Ransomware: It is not new that cybersecurity has become a growing problem for organizations in the wake of the digital transformation and economy on which much of their growth depends.
However, the pandemic has given an extra push, bringing new and urgent concerns to the front line, many arising from vulnerabilities caused by the home office. One of them is the ransomware attack.
Ransomware is malicious software that encrypts files and documents – often all – from a network or server inaccessible. In plain English, it hijacks a network, for which its victims must pay a ransom (hence, ransom ), under penalty of having the information leaked or deleted.
The virus is not new: its first appearance is more than 30 years old. But, since then, both how it is applied and the level of complexity of encryption have significantly increased.
In the wake of the pandemic, ransomware attacks have grown: in the volume of victims, frequency, and ransom value.
Now that we know what ransomware is, in this post, we will look at the most common types of ransomware today, how to avoid them, and what to do in the event of an attack.
How Ransomware Attacks
From the malware’s entry on the device to the request for a ransom, several other cyber attacks precede it, in a process that can last from 45 minutes to two or four months.
First, ransomware installs itself on victims’ devices. This can happen through emails or phishing messages with infected files or links, downloads from malicious websites, or vulnerabilities in specific access points, such as the RDP – Remote Desktop Protocol, VNC – Virtual Network Computing service, and the TS Port.
Once inside, criminals typically scour the network for new weaknesses and data theft. This is where they can linger because the more silently they move, the harder it is to notice them.
Encrypting or otherwise locking the device is the last step. If criminals steal data from the network before encrypting it, they threaten their victims doubly. If she refuses to pay the ransom on time, the group leaks the information on the internet.
How To Avoid A Ransomware Attack
A ransomware attack will always involve losses: relevant information, finances, the credibility of your customers and partners, or the organization’s energy.
A plan to prevent a possible attack is essential to avoid and minimize the impact and damage in case the worst happens.
The good news is that most of the vulnerabilities exploited in ransomware attacks are well-known and easy to fix. But where to act to prevent a ransomware attack?
With the home office, you must access the company’s network from your wi-fi, if not from your personal computer or cell phone. Connecting corporate or private devices to unknown internet networks, such as hotels, cafes, and airports is not uncommon.
But for this, some care must be taken so that the company does not have to rely on the security level – usually much lower – of this equipment and connections.
In addition to creating strong and different passwords for accessing the organization’s network, enable firewalls and use a corporate VPN for RDP access to ensure security. Plus, gain visibility into what’s happening on the network through SIEM to spot new anomalies right away.
As we’ve seen, most ransomware attacks start with phishing emails. And if you think you’re immune, research by Kaspersky & CORPA reveals that one in 10 employees would click on suspicious links from company devices if they were unmissable offers.
Therefore, check the origin of the message and avoid clicking on unverified links and downloading attachments if you are suspicious.
The recommendation for websites is to avoid browsing and downloading from suspicious pages and keep a good antivirus.
Antivirus And Audits
Adopt protection tools to scan both automatically and on-demand for suspicious files before they are opened or installed and file behavior analysis to identify potential vulnerabilities before they become entry points for malware.
Many ransomware attacks take advantage of software flaws, most patched by companies. That’s why having licensed software constantly updated to the latest version is one of the simplest ways to protect them from ransomware attacks.
Regularly backing up your files doesn’t prevent a ransomware attack, but it is a way to avoid losing important information if you experience one.
So knowing what information is critical to the organization and creating a solid backup strategy for that data is an excellent way to recover from an attack quickly.
The good old awareness comes from education and is a strong ally against ransomware attacks. After all, people are the weakest link in cybersecurity, and this assertion has become even more accurate with the home office.
Still, according to Kaspersky, 15% of organizations that already have a security framework are unable to inform them and, consequently, cannot enforce them by their employees.
Educating about risks and training your teams to recognize suspicious links and files, as well as to act by the organization’s policy, is essential homework. But more can be done. Cybersecurity experts recommend that employees become the organization’s first line of defense.