the malware by clicking on an advertisement. Or, the ads contain a script that checks the computer for vulnerabilities, allowing the ransomware to download and install.
  3. Smartphone and tablet applications are common targets, especially when downloading from a third party.  Unless the app is from a trusted source such as Google Play or the App Store, don’t download it.  Once infected, if the phone or tablet is connected to a cloud-based file-sharing platform, the ransomware can potentially spread from the infected device to the user’s other devices.
  4. Lastly, ransomware can enter a system the old-fashioned way – through vulnerabilities.  Externally facing systems that are unpatched can be easy targets. Without a patch management program, your computers and other systems are more vulnerable to attack.

How Can a Business Prevent Ransomware?

Ransomware is notoriously challenging to prevent entirely. There is no silver bullet to protect your business from ransomware, which means no company is immune.

Some of the most cautious and diligent companies still fall victim to these attacks.  By implementing the following security best practices, the likelihood of being infected with ransomware drops precipitously. Safeguarding your business from ransomware with security best practices could save your business millions of dollars in losses due to interrupted operations, data loss, and other consequences.

It’s essential to understand how ransomware infects computers before delving into prevention. One attack vector hackers use is malicious websites to lure unsuspecting victims into clicking infectious links. The preferred means hackers use to prey on you, and your employees are phishing emails.  Therefore, training and education are the most important security practices organizations can launch to avoid ransomware.

Security Awareness Training

Establish security awareness training for your employees to educate them on how to spot a phishing email. Then, regularly test their skills in detecting and avoiding infections. Bad actors often repeatedly send phishing emails and text messages, waiting for someone to be distracted and accidentally click a malicious link.  They know that persistence pays off when they only have to find one weak link in the human firewall.

Backup Data Regularly

Backing up your data regularly is a vital safeguard in preparing to recover from a ransomware attack. “Do you have backups?” is one of the first questions that come up in the early stages of the incident response process.  Furthermore, it is crucial to secure your backups, ensuring that your backup systems do not allow direct access to backup files.

Ransomware will look for data backups and encrypt or delete them so they cannot be used to recover. We also highly suggest backing up your files with triple redundancy, meaning having three copies of your backups using two different formats, with one backup off-site.

Patch Your Systems

Ensure all operating systems, browsers, and programs are up-to-date. Technology manufacturers and software providers release patches regularly to ensure their systems are secure from the latest security threats. Thus, it is essential to keep up with these system patches and maintain updates for your browsers and other programs like Flash and Java.

For businesses, penetration testing is one of the best ways to identify unpatched systems and other vulnerabilities in their network.

Use Security Software

Use security software such as endpoint protection, web filtering, and anti-phishing email software to significantly reduce the chances of a malware infection.

Limit Administrative Privileges

Once hackers are inside your network, they typically seek to gain control of an administrative account. The more users you have granted administrative privileges to, the more accounts bad actors have a chance to hack into and compromise. Once they gain administrative control, bad actors can move quickly and more efficiently throughout your company’s infrastructure.

Engage a Trusted Security Advisor

Ransomware threats are constantly changing, so it is vital to have a trusted security advisor help guide your organization on best practices. They can identify the security controls for mitigating the threat of an attack and assist in the event a breach does occur.

How Can an Incident Response Plan Help?

Organizations that create regular backups train employees to identify threats, patch, limit administrative privileges, and run anti-malware software will make it much harder for attackers to succeed. Even with all these safeguards, no company is 100% protected from ransomware, so it is important to have an Incident Response Plan (IRP) in place and practice it with tabletop exercises.

The best advice is to be prepared for the worst because it’s not if. It’s when. Training and preparation will drastically increase how quickly you can respond to an incident while decreasing incident costs and ancillary risks. Without an IRP, the response is often chaotic, emotional, and disorganized.  This is why putting together an incident response plan is critical to mitigating cyber risk for your business.

What Should Be Included in an IRP?

Developing an IRP is not an easy task that can be accomplished in a day.  Some of the things you might include in your plan might be:

  • Outline your main primary contacts.
  • What an incident will look like.
  • Does it require legal counsel?
  • Who requires notification?
Categories: Ransomware

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *