In today’s world with the current COVID pandemic more and more people are working from home. It is important that we highlight one the current security trends that criminals are using maliciously to profit during the pandemic. Ransomware is their preferred method of choice.
What is ransomware? Ransomware is a piece of software with the malicious intent of gaining access to files and systems in an attempt to render them useless by encrypting the data. The first ever documented case of ransomware was in 1989. It was spread through diskettes containing information about AIDS. The unsuspecting users opened the file which uploaded the malware on their computers. This prevented their computers from booting up normally.
Ransomware has become more sophisticated over the years. Different methods for distributing the malicious file have developed as well as different behaviors and features once the Ransomware is deployed. Ransomware has become a mainstay in the last decade and a nightmare for many industries across the world. Many people and businesses have lost important and confidential data from these attacks and deeply impacted trust among their clients and partners. Some business and entities have been unable to recover from their Ransomware infection and have closed their doors entirely.
Since ransomware’s prevalence in the last decade, it has been a very profitable industry for organized crime. Many criminals are using ransomware to attack small\large businesses, hospitals, and government entities. A notable attack of large magnitude was the ransomware attack on the City of Atlanta. Approximately 3,800 computers were encrypted by the attack rendering them useless without paying the Bitcoin bounty per computer. The fallout from that attack cost the city millions of dollars in losses, in addition to shutdowns that deeply impacted city constituents when data and services were unavailable. Ransomware does not only impact large entities – their stories are more likely to be shared in global news reporting, but small businesses, local government and school districts are just as likely to become Ransomware victims.
Ransomware is readily available to criminals who want it. Criminals are able to buy Ransomware as a Service (RaaS) from other criminals on the dark web. They are able to buy it as a standalone service or rent it for a fee from the malware designers. Since the start of the COVID pandemic criminals have focused their attacks on remote users. Many of those remote users are working from home on personal devices due to the fact that laptops and mobile devices are in high-demand and not widely available due to supply issues. This makes them a prime target due to the lack of antivirus and software/OS updates applied to those devices. Criminals are able to take advantage of unpatched devices and lack of anti-virus and use phishing attacks to unsuspecting users through email.
What can be done to prevent and combat ransomware attacks in the future? Practicing good cyber hygiene is a good way to prevent attacks. Practicing good cyber hygiene entails keeping your computer properly updated with the latest updates and patches from vendors and third parties. When Microsoft ended support for Windows 7 in January 2020, users should have stopped using Windows 7 machines. There are still many home and business users actively working on Windows 7 machines and putting their data and company at risk. When scheduled Windows or Mac OS updates are released, you should install these on your computer. You should also pay attention to software updates available, including your anti-virus software. Keeping your computer and devices updated prevents criminals from exploiting vulnerabilities in software that is currently installed in your device. It is important for both Windows and Mac users to keep their machines updated – Ransomware can impact both types of machines.
Keeping a good backup of all your data is very important to combating ransomware. In the event that your data was compromised, you are able to recover and restore your data without paying a hefty ransom fee associated with the encryption of your data. When ITS has helped clients recover from Ransomware, our best success stories have involved a good data backup. We are able to reset machines and servers and restore them to a pre-Ransomware point. It is never recommended to pay criminals for decrypting your data. There is no guarantee that they will decrypt your data once the fee is paid.
Over 90% ransomware victims are infected through email. Microsoft Word documents and PDF files are some of the most popular carriers of Ransomware files. You should always verify the sender information by looking at both the name and email address. When in doubt, check with the sender personally to ask if they meant to send you an attachment. You should always hover over links within emails and see if the address that appears when you hover is an address you expect to visit. Along with a spam filter, ITS uses a link protection service for our email that inspects each address and blocks us from visiting the website if the service finds the link malicious. There are several types of tools available to protect your users and your data.
As you can see, ransomware is not something to be taken lightly. Practicing good cyber hygiene goes a long way to preventing ransomware attacks and other forms of cyber threats. Contact ITS to learn more about auditing your threat awareness or products and services available to prevent cyber disasters.