Imagine.
You are on your phone or computer, and you begin scrolling through your emails. You do this every day to see if there are any new offers or coupons you may be interested in. You skim past all the spam mail or the requests you do not care for, but suddenly, you come across an email containing an invoice. Netflix is asking you to pay for this month’s services. It turns out your autopay payment did not go through. Without a second thought, you open the email to read how this has happened, so you click on the button and pay the invoice to avoid any disruption to your service. However, little do you know that in that instant, ransomware has already begun gaining access to and possibly locking down your networks connected to the infected device. You have now become a virtual hostage.
Believe it or not, this exact scenario happens more frequently than you think. You may even notice that you sometimes do this, and it is quite scary. You do everything right like how you are supposed to, and yet, ransomware attacks have become so optimized that it requires a lot more thought and care than previously mentioned. Whether you apply it in your day-to-day work responsibilities or after you clock out, it is vital to develop these new habits to avoid it altogether. In this blog, I will detail some preventative measures you can adopt to avoid becoming a virtual hostage.
What Is Ransomware?
Ransom malware, or ransomware, is another form of malware where, just as the name suggests, the attacker demands a ransom to be paid from the victim to regain control of their data upon payment.
So, you ask yourself, how does ransomware work? Typically, during these negotiations, users are sent specific instructions for how to wire the ransom to obtain the keys to their virtual handcuffs to be free; The decryption key, if you will. Historically, these ransoms can range from a few hundred dollars to hundreds of thousands, all paid in bitcoin to avoid leaving a paper trail.
Below is a chart of some prominent ransomware attacks to date:
Ryuk |
In August 2018, Ryuk ransomware disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup. Reports that year estimated funds that were paid due to the attack were over $640,000. |
WannaCry |
In 2017, the Wannacry ransomware attack spread across 150 countries The global financial impact of the attack was massive. It is estimated that it cost $4 billion in financial losses worldwide. |
Bad Rabbit |
In 2017, the Bad Rabbit ransomware attack was spread using a ‘drive-by’ attack, where vulnerable websites were targeted and used to carry out the attack. |
Locky |
In 2016, Locky was first released as an attack by an organized group of hackers. It had the ability to encrypt over 160 file types. In addition, it would trick victims to install it via fake emails with infected attachments. |
Jigsaw |
In 2016, Jigsaw was unleashed and it gradually deleted more of the victim’s files each hour that the ransom demand was left unpaid. The name comes from the horror film franchise where they used the puppet to scare users! |
CryptoLocker |
In 2007, CryptoLocker was first spotted and spread through infected email attachments. Once it infected your computer, it systematically searched for valuable files to encrypt and hold for ransom. |
How Do You Get Rid of Ransomware?
As you may have noted from the chart above, infections can be disastrous to an individual or company! What is worse is that recovery can be just as challenging to obtain since that can require outside help from a reputable data recovery specialist. All of this can sound slow and expensive, so a thought creeps into your mind:
“I don’t have time for this. I’m just going to pay this and get it over with. I need this data!”
This is an avenue that people/organizations can take, but it is not the right answer. I am sure you heard of the phrase “Don’t negotiate with terrorists,” and that phrase applies here. Think about it, if you pay the ransom, how can you be sure that the hacker will genuinely leave you alone after you pay? They have all the leverage and may look to make you become their way of getting a quick buck. Perhaps they may even tell their other hacking circles that you pay, meaning more heartache in your immediate future.
This is even worse for organizations that pay. The U.S. Treasury Department has even stated that companies that “facilitate negotiations with ransomware extortionists could face steep fines from the U.S. government.” As you can see, it is much easier said than done.
How Do You Protect Against Ransomware?
These are the tried and true methods on how you can begin protecting yourself or our organization against ransomware.
- Backup Your Computer: A great way to ensure you have control of your data at all times is to perform frequent backups of your system containing all your essential files. That way, if your system gets held for ransom, you can restore your system to its previous state using your backup. Ensure you store your backups separately on a different device that cannot be accessed from a network like an external hard drive.
- Train Your Organization: Organizations should always provide cybersecurity awareness training to all their personnel. This mandatory awareness training should give insight into all the cybersecurity threats and techniques typically employed. To ensure that your workforce has genuinely understood the material, organizations can test them with phishing attempts to simulate real-world phishing attempts.
How Do You Prevent Against Ransomware?
- Update Your Computer: Ensure that all your applications and operating systems have been updated to their latest versions.
- Use Preventative Software: Investigate installing antivirus software, set up email filters, and even firewalls. All these items combined help reduce malicious network traffic.
- Review Emails with Caution: Basically, make sure you are clicking on emails, links, and attachments with caution. If you notice that an email seems off, before you click, independently verify the sending email address by hovering over it. Or, if you have an account with the organization, go to the website separately to conduct the requested transaction. Be sure about the origin of the email or text message before clicking on a link in it.
- Inform Yourself: It sounds basic, but it is your duty to make sure you are informed about cybersecurity threats that are popping up. October is National Cybersecurity Awareness Month - there is a lot of material out there to educate you.
Cybercriminals are ruthless, and no organization or individual is free from those threats. These preventative measures I mentioned above are excellent ways to be proactive against these threats. What is even more important is that by continuously being aware of your virtual posture, you can effectively navigate the deep ocean that is the internet safely and knowledgeably. No one can be 100% safe from attacks like these, but the next best thing to do is make sure you have all your defenses up to ensure it is challenging to make you a hostage. Protect yourself and the organization you work for.