Ransomware – Here to Stay?

Ransomware – a cybersecurity threat that we’ve been hearing a lot about, especially during these past couple of years. As much as we’d love to say it will soon be gone, unfortunately, it is an ongoing threat that continues to become a major concern for businesses each day.

Ransomware 101

Ransomware is malicious software with one aim in mind: to extort money from its victims. It’s one of the most prolific criminal business models in existence today, mostly thanks to the multimillion-dollar ransoms criminals demand from individuals and corporations. These demands are very simple: pay the ransom, or have your operations severely compromised or shut down completely.

Very often, the first an organization knows of an attack is when they receive an on-screen notification informing them that data on their network has been encrypted and will be inaccessible until the ransom has been paid. Only on payment will they be given the decryption key to access their data. Failure to pay could result in the key being destroyed, rendering the data inaccessible forever.

Kela’s analysis of forum activity on the dark web indicates that ransomware attackers will target certain businesses and that the ideal prospect will have a minimum annual revenue of $100 million and preferred access purchases including Remote Desktop Protocols (RDP’s), domain admin rights, and Virtual Private Networks (VPN’s). Despite these being the ideal targets, that’s not to say other types of businesses won’t fall victim to these criminal activities. With ransomware attacks evolving on a continual basis, it can be hard to determine who their next target is going to be. Victims can range anywhere from small “mom and pop” businesses to large software supply chains.

Current ransomware attacks have been labeled as “double-extortion” by Cisco Secure. On one hand, victims’ systems will be encrypted in one facet of an attack with a ransom note demanding payment (usually in Bitcoin), before their information is returned to them. On the other hand, ransomware groups may also steal the data before it is returned and threaten to publish or sell it unless they are paid, hence the “double-extortion” term.

According to the European Union Agency for Cybersecurity (ENISA), there was a 150% increase in ransomware attacks between April 2020 and July 2021. They believe this is partly because there are now multiple monetization options available.

Methods of Extortion

Cybercriminals are becoming smarter and finding new ways to trick people. New methods of extortion emerge every day, so it’s important to be extra vigilant. According to CrowdStrike’s CTO, Mike Sentonas, criminals have been known to sell files to other criminals or competitors in foreign markets. Even if a company pays one criminal gang in an attack, multiple others could appear and demand payment for the same thing, which can end up being very costly for companies.

Another method we may see emerge is a type of “subscription model” in which companies will have to pay criminals not to attack them, according to Joseph Carson, Chief Security Scientist at ThycoticCentrify.

How to Prevent?

So, what now? Information like this can be scary and overwhelming, so how do you prevent your company from falling victim to these malicious attacks? While nothing is ever guaranteed, here are a list of basic steps to help you avoid becoming a victim:

  • Never download email attachments from unknown senders or sources. If you’re unsure, call the person who sent it and verify that it came from them.
  • Don’t click links from unknown sources – either in email or on the Internet. Pop-up Ads, banners, and flashing memes are notorious for having malicious content.
  • Know how to spot a fraud. Banks and legitimate financial/medical services will never email you to ask for your password or personal information. If you’re not sure, call the company directly and ask for their policy on this.
  • Stay vigilant! If you notice your computer is acting funny or things don’t seem right, contact IT. If it’s running unusually slow or new programs start opening, you might have a problem.
  • Restart your computer every day. This allows your IT Department to install software patches and anti-virus updates to thwart these attacks from ever happening. For your home computer, make sure you are keeping up with available patches and anti-virus updates.
  • If possible, encrypt your emails and use only secure Internet sites. 
  • Back up your files regularly. Use an external hard drive or cloud service to back up important files. Ransomware locks you out of your files, but you can diminish the threat if you have a backup.
  • Many sites masquerade as legitimate but could cause harm to your computer. If you get a message telling you that a site is not secure and asks if you want to “get back to safety,” listen to it.
  • Change your passwords regularly. It may be a hassle to remember a dozen different 26-character passwords, but it makes a big difference. Make your passwords easy to remember by using your favorite movie quotes and replacing random letters with numbers or special characters.

As with other forms of malware, careful action and the use of excellent security software executed by a trusted MSP are a step in the right direction when it comes to combatting ransomware. If you have any questions or would like to discuss our services, you can contact Entre Technology Services.

Leave a Reply

You must be logged in to post a comment.