Ransomware attacks are one of the biggest cyber threats to businesses and government agencies in recent times, and cybercriminals are constantly creating new ways to make ransomware even more advanced and damaging.
What is ransomware?
Ransomware attacks consist of a virus being installed on the victim's computer system, for example through a phishing attack. The victim must then transfer ransom money to the cyber criminals to stop the attack.
Advanced ransomware attacks can take seconds from start to finish and can compromise companies' business-critical data, important files, systems or infrastructure. As a result, financial loss is no longer necessarily the biggest concern for affected businesses.
How does ransomware work?
A ransomware attack typically occurs when a victim receives a phishing email containing links or attachments. When the victim either clicks on a link or downloads an attachment, malware is installed on the victim's device.
Malware is a combination of the words 'malicious' and 'software'. The term malware covers any malicious software that can harm a computer. This includes viruses and Trojans.
Once the computer is infected with the malware, the cybercriminals encrypt business-critical data or files so that the company loses all rights and cannot access its own data or files. Cyber criminals can encrypt individual files or all files.
The criminals then demand a ransom to decrypt the content. The ransom is typically paid in Bitcoin, forcing companies to buy hundreds of thousands of dollars worth of Bitcoin. The cybercriminals often threaten that if the company does not pay the ransom, they will release the company's sensitive data.
How to prevent ransomware attacks
Use security software
It is important to install anti-virus software on all computers in your company and frequently run a scan on the computer's operating system to avoid viruses. It's also important to have content filters on your company email servers, as this can prevent phishing emails from finding their way into employee email inboxes. In addition, it is possible to install internet security solutions that can block malware that could potentially infect employees' computer systems.
Regularly updating your operating systems, programs and applications helps protect your business from malware. When performing updates, make sure you get the latest security patches for all your devices. That way, you reduce the amount of vulnerabilities in your systems or applications.
It is important that you regularly back up your files and data and store them on an offline network or external hard drive. That way, if a computer gets infected with ransomware and it's not possible to decrypt it, you don't risk losing your data. It also pays to encrypt data so that it is better protected against cyber attacks.
Lave a roadmap and contingency plan
It is important for all businesses to draw up a roadmap of cybercriminals' potential points of contact with the business and where the biggest cybersecurity vulnerabilities lie.
A contingency plan should then be drawn up, outlining step-by-step what to do in the event of a security breach. The contingency plan ensures a consistent and effective approach to protecting the business from a ransomware attack or to returning to normal operations as soon as possible after the business has been attacked.
In addition, it is equally important to have the plan and associated applications tested so that everyone involved knows with certainty what to do and what to communicate to other stakeholders.
Make your employees aware of cyber threats
One of the best ways to protect your data from being infected with malware is to train your employees to identify fake emails.
Often ransomware starts with phishing emails, so it's important that your employees are aware of fake emails. If you don't know the sender, it's a good idea to check the sender's email address. Does the sender match the company or public authority that the sender claims to be? In many cases there will be small changes to the email address or the link in the email that will reveal the email as fake.
In some cases, there are attachments in the email that contain malware. Do not open or install attachments if you do not know the sender. Criminals often use zip, src, or rar files.
A good rule of thumb is that companies and public authorities almost never wante ask you to download something to your computer or ask for personal information in an email.
Use cloud solutions
Cloud-based solutions like Dropbox or Google Drive are less vulnerable and harder for cybercriminals to exploit. Cloud-based solutions also allow you to restore and store older versions of your files. This means that if files have been encrypted by ransomware, you can restore an unencrypted version using your cloud solution.
What do you do if you've been hit by ransomware?
The general recommendation is not to give in to blackmail and pay the ransom, as by paying the ransom you are indirectly supporting the ransomware. In addition, there is no guarantee that you will get the tools you need to decrypt the content.
Instead, check if there are other tools to get the encrypted data and files back. If you regularly take backups of your data, you can load the most recent backup of the data that has been encrypted.
In addition, it is recommended that companies as soon as possible:
- Isolate all devices that have been compromised by disconnecting them from networks.
- Seek help from security experts.
- Change passwords for all accounts.
- Report the attack to the relevant authorities and inform customers/insurers.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.