With 79 new variants discovered in the first half of 2016 alone, ransomware has become one of the most – if not the most prevalent, effective and successful forms of cybercrime.
A ransomware attack can cripple its victims, where the impact on business operations, finances and reputation can leave many organisations wondering how such an attack ever happened.
While ransomware isn’t a new form of attack, the team at Synapse are still asked questions about what ransomware is, and how it can affect our clients’ organisations. Here, we will explain everything you need to know about ransomware attacks, and how you can protect your business against them.
Ransomware is a type of malware that will essentially hold files “hostage” on a computer using encryption. Encryption converts files into another format which can only be decoded by a specific key. Essentially, cyber criminals hold your files ransom by promising to provide the decryption key after payment is made.
Once the ransomware is installed, it displays a message, usually appearing to come from a government agency such as the AFP, stating that illegal content has been found on the device, and that it is now locked. The user is given a specific dollar amount to pay as a ‘fine’, as well as a time frame in which to pay. The scammer then requests that the payment be made with cryptocurrencies such as Bitcoin, Ukash or MoneyPak, as these payment systems are anonymous and difficult to trace.
Just like any traditional extortion, ransomware operations succeed because they capitalize on fear, which ultimately forces victims to do something irrational such as paying cybercriminals. After all, fear of losing your job because you lost important documents or getting locked out of your system is a scary thought. The fear-mongering tactic has proven effective with the FBI reporting that more than US $1 Billion in ransoms were paid in 2016 alone.
Over the years ransomware has gone through some very drastic changes. From the federal law violation warnings pictured above, to modern crypto-ransomware that can lock users out of their systems, different ransomware families have adopted a variety of new tactics to persuade users to pay as soon as possible. Jigsaw, in particular, threatens to delete an increasing number of files after every hour of non-payment.
If the user does not pay, the cybercriminal will destroy the decryption key and the users’ data will be gone forever. However, as you are dealing with cybercriminals, there is no guarantee that you will get your data back even if you do pay the ransom fee.
Ransomware attacks can come in many forms, but most gain system access via attachments in spam emails. According to IBM Security, spam emails loaded with ransomware increased 6000% in 2016 compared to the previous year, where 40% of all spam messages in 2016 contained some form of ransomware.
Apart from attachments in spam email, downloads from infected websites and pirated software are also areas prone to carry ransomware.
The best protection against ransomware is to be proactive in cyber defence. Since this particular malware is so complicated in nature, it is recommended that you use multiple layers of protection to ensure you don’t fall victim to a ransomware attack:
Paying shouldn’t be an option, as it doesn’t guarantee that victims regain access to their locked files. In fact, a hospital in Kansas paid the ransom to regain access to their locked systems, but instead of getting a decrypt key, was extorted for more money. At the very least, paying the ransom is just helping fund the criminals for their next attack.
Whenever you receive a notification on your computer that there are new software updates available, update immediately. Updates will patch any newly discovered security vulnerabilities, ensuring you aren’t leaving your system open to threats.
While they can be time consuming, the best way to recover compromised or damaged data is by doing regular, thorough backups.
Spam email attachments are by far the most prevalent location for ransomware. By being diligent and opening only the emails you know are safe, you can drastically reduce the likelihood of a ransomware attack.
Anti-virus and anti-spam software such as email and web gateway protection blocks ransomware attempts via email before they reach the end user by stripping the malicious attachment or link. Beyond email, ransomware can also access systems when users click on web sites that are malicious.
If you're still concerned about your cyber safety, why not implement Synapse IT’s managed security solution? With our solution, your data is protected using Fortinet routers which block viruses, worms, spam, phishing attacks and malicious websites without the need for administrative intervention. If you’d like to find out more, give us a call on 1300 903 405 or click here