What Is Ransomware?
Learn more about the most common cause of cyber security breaches worldwide and how you can protect your business from it.
In 2021, a company was hit by a ransomware attack approximately every 11 seconds.
As the necessary programs have become more and more accessible to potential hackers, ransomware attacks have been on a sharp rise over the past couple of years. But even those in the cyber security space don’t necessarily have the depth of knowledge to fully understand what a ransomware attack is, how they are carried out and/or the exact vulnerabilities they exploit.
This Cyber Security Awareness Month, we asked our cyber experts for a definitive answer to the question “what is ransomware?” and provide their advice on how to protect your business from an attack.
Ransomware is a specific type of malware (malicious software) designed to block access to a network or system until a ransom (usually a sum of money) is paid.
The malware usually works by encrypting key files on a network, rendering all users (even network admins) unable to view them. The hackers will then contact the organisation requesting a ransom be paid for the decryption key. Sometimes, the ransomware will also have the functionality to exfiltrate data from the encrypted network, allowing the hackers to steal as much data as they can access. Essentially, these attackers put their victims in a position where the quickest, easiest and often cheapest way to regain access to their organisation’s data is to pay the ransom. That’s why, in 2021, 32% of victims paid a ransom demand when hit by a ransomware attack.
The trend towards ransomware began back in May 2017, with the famous WannaCry ransomware attack. The WannaCry attack was a global epidemic caused by the spread of ransomware through computers operating Microsoft Windows. Cybercriminals took advantage of a weakness in the Windows operating system to encrypt users’ files and demand $300 in Bitcoin or their files would be deleted. That ransom was later upped to $600, as the attack became more widespread. The problem was, according to many sources, not a single victim got their files back (regardless of whether they paid the ransom or not).
Since then, ransomware has become more and more popular. Ransomware-as-a-service (or ‘Raas’) has even emerged – a business model through which cyber criminals license out their ransomware to people looking to perform a cyber attack themselves, but without the cyber know-how to create their own malware. As it has become the easiest and most accessible option to potential cyber criminals (even those that aren’t particularly good hackers), the popularity of ransomware has skyrocketed.
The COVID-19 pandemic and the rapid adaptation of organisations to remote working have also exacerbated the problem, as cloud implementations and the use of multiple remote devices have created vulnerabilities in cyber defences. In Q3 2020, as businesses were forced to adapt to remote working, ransomware attacks rose by 50% compared to Q1 of the same year.
How Can I Protect My Business From A Ransomware Attack?
1. Training and Education – The best way to protect your business from any type of cyber attack is to ensure cyber security best practices are second nature to your teams. Teach your employees to identify phishing emails, keep all their systems and applications updated and perform regular cyber security checks on their devices.
2. Data Backups – If you are hit with a ransomware attack, but you have recently backed up the data they have encrypted, you won’t need to pay the ransom and can go about your business without much worry. This also applies to many other types of attacks, whereby data is deleted, corrupted or edited, as well as general malfunctions that might damage or delete your data.
3. Patching – Regularly update your systems and applications with new cyber security patches. As these patches are usually released by developers to cover vulnerabilities they have found in their own applications, cybercriminals often look to these patches to uncover said vulnerabilities and exploit them through the systems of users yet to download the patch. If your employees aren’t quick enough to download recommended updates, they could fall victim to this kind of attack.
4. Privileged Access Management (PAM) – PAM is the term used to describe a number of cyber security strategies designed to control the access and permissions for users and accounts gaining access to systems, applications and files on an organisation’s network. By ensuring that access is only granted to those that absolutely need it, and with the lowest possible level of permissions, PAM strategies limit the risk to a network. After all, if everyone has access to everything, there are lots more potential entry routes for cybercriminals to exploit.
4. Privileged Access Management (PAM) – PAM is the term used to describe a number of cyber security strategies designed to control the access and permissions for users and accounts gaining access to systems, applications and files on an organisation’s network. By ensuring that access is only granted to those that absolutely need it, and with the lowest possible level of permissions, PAM strategies limit the risk to a network. After all, if everyone has access to everything, there are lots more potential entry routes for cybercriminals to exploit.
5. Endpoint Privilege Management (EPM) – EPM eliminates risks on the endpoint of your network (i.e. your employee’s devices) by using a combination of least privilege access (allowing users only the access they absolutely need) and application control (restricting or blocking any unauthorized applications or updates). Our go-to solution is CyberArk’s Endpoint Privilege Manager, an endpoint control solution that allows organisations to remove local admin rights, enforce a “least privilege” strategy and implement foundational endpoint security controls across all Windows, macOS and Linux endpoints, including hybrid and cloud environments.
6. Anti-Malware – Anti-malware software can protect your business against thousands of the most common types of ransomware. This software works by identifying and notifying you of a potential threat before it can execute an attack. They use artificial intelligence and machine learning to alert system administrators of suspicious or unusual activity on a network, helping your IT and/or cyber security teams to resolve an attack before data is encrypted, exported, edited or destroyed.
Looking for support assessing, improving or implementing your cyber security solutions to minimise the risk of a ransomware attack? You’re in the right place. Fill out the form at https://www.infoseck2k.com/contact_us or send us an email at [email protected] to get started or for some free friendly advice.
Sources:
https://go.crowdstrike.com/global-threat-report-2022