What is ransomware and how can we protect?

Unfortunately, ransomware attacks are happening more frequently. Just as a reference, this year, there have been cases from the very beginning of January up to now. Every single month! This inglorious activity seems not to stop at all.

Everybody in the world can be targeted. Individuals, companies, all types of organizations are potentially at risk. Some countries have been more attacked than others – the U.S., the U.K., France, Netherlands, Japan, Canada, etc, but as we said, it is happening everywhere.

Different and sensitive fields are suffering from this plague – government, education, services, manufacturing, healthcare, technology, retail, utilities, finance, etc. With such data, it is natural to be scared. Lots of cases already have shown how harmful these attacks can be. Ransomware is costing millions per year to its victims.

Due to the amounts of money that are already involved, the way attacks get implemented, their frequency, and criminals’ organization, this activity really is a malicious but profitable industry. How exactly does it work? Can we somehow be safe? How? Let us explore the topic deeper.

What is ransomware?

Ransomware is malware, software specifically created to harm networks, servers, or computers, that uses encryption to keep targets’ information at ransom. Through this malicious software, perpetrators can encrypt key data of users or organizations. Targets won’t be able to access their applications, databases, files, or complete devices until they pay the ransom demanded by the attackers.

How do ransomware attacks work?

Usually, a ransomware attack works as following:

1. Infecting the target. Once the target is chosen, malware must infect it. Malware can be spread through websites, phishing, spam, infected files attached to an e-mail (links, downloadable images, videos…), an infected application, etc. The malicious software sets up itself on the endpoint to penetrate the network and infect all connected devices it can reach.
2. Secure key exchange. The ransomware communicates with the attackers for creating the cryptographic keys they will use on the target’s system.
3. Encryption. Already in position, ransomware locks with encryption as many files as it reaches in the whole network. 
4. The demand for ransom. Malicious software displays the ransom demand for decrypting files and restoring the system’s operation. The amount of money gets established, instructions for paying too, and of course, the threat of keeping the information locked, destroyed, sold to competitors, etc. confirmed.
5. Target’s reaction for recovering the data. The target can decide to pay criminals for unlocking the information, hoping that they will respect the negotiation. The target can try to recover the information by its means. Of course, it will take time, money, and there is no guarantee of success. Here having an up-to-date backup (B-a-a-S) really helps.

The catalysts of ransomware

Extortion is as old as humanity, but its methods have evolved taking advantage of new technology’s development. When talking about ransomware, particularly some factors have boosted its growth.

New payment alternatives

Keeping hostage’s important information from others and asking for the ransom was not a problem for attackers. Their problem was how to receive the money without being traced by the authorities. Already in the late 1980s, there were cases in which, attackers demanded the ransom to be paid cash, and delivered through a postal service. Usually, the money was asked to be sent to a different country from the attackers and their targets’.

Prepaid cash cards, Western Union, and briefcases or trash bags full of cash dropped off at a specific place were other alternatives. Limitations and risks for criminals were big, and this was a brake for the activity to be widely spread. Years later, when digital currencies (crypto) became popular, attackers found the alternative for receiving ransoms instantly and keeping anonymity. 

Easy execution

Execute this type of attack also became easier with time. Currently, not even hacking, or deep technical knowledge is required. Attacks can be executed as easily as purchasing a ransomware-as-a-Service (R-a-a-S) kit. Prices vary but you can get one on the Dark Web for less than $100. Providers are shady but organized pretty much like multi-level marketing companies for sharing the ransoms.

Besides, ransomware still can be effectively distributed through more traditional ways like e-mail, attaching it to files or links, and infected plugins, images, videos, etc., that people can download from the Internet. Attackers can decide if they spend time trying to break firewalls, or just wait for users to fall into their online traps. 

Lack of prevention

Still, many companies and individuals do not prioritize measures to protect against this crime. Even basic actions like regular updating and patching sometimes are neglected. That is exactly what opens the chance for attackers to take advantage. This is how ransomware has become easy and cheap for executing, scalable, and a constant threat worldwide.

Ransomware protection

Yes, to be safe it is still possible, but you must take action. Design a security strategy based on the kind of business you own and its needs. 

Review and limit access privileges

You can also segment your network to reduce the risk, and scope of infection. Malware gets inside your network due to a collaborator who downloaded it. The ransomware will encrypt just the files it can reach, and the reaching range is defined by this user’s privileges.

Everybody having access to everything (systems and files) in your company is a dangerous decision. Administrator privileges must be for a very few people. The rest should work through local privileges, specifically for the segment, and information (files) they really need to access. Not all IT guys should have access to everything (network machinery, e-mail services, etc.) using their administrator credentials. They could be opening access to every area of the company for ransomware to operate.

Implement proficient web filtering

Current web filtering solutions offer robust functionality to keep away dangerous code like ransomware. They can detect and block malicious websites, suspiciously parked websites, or those that constantly change IP addresses. They can potentially be sellers of malware, and kits for easy execution attacks. Also include a web filtering gateway with antivirus. Incoming data packets must be filtered because legit sites also can be compromised with malicious code for infecting unsuspecting users.

Strength your e-mail security

Look for solutions that supply you with tools for SPAM filtering, antivirus, and efficient e-mail, attachments, and embedded URLs analysis for preventing and detecting threats like ransomware. As we explained, phishing is still a sadly successful method for ransomware to be downloaded and installed. The risk for every collaborator in your company to click a malicious link or to download an infected file is real. And that is what ransomware needs to access your network.

Patch punctually as a rule

This practice is a must for businesses to be safe, and prevent all types of attacks, zero-day ones included. Firmware, software, operating systems must be punctually patched. This practice is useful to prevent, but also in the case malware gets into your network, the harm can be reduced.

Recent history shows that many attacks could have been prevented by patching. Problem is, companies do not do it at all, or not as soon as the patches appear. When a patch is launched, it means specific vulnerabilities have been detected and fixed. Delaying its installation is a risk you should not take.

Consider blacklist or whitelist

Both are cybersecurity strategies for businesses’ computers. Blacklist allows your administrator to include on a list all the applications, websites, code… identified as dangerous, for being blocked from your business’ computers. Some anti-malware and antivirus solutions work this way. Blocking the access to dangerous sources included in their list. You must update the list of threats to be efficiently protected.

Whitelist means to block all functionality considered risky. The list will establish the only applications and websites people can use. Those ones considered necessary for their work, and free of risk.

Keep good and secure practices

If phishing is still efficient to infect networks, it means there is a human involved in the downloading or clicking of the malicious source of infection. Collaborators must take this crime seriously. The cost for business owners can be harmful. It is not only the ransom payment but all the cost to restore the operation and security of their systems again.

Enable security technology, but also train people to use it properly. Explain how to recognize spoofed e-mails, dangerous links, etc. Navigating on the Internet can be part of the job but help them to do it reducing the risk. Do not click on everything – must be a rule! Even legit websites could be infected. To download files or share links without checking them, to answer e-mails, social network messages from strangers could be too risky. 

Always backup

To backup your databases and crucial files is a must. Especially in the case of a ransomware attack, it can be the only way to recover your information and to get back your company on track.

Backing up involves a strategy. The recommendation is to generate a minimum of three copies. Two backups are saved in two different media (cloud, remote server, SSD drives…). And an off-site copy, considering that nowadays threats are not only cyber criminals but also climate changes. This last should live in a different location from the one your headquarters and main server are. The objective is to guarantee the integrity of at least a copy. 

To backup does not prevent a ransomware attack. It’s a way for your business not to pay the ransom, and to recover faster. You can check our Backup-as-a-Service and keep your data safe. 

Do not pay the ransom

If it happens to you, you will think this recommendation is pointless, but it is not. The more victims pay, the more profitable business for criminals. If you check statistics, you will be scared with the frequency this crime is already operating, and the amounts of money criminals are demanding.

The best is to prevent. Having a proper backup means, in the worst scenario, you could start from zero. It will take time and money, but not as much as it can go if you pay the ransom. Besides, many cases have shown, criminals do not always comply. Once they get the ransom, they vanish without unlocking your business’ information. 

To discourage criminals is important for everybody because everybody is a potential target. There are already organized efforts for promoting prevention, and for sharing experience, methods, and decrypting tools with victims for them to try to recover their information. The objective is to avoid the ransom payment at all costs. 

Can ransomware attack mobiles?

Unfortunately, yes ransomware can attack mobiles too. Consider how many smartphones are sold yearly. That is a big market, and criminals know it. There have been already documented attacks in which perpetrators used specific ransomware to lock this type of devices. Smartphones can be attacked for stealing sensitive data from users, and/or for demanding a ransom in exchange for unlocking the device. 

Tricky online strategies push users to click malicious links and to download infected files, especially through social networks. But it can also happen while downloading fake applications’ updates, software, or files attached to messages. The device gets locked, and the ransom’s demand is displayed, together with the payment method, and the time to process it. When the user pays and perpetrators really comply, the ransomware supplies a code for the user to decrypt the data or unlock the device. 

Conclusion

Ransomware attacks are a big risk for regular users, and all kinds of organizations worldwide. It has fast evolved from a small to a millionaire and harmful crime. This explosive growth must be stopped. Let us be concerned about this crime and let us implement a serious strategy to prevent it. 

History clearly shows how many victims could have prevented attacks. Do not be part of the dark statistics ransomware attacks are leaving behind. Protect your business, and your mobile now! Remember that an ounce of prevention is worth a pound of cure!

If you want to learn how to improve the security of your server, the following article is for you:

How to improve the security of your cloud server

If the topic of hacking still excites you, then read the following text:  

Types of hackers and how dangerous they are