What is ransomware and how can you defend your business from it?
Ransomware is a type of malware that cybercriminals use to prevent users from accessing their systems or files; Then cybercriminals threaten to leak, destroy or withhold sensitive information unless a ransom is paid.
Ransomware attacks can target data on computer systems (known as locker ransomware) or devices (encrypted ransomware). In either case, once the ransom is paid, the attackers usually provide victims with a key or decryption tool to unlock their data or devices, although this is not guaranteed.
Oliver Benson Roxburgh, CEO of Defense.com, the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it is, and how your company can mitigate ransomware attacks from occurring.
Who is at risk of being a ransomware target?
In the past, cybercriminals usually targeted high-profile organizations, large corporations, and government agencies with ransomware. This is known as "big game hunting" and operates on the premise that these companies are more likely to pay a higher ransom and avoid unwanted scrutiny from the media and the public. Some organizations, such as hospitals, are considered higher value targets because they are more likely to pay a ransom and do so quickly because they need access to important data urgently.
However, ransomware groups are now shifting their focus to smaller companies, in response to growing pressure from law enforcement to crack down on well-known ransomware groups such as REvil and Conti. Small businesses are seen as soft targets who may lack effective cyber security defenses to prevent a ransomware attack, making it easier to hack and exploit.
Ultimately, attackers are opportunists and will consider most organizations to be targets, regardless of their size. If a cybercriminal notices a vulnerability, the company is fair game.
How is ransomware spread?
Phishing attacks
The most common ransomware delivery method is phishing attacks. Phishing is a form of social engineering and is an effective method of attack because it relies on deception and creates a sense of urgency. Threats deceive employees into opening suspicious attachments in emails, often by imitating high-ranking employees or other trusted authority figures.
Advertising
Malicious advertising is another tactic used by cybercriminals to spread ransomware, in which ad space is purchased and infected with malware that is then displayed on trusted and legitimate websites. Once an advertisement is clicked, or even in some cases when a user lands on a website that hosts malware, that device is infected with malware that scans the device for vulnerabilities to exploit.
Exploiting weak systems
Ransomware can also be spread by exploiting outdated and unpatched systems, as was the case in 2017, when a Microsoft Windows vulnerability, EternalBlue (MS17-010), led to a global WannaCry ransomware attack that spread to more than 150 countries.
It was the largest cyberattack to hit the NHS: it cost £92m in damages plus additional costs for IT support to restore data and systems affected by the attack, and directly impacted patient care through canceled appointments.
Four main ways to defend your business against ransomware:
It is crucial for companies to be aware of how a ransomware attack affects their organization, and how they can prevent cybercriminals from penetrating their systems and holding sensitive data for ransom. It is said that up to 61% of organizations with security teams of 11-25 employees are most concerned about ransomware attacks.
The NHS could have avoided being affected by the WannaCry ransomware attack in 2017 by heeding warnings and migrating away from outdated software, ensuring strategies are in place to bolster their security posture.
It is imperative that your business takes a proactive approach to cybersecurity by implementing the right tools to help monitor, detect, and mitigate suspicious activity across your network and infrastructure. This will reduce the number and impact of data breaches and cyber attacks.
Defense.com recommends these four basic techniques to help prevent ransomware attacks and stay one step ahead of hackers:
1 - Training
Cybersecurity awareness training is pivotal for businesses of all sizes as it helps employees spot potentially malicious emails or activity.
Social engineering tactics, such as phishing and scams, are common and successful due to human error and staff not discovering risks. It is essential that employees be vigilant about emails that contain suspicious links or contain unusual requests to share personal data, often sent by someone pretending to be a high-ranking employee.
Security training also encourages employees to inquire about visitors to your offices to prevent ransomware attacks via physical intrusion.
Implementing cybersecurity awareness training will help your business routinely educate and assess your employees on basic security practices, ultimately creating a security culture to reduce the risk of data breaches and security incidents.
2 - Phishing Simulators
These simulation tools support your security awareness training by sending fake but realistic emails to employees. Understanding how vulnerable your employees are to the tactics of real cybercriminals allows you to fill in the gaps in their training.
When you combine phishing simulators with security training, your organization can reduce the chance of becoming a victim of a ransomware attack. The combination of training and testing puts you in a better position to prevent malicious attempts by cybercriminals to infiltrate your IT systems and plant malware.
3 - Threat Monitor
You can make your business less targeted to cybercriminals by actively monitoring potential threats. Threat Intelligence is a threat monitoring tool that collects data from various sources, such as penetration tests and vulnerability scans, and uses this information to help you defend against potential malware and ransomware attacks. This overview of your threat landscape shows which areas are most at risk of a cyber attack or data breach.
Being proactive ensures you stay one step ahead of hackers, and by introducing threat monitoring tools to your organization, you ensure that any suspicious behavior is caught early for treatment.
4 - Endpoint Protection
Endpoint protection is key to understanding which assets are at risk to help protect them and fend off malware attacks such as ransomware. More than just a typical antivirus, Endpoint Protection offers advanced security features that protect your network and the devices on it from threats like malware and phishing campaigns.
Anti-ransomware capabilities must be built into your endpoint protection so that you can effectively prevent attacks by monitoring suspicious behavior such as file changes and file encryption. The ability to quarantine or quarantine any affected devices can be a very useful feature to stop the spread of malware.