Combating the Growing Threat of Ransomware
One of the largest ransomware attacks in history just took place and incapacitated thousands of businesses. Hacking group REvil demanded $70 million in cryptocurrency to unlock upwards of 1,500 businesses targeted in the ransomware attack.
As this attack demonstrates, ransomware is a very real threat. Hackers will leverage holes in your cybersecurity defense and utilize social engineering techniques to hold your data for ransom. Ransomware attacks are continually increasing in frequency and severity. Here’s what you need to know about ransomware to avoid becoming a victim.
What is Ransomware?
Over time ransomware has become incredibly complex and just having a solid backup is no longer sufficient to protect against this brutal cyberattack.
Ransomware started as a form of malware designed to encrypt data so the data owner is unable to access it. The hackers behind the attack would then demand a ransom in exchange for a decryption key that would allow access to the data. Now, attackers often threaten to sell or leak data if the ransom isn’t paid. This change occurred because most businesses could recover from the attack if they had a solid data backup process in place. Therefore, they wouldn’t need to pay the attackers to get access to their data.
Over time ransomware has become incredibly complex and just having a solid backup is no longer sufficient to protect against this brutal cyberattack.
How does a ransomware attack start?
Victims are tricked into running a small file, usually from a phishing email. This can occur from simply clicking on a link, visiting a web page, or opening an attachment. After the file is executed, the software “phones home” and downloads additional malware onto your computer and installs any necessary updates to the malware.
Yes, hackers also update their own software. As soon as the good guys create protections against malware, the malware authors update their software to evade detection once again. It is a cyclical process.
At this point, the malware can spread and start collecting information about your network (usernames, passwords, servers, files, etc.). Often this part of the process is hidden on your network. It’s not uncommon for this to go undetected for months or even years.
Hackers often steal usable information (especially passwords) before even kicking off the encryption portion of the attack.
Once data is gathered or a backdoor is installed, the malware will notify the ransomware attackers that access has been gained. The attackers then connect to your network and steal your data. From there, they launch the encryption process and ask for a ransom.
This is just an example of how ransomware often works, but you can see how hackers often steal usable information (especially passwords) before even kicking off the encryption portion of the attack. Hackers know you’ll become aware of the attack when the encryption process starts, so they gather all the information they can before tipping you off to their existence. By the time that happens, they usually have what they were looking for and are performing the encryption step simply for another possible payday.
How to Protect Yourself from Ransomware
There is no silver bullet, but the best defense is a layered security approach. Most ransomware breaches are caused by:
Social Engineering and Phishing Campaigns:
Train yourself and your employees on the red flags to look for in emails. Links and attachments are the most dangerous parts of an email. If the email wasn’t expected, even if you think you know the sender, pick up the phone and call to verify.
Unpatched Software:
Set your software to patch automatically, if possible. If not possible, develop a patch process that quickly evaluates and pushes out security updates. Most research following a breach finds that the software responsible for allowing the bad guys had a security patch that just hadn’t been applied.
Proactively scan your network for vulnerabilities or hire a reputable firm to do so. This step can help find holes in your network before attackers do.
Credential Theft:
This is usually a key piece of an attack. Attackers can steal credentials to sell and/or use in future attacks.
Long passphrases (25+ characters) are a good deterrent. Use a statement about yourself that is easy to remember, using proper sentence structure including spaces and punctuation.
Don’t log in unless you fully understand what you’re logging in to. If you click a questionable link and are asked to log in, it’s possible you’ve clicked a phishing link and an attacker is going to capture any credentials you enter into the login box. If you click an attachment and are asked for your password to unlock the attachment, pause and think about whether or not you know if this request is legitimate.
Never reuse passwords on multiple systems. If a breach occurs, your account is now compromised across all the sites where you’ve used this same password.
Remotely Accessible Consoles:
Always protect remotely accessible consoles with as many controls as you can. Without controls in place, a hacker can attack you from the convenience of their home. Multifactor Authentication (MFA) is a strong control that should be utilized for all remote connections whenever available. IP whitelisting, or only allowing connections from specific IP addresses, is another great control that should be used whenever available.
The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases: StopRansomware.gov. Check out this website for more tips and guidance about ransomware attacks, how to build a strong defense, and attack recovery strategies.