Beware of the many forms of ransomware

Ransomware has proven to be a serious problem for companies large and small. It can attack your data in many ways and bring your business to a complete halt.

In many cases, restoring access to and use of pirated information can cost hundreds of thousands or millions of dollars.

According to the 2021 Chainanalysis Crypto Crime Report, the total amount paid out by victims of ransomware grew by 311% in 2020 to nearly $350 million in cryptocurrency (the most popular form of payment), and the problem will continue to grow.

In general, the best defense against a ransomware attack is a good attack. Understanding the different forms of ransomware can help a company prepare for an invasion. Here are some tips to help you deal with any type of cybercriminal.

First, for those unfamiliar with ransomware, it is a virus that silently encrypts a user’s data on their computer. It can infiltrate your system and deny access to key information, disrupting or halting all business activity.

After an attacker steals and encrypts data, a message may appear asking for a sum of money to restore access to the information. The victim only has a certain amount of time to pay the cybercriminal. If the deadline passes, the redemption may increase.

Some types of ransomware have the ability to seek out other computers on the same network to infect. Others infect their hosts with more malware, which can lead to stolen login credentials. This is especially dangerous for sensitive information such as passwords for bank and financial accounts.

The two main types of ransomware are called Crypto ransomware and Locker ransomware. Crypto ransomware encrypts various files on the computer so that the user cannot access them. Locker ransomware does not encrypt files. Rather, it “locks” the victim out of their device, preventing them from using it. If it prevents access, the victim offers to pay money to unlock their device.

There have been many high-profile ransomware cyberattacks over the past few years. These include…

“WannaCry” in 2017. It has spread to 150 countries, including Great Britain. It was designed to manipulate Windows vulnerabilities. By May of that year, it had infected more than 100,000 computers.

The WannaCry attack affected many UK hospital trusts, costing the NHS around £92 million. Users were locked out and ransoms were demanded in the form of bitcoins. The attack exposed the problematic use of legacy systems. The cyber attack caused financial losses of around $4 billion worldwide.

Ryuk is a ransomware attack that spread in mid-2018. She disabled the Windows System Restore option on the PC. Without a backup, it was impossible to restore the encrypted files. It also encrypted network drives. Many of the organizations targeted were located in the United States. The required redemptions were paid, and the amount of losses amounted to 640 thousand dollars.

KeRanger is believed to be the first ransomware attack to successfully infect Macs running OSX. It was installed in the installer of the open source BitTorrent client, also known as Transmission. When users downloaded the infected installer, their devices were infected with ransomware. The virus lies dormant for three days and then encrypts about 300 different types of files. It then downloads a file containing the ransom, demands one bitcoin, and provides instructions for paying the ransom. After paying the ransom, the victim’s files are decrypted.

As ransomware becomes more sophisticated, the techniques used to spread it also become more sophisticated. Examples:

Installation fee. It targets devices that have already been jailbroken and can easily be infected with ransomware.

Downloads for travel. This ransomware is installed when the victim unknowingly visits a compromised website.

Links in emails or social media posts. This method is the most common. Malicious links are sent in emails or online messages that victims can click on.

Cyber ​​security experts agree that if you are the victim of a ransomware attack, don’t pay the ransom. Cybercriminals can still store your data in encrypted form even after payment and demand more money later.

Instead, back up all your data to an external drive or the cloud so it can be easily restored. If your data is not backed up, contact your online security company to see if they offer a decryption tool for these circumstances.

Managed service providers can conduct a risk analysis and identify a company’s security risks for free.

Understanding the vulnerabilities of a potential intrusion and preparing to address them in advance is the best way to prevent a cyber thief from wreaking havoc on your company.