Ransomware has proven to be a major problem for businesses, both large and small. It can attack your data in many ways and completely stop your business operations.
In many cases, regaining access to and use of hacked information can cost hundreds of thousands or millions of dollars.
According to the Chainanalysis Crypto Crypto Report 2021, the total amount paid by ransomware victims increased by 311% in 2020 to reach almost $ 350 million in cryptocurrencies (the most popular form of payment) and the problem will continue to grow.
In general, the best defense against a ransomware attack is a good offense. Understanding the various forms of ransomware can help a business prepare for an intrusion. Here are some tips to help you deal with any type of cybercriminal.
First, for those who are not familiar with ransomware, it is a virus that silently encrypts user data on their computer. It can infiltrate your system and deny access to key information, preventing or shutting down all business activity.
After the intruder has stolen and encrypted the data, a message may appear demanding that an amount of money be paid to regain access to the information. The victim only has a set amount of time to pay the cybercriminal. If the deadline passes, the ransom may increase.
Some types of ransomware have the ability to search for other computers on the same network to infect. Others infect their hosts with more malware, which could lead to the theft of login credentials. This is especially dangerous for sensitive information, such as passwords for bank and financial accounts.
The two main types of ransomware are called Crypto ransomware and Locker ransomware. Crypto ransomware encrypts various files on a computer so that the user cannot access them. Locker ransomware does not encrypt files. Rather, it “locks” the victim off their device, preventing them from using it. Once it prevents access, it asks the victim to pay money to unlock their device.
Many known ransomware cyberattacks have occurred in recent years. These include …
“WannaCry” in 2017. It spread to 150 countries, including the UK. It was designed to manipulate a vulnerability in Windows. By May of that year, it had infected more than 100,000 computers.
The WannaCry attack affected many UK hospital trusts, and cost the NHS around £ 92 million. Users were blocked and a ransom in the form of Bitcoin was demanded. The attack exposed the problematic use of outdated systems. The cyberattack caused economic losses worldwide of about $ 4 billion.
Ryuk is a ransomware attack that spread in mid-2018. It disabled Windows System Restore option on PC computers. Without a backup, it was impossible to restore the encrypted files. It also encrypts network drives. Many of the attacked organizations were in the United States. The demanded ransoms have been paid and the estimated loss is $ 640,000.
KeRanger is believed to be the first ransomware attack to successfully infect Mac computers, operating on the OSX platform. It was placed in an installer for an open source BitTorrent client, also known as Transmission. When users downloaded the infected installer, their devices became infected with the ransomware. The virus lies dormant for three days, then encrypts approximately 300 different types of files. It then downloads a file that includes a ransom, demands a Bitcoin, and provides instructions on how to pay the ransom. Once the ransom is paid, the victim’s files are decrypted.
As ransomware becomes increasingly complex, the methods used to spread it also become more sophisticated. Examples include:
Payment for installation. This targets devices that have already been compromised and could easily become infected with ransomware.
Drive-by downloads. This ransomware is installed when a victim unknowingly visits a compromised website.
Links in emails or social media messages. This method is the most common. Malicious links are sent in emails or online messages for victims to click.
Cybersecurity experts agree that if you are the victim of a ransomware attack, don’t pay the ransom. Cybercriminals could still keep your data encrypted, even after payment, and demand more money later.
Instead, back up all your data to an external drive or to the cloud so that it can be easily restored. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for these types of circumstances.
Managed service providers can perform risk analysis at no cost and determine a company’s security risks.
Understanding the vulnerabilities of a potential intrusion and preparing in advance to defeat them is the best way to prevent a cyber thief from wreaking havoc on your business.