Believed to have first been identified in 2013, ransomware is still floating around the web and is more dangerous than ever. According to cyber security experts, ransomware attacks increased globally by 40% to 199.7 million cases at the end of last year. The US alone observed 145.2 million ransomware hits in Q3 2020, which is a 139% year-over-year increase. By the end of 2020, ransomware costs were projected to reach $20 billion for businesses across the world.
Ransomware is a type of malicious application that uses common attack vectors (phishing emails, website downloads, etc.) to run on a user’s computer. Once installed, the software locks the user out while it encrypts everything it can get its hands on in the background. Anything the infected computer has access to is a target, including the local hard drive, connected USB sticks, external hard drives, network connected storage locations – i.e. your server shares – mapped folders, database connections, and home folders – everything as far as the malware can see.
During this process the cyber attackers demand ransom which can range from a few hundred dollars to thousands – sometimes millions – payable in Bitcoin, for the decryption key. Bitcoin provides the attacker with an anonymous payment mechanism that makes it very difficult for law enforcement to track them down. Additionally, some variants include a countdown timer for the transaction to take place, promising to delete the decryption key once the timer runs out and ensure your data is never recoverable. For the unprepared, this presents an overwhelming sense of urgency that often guarantees the attacker’s payment.
An example of an extremely successful and devastating cyberattack used a ransomware program called CryptoLocker. According to Wikipedia: “CryptoLocker was isolated in late-May 2014. During the operation, a security firm involved in the process obtained the database of private keys used by CryptoLocker, which was in turn used to build an online tool for recovering the keys and files without paying the ransom. It is believed that the operators of CryptoLocker successfully extorted a total of around $3 million from victims of the trojan.”
There are two primary lessons to take away from the article.
- You can’t rely on ever getting decryption keys for your data. Encrypted data should be considered lost, regardless of any other hope.
- The first ransomware extorted around $3 million from victims in 2014. In 2020, businesses across the globe paid up to $20 billion in ransoms. The problem is getting worse, not better. Preparation is up to you.
As long as users continue to leave their systems vulnerable and their data unprotected, resulting in purchases of their Bitcoin ransoms, attacks will continue – they make good business sense for criminals.
How to Stay Protected
By following essential preventive measures, you can easily keep the ransomware attacks at bay. Users should be vigilant with unrecognized or suspicious emails, and ensure proper precautions are taken with downloads and attachments. Let’s walk through some “must follow” cyber security practices:
- Avoid clicking questionable links: Never click on suspicious or untrustworthy links, attached in unsolicited emails.
- Back up your data: A good backup has both an on-site and off-site component. There are countless inexpensive online backup solutions for individuals and their devices. For businesses, a data-redundancy or disaster-recovery plan should be in place with Recovery Time Objectives and Recovery Point Objectives clearly defined.
- Don’t disclose your personal information: If you receive any call, text, or email which is asking for your personal details like banking information or any account information, always verify the source of those contacts. Cyber criminals steal personal data to misuse it for malicious campaigns or financial frauds.
- Use content scanning and filtering security software: It is advisable to use said software on your mail server, as well as content filtering software at the firewall level, to prevent a ransomware attack. The software helps by reducing the likelihood of a malicious email or download reaching your computer
- Security awareness program for employees: As an organization, you would always want to secure your confidential data from all types of cyber attacks. Therefore, it is important to conduct a cyber security awareness program among employees that will disseminate detailed knowledge of attack vectors and how to reduce the chances of ransomware attacks.
- Keep all your systems up to date: Guaranteeing that your computers, servers, mobile devices, and network storage devices are up to date is critical for ensuring your data’s security. Businesses should also have a robust third-party application update process in place as well.
What to do if You Get Hit
If one of your users is unsure that they have been affected, stop what you are doing and unplug the infected computer from the network immediately. If the malware has spread to other systems, unplug those from the network as well. It is not always advisable to power off the system, however, as the unique decryption keys may not have already been generated, it could decrease the possibility of retrieving them in the future. Call your network administrator immediately and explain the issue with as much detail as possible. Don’t go wildly searching the internet for help – trust me, it will do the opposite.
Even the FBI says not to pay the ransom. There’s no way to know if you will get a decryption key after payment and payment gives the attacker financial support and incentive to continue to attack other people and companies.
Your best option for cleaning the infected systems is by performing a complete wipe, starting from scratch, and restoring data from backups. Without completing that process, there is no way to fully trust the system moving forward. Without a backup, though, you might need to contact a data recovery facility to see what can be retrieved. Backups are the most important tool in your arsenal to protect against malware.
If you or someone you know is a victim of ransomware, or any other form of malware, give us a call. We’ll take care of everything you need – from hardening the network, to immediate incident response, to working through the disaster recovery and data restoration process.