October 12th, 2021
Ransomware attacks have become a growing problem, with the number of attacks more than tripling in just one year alone, and the Federal Bureau of Investigation (FBI) reporting that over 4,000 ransomware cases take place every single day. Ransomware and its effect on organizations have become such a big issue that even President Biden and Russian president Vladimir Putin were forced to come to the table earlier this year over an infamous Russian based ransomware operation targeting international organizations – including a number of organizations in the United States.
Ransomware, a form of malware, enables cybercriminals to target any device within an organization’s network or the device of any individual connected to the internet, posing huge threats against an entity’s information security and their ability to operate. Your sensitive information being restricted for just a short time can cause catastrophic damage to your operations, not to mention the high costs associated with being a victim of the ransomware attack. So, in this article, we’ll take a close look at what ransomware is, how to spot it on your network, and how to protect your information.
Ransomware has become one of the most popular types of malware for attackers, with some organizations paying in the millions to regain access to their data. Even the famous talk show host Trevor Noah recently ran a segment on ransomware in The Daily Show! But what exactly is ransomware and how does it work?
Simply put, ransomware is a form of malware that encrypts a user’s or entity’s information and holds it at ransom. When your information is encrypted by an attacker, you can no longer access files, applications, and databases unless the cybercriminal grants you access through decryption, which is paid for through the ransom.
Attackers realize that if they can get away with it, there is a lot of money to be made through ransomware attacks. In fact, ransomware has become so popular among cybercriminals that it’s possible for attackers to access RaaS (Ransomware as a Service), which allows them to leverage the resources of established ransomware experts. This is one of the reasons ransomware attacks have exploded since 2020, so it’s worth taking a closer look into how ransomware attacks work.
During this process it’s important to note that cybercriminals rarely exploit zero-day vulnerabilities. Rather, they exploit vulnerabilities that have been known for some amount of time – sometimes months or even years.
One of the main things to understand about ransomware is that it knows no boundaries. Getting ransomware on your device from home is just as possible as getting it on a corporate level server. So below, we’ll review some of the common ways to spot ransomware on your device so you can take action and better protect your information.
One of the most common ways ransomware attacks start is through phishing emails, where the hackers attempt to socially engineer users to open their message and click on links that execute malicious code.
Ransomware on your system may result in unusual activity such as log-in irregularities and failures, odd registry or system file changes, large numbers of requests for certain files, a high number of failed file modifications, sudden changes in file access permissions, and DNS request anomalies, among other things. The key here is to look for anything unusual that is happening on your device or network.
There are a number of available options for anti-ransomware tools such as the suite of tools from Kaspersky for personal and enterprise use. These tools scan your system for known ransomware or what could potentially be ransomware.
Increased CPU and Disk Activity
If you see increased CPU activity for no apparent reason, this could be due to ransomware removing, encrypting or searching for files on your device.
Sudden Difficulty Finding Files
Ransomware can not only encrypt files, it can delete them, rename them and relocate them.
Obviously, no business is immune to the threats of ransomware, but we encourage you to use the above suggestions to spot ransomware in addition to educating all the stakeholders in your organization on how to spot things like phishing emails, suspicious links and other signs of malware. Malware infecting just one machine can ultimately cause an entire network to go down, so educating users is a powerful strategy.
Experiencing a ransomware attack can be catastrophic to your operations as well as extremely expensive and time consuming to recover from. But there are a number of things you can do to protect yourself from these dangerous attacks. Here are some options to consider:
Keep Devices and Software Updated
Your first line of defense against a bad actor getting onto your network or into your device is ensuring your system and devices are updated. Remember that bad actors look for known vulnerabilities – so the second an update is available for a vulnerability on your machine or software, be sure to update right away.
Secure Protocols and Password Management
We covered password management in depth in our Password Management Tools article but, for starters, you’ll want to make sure never to use default or weak passwords for anything related to your information, and whenever possible use hardware keys, such as a Yubikey.
Restrict User Permissions Where Applicable
This is all about restricting permission for certain users to install unwanted software applications or make unauthorized changes to operating system settings, among other things. Restricting these permissions helps prevent ransomware from entering your device and potentially spreading throughout your network.
Use Multifactor (2FA) Authentication Where Possible
Using 2FA on as many accounts as possible helps to defend against bad actors gaining access to your infrastructure and sensitive information.
Filter Emails With Attachments
Consider implementing a system where emails with any attachments are automatically filtered and checked to ensure they are safe, before allowing the intended recipient to access those attachments.
Use Discretion When Accessing Information
Beyond the above protections, you should always assume that any email, link, webpage or file can be malware. Never open unsolicited emails, even when they come from people in your network.
Periodic backups will allow you to keep your data safely stored off your internet accessible network and machines, and they give you the certainty of maintaining ransomware-free data and information. In the event that your systems and information are infected with ransomware, your backup may be the only source to salvage your data and return to normal operations quickly.
Here are a few important notes on keeping proper backups:
If you suspect you’ve been hacked, consider the following 4 steps:
The answer to this question ultimately comes down to what’s at stake, however the FBI advises that you should avoid paying a ransom in ransomware cases, as there is no guarantee the attacker will decrypt your data and give you access.
Further, only one in ten companies that pay a ransom get all their data back and paying the ransom could cause the name of your organization to make the rounds in cybercriminal circles and make you an attractive target for future attacks. Additionally, paying a specific attacker could set you up for bigger ransoms from that same attacker going forward.
The severity and scale of ransomware attacks is growing with no immediate signs of slowing down. And as this area of cybercrime grows, it becomes increasingly important to protect your devices, network and organization from falling victim to these malicious attacks. If you want to learn more about how to protect your sensitive information from ransomware attacks, reach out to our cybersecurity experts at firstname.lastname@example.org.