What Do You Know About Ransomware?

Other than it’s terrifying and you pray it never happens to you. 

In the Verizon 2020 Data Breach Investigations Report, the entire goal of a ransomware attack is “to disrupt operations badly enough and long enough that the organization will pay the ransom.” The average ransom in Q2 2020 was $178,254 — a 60% increase from Q1.

What Is Ransomware?

Ransomware is when a hacker has encrypted data, so the victim cannot access any systems or data until the ransom has been paid. Then and only then will they release the decryption key. While a business is frantically trying to figure out a ransomware attack under the threat of destruction or publication of sensitive information, their operations are also at a standstill.

The Challenge in Detecting Ransomware

It’s almost impossible to detect a ransomware attack fast enough to deter any damage. Hackers will use social engineering techniques, which help influence a person to act on something that might not be in their best interest. These techniques used will install ransomware and even military-grade encryption to jumble sensitive information. It’s a type of trick to build trust to make fraud easier.

Once a device or other endpoint is infected, the ransomware will start to reproduce itself throughout the network in 3 seconds on average. Typically the victim becomes aware of the attack once the ransomware has encrypted their data and the hacker demands payment.

How Did You Get That Infection?

Probably from something on this list. 

Spam and phishing emails — Ransomware creators usually act as legitimate users to trick others into downloading something malicious. Having a strong email security system that verifies who sent messages and checks email attachments is extremely important.

Malicious websites — Some websites host malware and phish for sensitive information like login credentials. This requires user interaction like clicking on fake ads, social media links and entering their personal information in fake login fields. Reviewing the company browsing policies to enable safe browsing is a must for protection.

Infected removable drives — Flashdrives can have malware that will install automatically when it’s connected to a computer. Making sure your computer is running security cans of removable drives.

Malicious apps and plug-ins — Malware is bundled with software that is being shared from a third-party website. Make sure you know what you’re installing and only download software from official websites. It is also wise to have permission settings to block installs.

Types of Ransomware

• Locker ransomware — This type of malware restricts access to the infected device.
• Crypto ransomware — Considered the most dangerous type of ransomware, this malware blocks access to stored data and files. The user’s data is held while the hacker demands a ransom to give up the decryption key; however, paying doesn’t guarantee you will get the key.
• Mobile ransomware — Mobile Ransome starts on a mobile device and then is passed on to a computer. In most cases, it will then show a message claiming that the device has been locked due to some illegal activity.

How to know if you may have ransomware

• Unusual file system activity, like hundreds of failed file modifications (the ransomware attempting to access those files)
• Increased CPU and disk activity for no apparent reason (the ransomware removing data files and encrypting data.)
• Blocked access to certain files (ransomware encrypting, deleting, renaming, or relocating data)
• Suspicious network communications (ransomware and the hacker’s server.)

Best Practices for Ransomware Detection

No business is immune to cybersecurity threats, but several best practices will reduce your risk of falling victim to a malware attack and enable you to spot attacks in progress.

Education + Employees

Education about what to do when coming across a suspicious email or link should also contain information about red flags to watch for malicious emails, such as:

• Corporate-looking email accounts
• Suspicious file attachments
• Suspicious links 
• Monitoring your systems
• Monitor for suspicious activity. 

Things that can Help

Scanning system files for abnormal activity, such as. Hundreds of failed file modifications.  Log all incoming and outgoing traffic. Define the baseline for normal user activity and proactively look for irregularities. Promptly investigate any unusual activity.

Create Honeypots

A honeypot is a lure for hackers which contains fake file repositories that look legitimate. When a hacker goes after a honey pot, it is easier for you to see the activity and remove the malware. The earlier the discovery, the faster you can protect your infrastructure from being compromised.

Software Solutions

Use a type of software with antivirus / anti-ransomware tools that will warn you of threats.

Check email content

• Configure email settings to automatically filter incoming mail and block suspicious messages from entering the inbox.
• Reject files with certain extensions in mail attachments, such as executable files.
• Ransomware is an especially challenging form of malware to detect and protect yourself against.
  By implementing some of these tips or reviewing the current settings, you can ensure the sensitive information is protected.
• It is also recommended to educate employees about red flags and vulnerabilities, establishing processes and systems for preventative monitoring, and installing anti-ransomware software and tools. Organizations can effectively mitigate ransomware when employees are updated to the ever-changing types of fraud.

Hopefully, you now know a bit more about ransomware and can either implement new policies or be reminded to review the current setup. 

Interested in more fraud? Check this.