Everything You Need to Know About Ransomware (2019 Edition)

Virtual ArmourCybersecurity

Everything You Need to Know About Ransomware (2019 Edition)

Ransomware is becoming an epidemic in the cybersecurity world, with new strains being created continuously by criminals to extort money out of unsuspecting users. While there is no way to shield any device from malicious attacks such as ransomware completely, there are a few things you can do to reduce your chances of falling victim.

What is Ransomware?

Ransomware is a type of malicious software, or malware, that is designed to deny users access to their computer system or data. The cybercriminal then demands payment and promises to restore access to the system or data once the ransom has been paid.

According to Forbes, cybercriminals are increasingly targeting small businesses, costing companies millions of dollars each year, and ransomware is no exception. Ransomware can cripple a business or organization, and according to the United States Cybersecurity and Infrastructure Security Agency (CISA) recovery can be a challenging process, and may require the services of a cybersecurity expert. While some organizations simply choose to take the hit and pay the ransom, there is no guarantee that control over the system or data will be returned to the organization it belongs to.

The first recorded instance of ransomware occurred in 1989 and targeted the healthcare industry. With the introduction of Bitcoin and other cryptocurrencies, it has become even easier for cybercriminals to use ransomware to extort money from users because cryptocurrencies are not handled through traditional banking or payment methods.

How Does Ransomware Work?

Phishing

The most common ransomware delivery method is phishing. Phishing is a tactic that involves sending an unsuspecting user an email or other digital messages that attempts to trick the user into granting access by posing as a company that you can trust.

Phishing emails that are used for delivering ransomware include a malicious link or attachment that infects your computer with the ransomware if it is clicked on or opened. Once the ransomware has access to your digital device, it encrypts your files or locks you out of your system. The only way to regain access is to use a digital key, which is held by the attacker.  

Doxware

Doxware is very similar to ransomware, except that instead of holding files hostage until a ransom is paid the attacker instead threatens to release sensitive files unless the user agrees to pay the ransom. Unfortunately, even if you pay the ransom, there is no guarantee that your compromised files, and the sensitive information they contain, will be kept private.

Ransomware Costs More Than Just Money

On top of the money for the ransom, ransomware has other associated costs. These costs include:

  • Replacing damaged data or hardware
  • Recovering the data that was lost
  • Lost income due to business disruptions both during and after the attack
  • Additional IT costs such as overtime increased security costs and the cost of any additional personnel
  • Cybersecurity investigation and forensic services in the case of a data breach
  • Reputation management costs
  • Training for employees to prevent future attacks

On top of any ransom costs, you may be looking at tens or even hundreds of thousands of dollars in additional costs. While many larger organizations may be able to absorb those costs, a small or medium-sized organization may not have the resources to cover such a significant and unexpected expense.

What Should I Do If My Computer Becomes Infected?

If your computer is infected by ransomware, you should notify the team member responsible for cybersecurity at your organization right away. If you use a MSSP (Managed Security Services Provider) you should notify them and they can recommend an appropriate course of action. If you are a home user, or your organization does not have an internal cybersecurity team or a contract with a reputable external cybersecurity firm you should disconnect your computer from the rest of your network immediately and remove any external devices (such as hard drives or USB drives) before contacting a cybersecurity expert for assistance.

Should I Pay the Ransom?

Most experts agree that you should not pay the ransom, as this will fund future attacks against others but also encourage ransomware cybercriminals to strike again.

Paying the ransom also will not guarantee that control over your data or system will actually be returned to you. However, if you do not have proper backups, you may not have much choice. Many businesses that would permanently lose access to their system or data because of inadequate or nonexistent backups, and may be forced to permanently shut down because of the loss, choose to take their chances and pay the ransom.

In many cases, the ransom is carefully calculated so that the price is both low enough that the victim will pay it and low enough that it is more cost-effective than reconstructing the encrypted data on your own but still high enough that the cybercriminal feels the attack was worth the effort.

How Can I Protect Against Ransomware?

The technological landscape is continually changing and evolving, and cyber attacks like ransomware evolve and change too. As such, there is no way to protect your data completely. However, there are several things you can do to minimize your risk of infection and safeguard your digital assets even if you fall victim.

Invest In Employee Training

Your employees are your first line of defense when it comes to ransomware. Make sure that all employees who answer emails, phone calls, and text messages for your company know not to give out any personal information. You should also train your employees to recognize phishing attempts and make sure that everyone knows what to do if they encounter something suspicious.

Have Proper Backups

Regularly backing up your data can minimize the damage done by a ransomware attack. While you will still lose any data, your organization has generated since the last backup you may retain enough of your data that you can avoid paying the ransom and instead reconstruct the small amount of data that is truly lost. An encryption expert may be able to unencrypt your data or system for you, but you should not base your ransomware cybersecurity strategy on this possibility.

Proper backups are not a silver bullet, but they may be able to help mitigate damage and minimize downtime.

Implement Access Restrictions as Well as Reporting and Tracking

Not everyone in your organization needs to be able to access everything. Employees should only be granted access to data and system areas that they need to do their job, and all devices that can access your organization’s network should have robust security programs installed.

By limiting access, you can help contain any damage that occurs as a result of a ransomware attack.

You should also have robust reporting and tracking protocols in place so that if an attack does occur, you can trace it back to its source and use that information to protect your organization against future attacks.

Fortify Your Phishing and Malware Safeguards

You should protect all incoming email against phishing and malware, and take steps to protect domain names, employee names, email addresses, and other company identifiers from spoofing.

Secure All of Your Systems

Make sure that all software, including anti-virus software, is kept up to date. When software companies discover vulnerabilities in their products, they release patches, which fix the security vulnerabilities for you. However, out of date software cannot take advantage of security patches. Also, patches let cybercriminals know exactly where vulnerabilities in older versions of the software exist, making it easier for them to gain access to out of date programs.

Rely on a Trusted MSSP

Not everyone is a cybersecurity or ransomware expert, and that is okay. Many small and medium-sized organizations may not have the resources or people power to justify supporting an in-house cybersecurity team, and instead place their trust in MSSPs.

MSSPs, or Managed Security Service Providers, consist of a team of cybersecurity experts who can help you create tailored solutions to safeguard your organization’s digital assets 24/7/365, help you craft and implement robust cybersecurity protocols, offer employee cybersecurity training, and help you limit or mitigate the damage if a breach does occur.