Written by Alshane McDonald
As cybercriminals become more sophisticated and security breaches continue to rise, it is crucial to stay on top of the biggest threats that exist on the internet today. Ransomware is one of the largest security problems on the internet today that will not be going away any time soon. In fact, according to statistics, ransomware exploded last year, increasing by an estimated 748%. Newly released data from Bitdefender’s Mid-Year Threat landscape 2020 report showed a significant increase in ransomware attacks with a 715% increase in 2020 alone compared to previous years. This is also due to cybercriminals capitalizing on the COVID-19 global pandemic and other major events.
ScholarChip takes cybersecurity seriously and cares about the overall security of our client’s infrastructure. Ransomware could affect anyone or any business at any given time. In fact, ransomware could ruin a business and its reputation or severely damage a company financially. Below are some tips regarding ransomware and best security practices to prevent being a victim of this malicious attack.
What is Ransomware?
Ransomware is a form of malicious software (malware) that encrypts a victim’s data and then demands a ransom from the victim (a form of untraceable payment) usually in cryptocurrency to restore access to the data. Users are typically shown instructions for how to pay the ransom fee to receive a decryption key that will decrypt the files. The costs of this ransom fee can range from a few hundred dollars to millions of dollars. Attackers often threaten to destroy, sell, or publicly release the stolen data.
How do I get Ransomware?
There are several different methods ransomware can infect your system. The most common method is done through social engineering. Social engineering is the exploitation of human error which involves tricking the user into divulging information or taking actions on IoT (Internet of things) that may look safe but are actually malicious. The most popular method is through phishing emails and spam that include deceiving attachments, commonly PDF and Word files or links that redirect you to harmful websites that deliver the malware. Other forms are through infected websites and malvertisements (online attacks done through online ads)
Should I pay the ransom fee?
The choice is yours. There is no right answer on whether or not you should pay the ransom fee. It also depends on how valuable the data is to your company. It is recommended for victims to perform a business cost analysis first to determine if it’s worth paying the ransom fee to decrypt your files/data. Cybersecurity analysts recommend it’s best not to pay the ransom because it encourages the cybercriminal to continue their efforts to perform ransomware attacks. You will also make yourself a target for ransomware again because cybercriminals will know that you are willing to pay the fee to regain access to your data. All ransomware attacks have one thing in common. The ultimate goal is to gain money from these malicious attacks. Other reasons for refusing to pay a ransom fee are listed below:
- Paying the ransom does not guarantee that you will receive a decryption key to get your files back.
- The data has lost its integrity and may no longer be useful.
- In some instances, the cybercriminal can just take the money and run.
Preventative Tips and Controls
Preparation
- Take full backups of your system regularly and secure the backups in other locations. Never store your backups locally on the system and always encrypt your backups. It is recommended to use 3rd party backup software to back up a system rather than the computer’s operating system. This is because ransomware can also delete/encrypt the operating system’s critical files which can be responsible for restoring your computer to a previous version or taking backups. As ransomware becomes more sophisticated, cyber-attacks on backups can also occur to prevent recovery. Users are encouraged to store copies of backups in at least 2-3 different locations with proper segmentation in place to prevent lateral worm-like movement from ransomware attacks. Make it a habit to perform full system backups twice a month, as well as incremental or differential backups on important files/data on a frequent basis.
- Isolate legacy systems that are no longer supported by the manufacturer as much as possible from all the other systems in your network (virtually or physically).
Prevention
- Keep your computer’s operating system and 3rd party applications up to date! Updates consist of security-related patches that mitigate flaws that could be exploited. For example, your internet browsers, Microsoft, and Adobe applications are some of the common apps that are usually exploited during attacks because they were not up to date.
- Do not install unknown software or give it administrative privileges unless you know what the program is and does.
- Practice the art of least privilege. Restrict access to systems and files to only those who need access.
- Educate yourself and your employees with a security awareness program and have exercises to test your user’s knowledge on detecting malicious websites, phishing emails, and spam. This is crucial for employees that have access to sensitive information, access to the network, and databases.
- Always double-check the sender of an email address by hovering over the contact email section to see if it’s from a legitimate email contact. Look out for typos in the actual email address.
- Think twice before you click! Stay away from insecure websites, and proceed with caution. Refrain from clicking pop-ups or too good to be true ads.
Detection
- Invest in a reputable antivirus program with real-time protection and next-gen capabilities. Make sure your antivirus is always up to date. Some suggestions would be Malwarebytes, TrendMicro, and Bitdefender. These programs are usually equipped with a firewall to help filter out and block malicious traffic. Others can be found via The Best Antivirus Protection for 2021
Response
- Have a well-defined Incident Response Plan, Business Continuity, and Disaster Recovery Plan in place. Always prepare for the possibility of any type of malware attack that can lead to compromising your system or your data. Periodically test these plans with your incident response team to look for gaps.
Conclusion
Contrary to beliefs, cybersecurity requires a team effort and awareness from everyone within the organization or anyone using its information systems. A common problem faced by many organizations today is that good cybersecurity practices are deemed to be too much work or too expensive to implement the right security controls that will help prevent such incidents. Many feel as though security, in general, gets into the way or causes inconvenience. However, better cybersecurity requires consistency and a strong foundation of security awareness fundamentals from everyone. It’s always best to be prepared. Companies that are more prepared to reduce the risk of becoming a victim of ransomware are better off than the ones that are not. In the event you are infected with ransomware, being prepared would drastically reduce the damages done if you have the right controls in place, along with a recent backup of both the system and data and a business continuity plan to continue operations until you are back to normal. Make it a habit to take security and data privacy seriously in your organization and always communicate the importance of data security to your employees.
