In the eight years since the first reports of what the FBI then referred to as an “internet scam,” the ensuing ransomware outbreak has allowed malicious hackers to access millions of Americans’ private data and collectively swindle victims worldwide out of billions of dollars.
While some U.S. companies and organizations have regularly taken steps to protect themselves from the malware, perpetrators have developed new variants of the malicious software to stay one step ahead of their targets by finding new ways to commit the next-largest data breach possible.
Many networks today, including those used by businesses, are still considered vulnerable to ransomware attacks. According to Deloitte research, this is especially so in the manufacturing space, which states that more than 40% of manufacturing firms experienced a cyberattack between 2018 and 2019. Here’s how to find out if your company’s computers and internet-connected devices are prepared and what to do if they aren’t:
What is Ransomware?
Ransomware is a form of malware that exploits vulnerable access points in a computer or device’s operating system and software to encrypt network-connected data and other information without a victim’s consent. To take proper steps to protect a network from ransomware attacks, one should understand how they work and what the hackers who use them hope to accomplish by carrying them out.
In turn, victims’ access to their data is withheld and usually accompanied by an intimidating message with a claim that threatens to take further action. Messages always specify a ransom demand and pose an ultimatum that the ransom is paid to regain access to the encrypted data.
The WannaCry ransomware attack hit over 400,000 devices in 150 countries and resulted in nearly $4 billion global costs.
In most reported ransomware attacks, victims were sent a phishing email with an attachment disguised as a legitimate source that, when clicked on, instead executes the malware that encrypts data and begins demanding payment.
Within a short period, hackers have developed increasingly-sophisticated ransomware variants, and today attacks almost always demand payment in Bitcoin. Many cybersecurity experts consider the 2017 coordinated ransomware attack known as WannaCry to be the worst in the history of cyberattacks. These attacks infiltrated over 400,000 devices in 150 countries and resulted in nearly $4 billion in total cost.
The Evolution of Ransomware and its Variants
According to Kaspersky Labs, the origins of what became the basis ransomware can be traced back as far as mid-1989, with malware known as “AIDS Trojan” capable of encrypting file names. In the mid-2000s, a ransom-based malware called Gpcode was discovered, encrypting entire files instead of just file names.
However, today’s ransomware is much more costly and damaging for victims – especially medium-to-large-sized companies across a broad range of industries – because it uses high-level encryption.
According to the FBI and the newly-formed Cybersecurity and Infrastructure Security Agency (CISA, a part of the U.S. Department of Homeland Security), a few of the most common types of ransomware used in reported U.S. attacks to look out for are:
CryptoWall
CryptoWall has become one of the most successful variants worldwide and has accepted ransom payments as high as $10,000. This form of ransomware is spread primarily through phishing emails.
TeslaCrypt
According to Kaspersky Labs research, by 2016, TeslaCrypt had been used in 48% of ransomware attacks. This version was the first ransomware to target video game users by encrypting their game files. TeslaCrypt is distributed through several exploit kits.
Locky
This ransomware has infected corporate computer networks worldwide, from the U.S. and U.K. to Australia and New Zealand. Locky spreads through phishing emails that contain corrupted Microsoft Office documents or compressed attachments capable of downloading the malware.
Want to Prevent a Ransomware Virus? Here’s How to Give Your Internet-Connected Devices the Proper Vaccination
According to the FBI and CISA, there are many preventative measures internet-connected device owners and businesses can take to ensure that they do not fall victim to ransomware attacks.
While some of these efforts may require the help of an experienced professional or the purchase of software, companies can implement others that will boost their security immediately at little-to-no cost.
Secure your email servers
To mitigate the risk of clicking on any emails containing attachments or links that may have malicious ransomware in the first place, the FBI advises the use of strong spam filters to delete phishing emails and other added protections in adjusting server settings.
Prevent malware from reaching common access points
The FBI advises that users with administrator permissions should set filters to prevent specific executable files from reaching end users and running malicious programs at an administrative level related to device management.
Furthermore, configured firewalls should prohibit “end-user” access to known malicious Internet Protocol (I.P.) addresses.
Conduct annual tests and use the least permissions
Annual, quarterly or continuous network safety tests and assessments should also be conducted, particularly for larger companies that operate networks with hundreds, even thousands of users.
End users should not be allowed access to a computer’s administrative privileges unless there is an essential need. If required, personnel should use an alternate set of credentials to access administrative permissions temporarily. Then, the user is expected to return to their regular group of least permissions through their standard login credentials.
Install advanced antivirus software
The use of legacy anti-virus software with signatures will continue to disappoint. Confronting the entire threat lifecycle to thwart the impact of attacks on endpoints is imperative. Advanced autonomous endpoint protection saves you time using multiple A.I. engines, providing complete visibility into all activity.
Advanced endpoint protection and other security software types are a reliable way to ensure that devices are being monitored for ransomware and different types of malware.
Establish clean network hygiene through employee training
Data encrypted through ransomware attacks are rarely recovered entirely. The FBI states that the frequent backup and securing of data in a physical hard drive or cloud service is “critical in ransomware recovery.”
Conduct comprehensive training programs for new and existing employees to ensure consistent, clean network hygiene across an entire company, particularly when certain practices change. Learn more about information security standards or further tips on cyber attack prevention to your data safe.
Held Ransom with Encrypted Data? Here’s What to Do
So you’ve found yourself locked out of your computer or other devices after accidentally clicking on a malicious link – and now, a pop-up message has appeared demanding a sum of $10,000… or else. What should you do?
For starters, U.S. government law enforcement agencies agree: to ensure the smoothest recovery process (if possible at all), paying the ransom is never advised – no matter how much money they demand.
According to the FBI, some paying victims reported never receiving keys to decrypt their data. Others were subsequently retargeted in separate attacks or asked to pay more money.
“Paying (a ransom) could inadvertently encourage this criminal business model.”
“Paying could inadvertently encourage this criminal business model,” the agency advises.
While police and local governments are valuable resources at first, CISA recommends that for more accurate response, authorities, including themselves, the FBI, or even the Secret Service, should be contacted as well.
Data recovery is the most expensive component of all cyberattacks, according to Accenture. But Certitude Security can help ensure your business is never in this challenging position by putting all the necessary preventative measures in place.
If your organization wants to improve your resistance to criminals and business disruption, let’s begin a conversation today about your needs.
As a proud supporter of American companies, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturers and supply chains throughout the United States.
Problem discussions can be a defining moment in your career. If you are interested in value creation, learn about SPOT-Beam™ by Certitude Security®. We look forward to helping you and your business succeed!