Ransomware and Its Negative Consequences

Ransomware and Its Negative Consequences

Have you ever wondered what all the ransomware fuss is about? You learned about it or read it in the news at the office. Perhaps you have a pop-up alert of a ransomware infection on your computer screen right now. Well, you’ve come to the right place if you’re interested to learn more about Ransomware.

What is Ransomware?

Ransomware is a type of malware that denies access to your system and personal information and demands a payment (ransom) to get your access back.

Payment may be required through cryptocurrency, credit card or untraceable gift cards — and paying doesn’t ensure that you regain access. Even worse, victims who do pay are frequently targeted again. And just one infection can spread ransomware throughout an entire organization, crippling operations. It’s maddening, panic-inducing — and effective.

With ransoms ranging from hundreds of dollars to tens of thousands, cybercriminals have extracted billions from victims across all industries in recent years. In fact, Cybersecurity Venture predicts that ransomware damage will exceed $11 billion in 2019. One reason it’s so effective is that it takes many guises, and you have to be aware of all of them in order to effectively protect your data and your entire network.

How Does Ransomware Spread

There are several ways ransomware can get into your computer or system. One of the most common is via email phishing and spam — messages that include either a malicious attachment or a link to a malicious or compromised website. Once an unsuspecting user opens the attachment or clicks the link, the ransomware can infect the victim’s computer and spread throughout the network.

Another route is using an exploit kit to take advantage of a security hole in a system or program, like the infamous WannaCry worm that infected hundreds of thousands of systems worldwide using a Microsoft exploit. It can also take the form of a fake software update, prompting users to enable admin capabilities and install malicious code.

How Does Ransomware Work?

Once the system is infected, ransomware allows hackers to either block access to the hard drive or encrypt some or all of the files on the computer. You may be able to remove the malware and restore your system to a previous state, but your files will remain encrypted because they’ve already been made unreadable, and decryption is mathematically impossible without the attacker’s key.

The ransom itself is set at a level that’s low enough to be payable, but high enough to make it worthwhile for the attacker, prompting companies to do a cost-benefit analysis of how much they’re willing to pay to unlock their systems and resume daily operations. Cyber criminals may also target certain organizations or industries to exploit their specific vulnerabilities and maximize the chances of a ransom being paid.

What Are the Different Types of Ransomware?

Ransomware takes many forms, but they all have one thing in common — they demand a ransom in exchange for restored access to your system or files. It’s also important to remember that you’re dealing with criminals, they don’t always follow through with their end of the “deal.” Ransomware attacks are designed to prey on people’s desperation and fear in order to convince victims to pay.

Here are the most common types:

1. Crypto malware or encryptors are one of the most well-known and damaging variants. This type encrypts the files and data within a system, making the content inaccessible without a decryption key.
2. Lockers completely lock you out of your system, so your files and applications are inaccessible. A lock screen displays the ransom demand, possibly with a countdown clock to increase urgency and drive victims to act.
3. Scareware is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem. Some types of scareware lock the computer, while others simply flood the screen with pop-up alerts without actually damaging files.
4. Doxware or leakware threatens to distribute sensitive personal or company information online, and many people panic and pay the ransom to prevent private data from falling into the wrong hands or entering the public domain. One variation is police-themed ransomware, which claims to be law enforcement and warns that illegal online activity has been detected, but jail time can be avoided by paying a fine.
5. RaaS (Ransomware as a Service) refers to malware hosted anonymously by a “professional” hacker that handles all aspects of the attack, from distributing ransomware to collecting payments and restoring access, in return for a cut of the loot.

Ransomware Examples

Below are just a few examples of some infamous ransomware detected over the last few years:

    • BitPaymer
    • Dharma
    • DoppelPaymer
    • GandCrab
    • Maze
    • MeduzaLocker
    • NetWalker
    • NotPetya
    • REvil
    • Ryuk
    • SamSam
    • WannaCry

How to Prevent Ransomware

Once ransomware encryption has taken place, it’s often too late to recover that data. That’s why the best defence relies on proactive prevention. Robust backup is, of course, a foundational best practice to prepare in case of an attack, but newer malware variants can also delete or damage backups.
Ransomware is constantly evolving, making protection a challenge for many organizations. Follow these best practices to help keep your operations secure:

1. Train all employees on cybersecurity best practices:
Your employees are on the front line of your security. Make sure they follow good hygiene practices — such as using strong password protection, connecting only to secure Wi-Fi and being on the constant lookout for phishing — on all of their devices.

2. Keep your operating system and other software patched and up to date:
Hackers are constantly looking for holes and backdoors to exploit. By vigilantly updating your systems, you’ll minimize your exposure to known vulnerabilities.

3. Use software that can prevent unknown threats:
While traditional antivirus solutions may prevent known ransomware, they fail at detecting unknown malware threats.

4. Continuously monitor your environment for malicious activity and IOAs:

5. Integrate threat intelligence into your security strategy:
Monitor your systems in real-time and keep up with the latest threat intelligence to detect an attack quickly, understand how best to respond, and prevent it from spreading.

Here at TakenoteIT we pride ourselves in our Security Operations Center(SOC) that offers 24/7×365 detection, monitoring, analysis and response to such incidents as Ransomware. To find out more contact us on info@takenoteit.co.za