Ransomware is a cybersecurity issue plaguing businesses all over the world, and many businesses have accepted it as an eventuality, or a cost of doing business. But what exactly is ransomware, how does it work and can it be prevented?
1. What is ransomware?
Ransomware is a type of malware. Ransomware attacks and infects your computer files with malicious software. It either corrupts your computer’s boot sector or encrypts the computer files. Your system has essentially been kidnapped and you cannot access your operating system and files until you agree to pay a ransom—usually in untraceable bitcoin. What you pay for is an encryption key to clean your system. Note: During the second quarter of 2019, the average ransom payment in the UK was $36,295, an increase of over 184% from the previous quarter.How does ransomware do its dirty business?
Ransomware spreads mainly through phishing email attachments, i.e. social engineering. Another source is through infected websites or so-called “drive-by downloads” that infect the target website and penetrate the victim’s network.What are the types of ransomware?
The most common variety of ransomware is encrypting ransomware or cryptoware. Other types of ransomware, based on the outcome of the attack, include:- Crypto-Ransomware — Encrypts your computer files to coerce the victim into paying a specified amount of money in return for a decryption key. Perpetrators have offered a free one-time use decryption offer for one file only in order to prove to the victim that they have the ability to free their system.
- Locker Ransomware — Locks the system and demands a payment to regain access. This ransomware can be been accompanied by a bogus law enforcement message purporting that you have been involved in some illegal activity. You can only regain access to the system by paying a “fine”.
- Mobile Device Ransomware — Permanently locks a mobile device or steals its sensitive data, and demands a ransom to unlock it or to return the data.
- IoT (Internet of Things) Ransomware — Blocks access or disables an IoT device connected to the internet, for example, a home security or monitoring system. Again, the hacker demands a ransom payment to reactivate the system.
- Scareware Ransomware — You receive a barrage of scary pop-ups warning that your system is infected with a virus. The message suggests that you purchase a virus-removal product or call a number for assistance. Those popups appear to freeze up the browser window.
2. Should your business be worried about ransomware?
Yes, especially in the UK. Small businesses in the UK have been particularly vulnerable. In fact, two thirds of small businesses that employ 10-49 employees suffered some form of cyberattack — amounting to a dizzying number of roughly 130,000 businesses. In the case of ransomware, the average remediation cost of a successful attack in the UK is $840,000, higher than the global average of $761,000. CrowdStrike’s “Services Cyber Front Lines Report” found that ransomware, denial-of-service (DDoS) attacks, and destructive malware are the main causes of business disruption — in fact, 36% of those business disruptions.3. What to do if you face a ransomware attack
Know the symptoms
You might initially see error messages when trying to open certain files. Or an obvious indicator that your system has been infected with ransomware is a message on your locked computer screen, with ransom instructions. It could also generate a warning message with a countdown timer.Take quick action
Remove the infected device from the network. Remember that cryptoworms aggressively seek out connections to other computers and any external storage devices. Also, know that you may not be the only victim, so spread the word.Identify the type of infection
The good news is that a gram of prevention is worth a metric ton of cure. The bad news is that once the ransomware has gained entry and locked into your system, there is not much you can do except pay the ransom or restore your system through an isolated or protected backup system. The other good news is that it is sometimes possible to get help in regaining access to infected files without having to pay. One organisation, NoMoreRansom.org has a repository of anti-ransomware applications and decryption keys that can defeat some types of ransomware. However, the best way to protect yourself from it is to prevent it in the first place, using the right software, like Cloudian.Overcome your embarrassment and report the ransomware attack
In the United States, the FBI urges ransomware victims to report any ransomware incident regardless of the outcome. This reporting gives law enforcement a broader understanding of the threats and provides a foundation for ongoing ransomware investigations. Victims of cybercrime and fraud in the UK can log into the National Fraud & Cyber Crime Reporting Centre website and follow the reporting instructions.Evaluate your options
Your first and obvious option is to pay the ransom. It is generally a bad idea, because paying the ransom rewards and encourages ransomware activity and perpetuates bad conduct. Research from the Telstra cybersecurity report a few years ago found that 60% of Australian organisations suffered ransomware incidents in one 12-month period. Of that number, 57% paid the ransom. However, about one in three did not recover their files. Other options include trying to remove the malware. Successful and complete removal of ransomware is difficult. Some internet security professionals have come up with decrypting tools that can recover some data, but the National Cyber Security Centre advises taking precautions before subjecting your already infected devices to unknown tools. The best and most reliable option is to reinstall everything from scratch. You will need to completely wipe all systems and storage devices. That includes reformatting all hard disks to expunge all remnants of the malware.4. How to prevent a ransomware attack
The best way to prevent such attack is to keep your computer operating system up to date. Newest versions of Windows 10 and Mac OSX are less vulnerable to malware intrusions. Microsoft and Apple provide periodic updates and patches as new threats arise. Other precautions include the following actions:- Enable your operating system’s built-in firewall protection and back up your data on an external device.
- Be alert to phishing emails. Do not click on links or download attachments from unknown or suspicious sources. Those links can take you to the dark web and those innocent looking image files could be disguised malware vectors.
- Do not load macros in Office programs, and always choose “show hidden-file extension.” If that hidden file extension is “.exe” or “.zip”, it is likely malware.
- Enable two-factor password authentication and carefully allow application whitelisting.
-
- Note: Two-factor authentication means that you need another authenticator to log into a secure website. You enter your password, and you receive a temporary authenticator by email or smartphone.
- Stay away from illegal downloading sites. They are Petri dishes for myriad types of malware.
- Look for the “S” after the “HTTP” address header to ensure encrypted connections.