It feels like every month there is news about some ransomware attack that happened. Well, that is because companies around the world are being hit by bold cybercriminals, and these scammers are getting away with quite a bit of cash. Since the start of 2020, big businesses have dropped over $140 million to handle the biggest ransomware attacks of the year. These victims range from universities and hospitals to government bodies and private businesses (1).
So, what is ransomware, you ask?
According to the Cybersecurity and Infrastructure Security Agency (CISA), ransomware is a “type of malicious software that locks access to a computer system or files by encrypting its data, until a ransom is paid”. To put it simply, a cybercriminal deploys a computer program that steals your data and makes you pay to get it back.
Last year, over half of American businesses reported being hit with a ransomware attack. That means millions of organizations around the States had to pay money to retrieve their own data. Ransomware is also prevalent in countries around the world, so much so that ransomware strikes a company every 14 seconds (2).
You don’t want to have to fight for the return of your own information. Therefore, it is important that you practice safe cybersecurity hygiene and protect your company. The best way to prevent an attack is to be aware and to be prepared. And in order to be prepared, you must understand what it is that you are dealing with.
How Does Ransomware Work
The most common methods through which cybercriminals attack are spam and phishing emails. During the current pandemic situation, various criminal groups have resorted to using vaccine information and other COVID-19 related email traps to trick people (3).
A ransomware attack is a pretty straightforward process. Let’s say that you are scrolling through your emails for the day, moving down the list of unread messages. You click on an email that appears to come from one of your clients (but turns out it is not from your client). After skimming through the content, you unsuspectingly open the attached file for further details. And it is at this point that the attack is a go.
The attachment is bait. It serves as a way for the cybercriminal who sent the fake email to infect your computer. Through the download, the hacker can then encrypt some or all the files on your device and require you to pay him money in return.
In summary, the process is 1. Contact 2. Infect 3. Encrypt and then 4. Extort (4).
I’ve been hit with ransomware. How do I know for sure?
- You received a warning message that says your computer has been infected with a virus and that you must pay to resolve the issue.
- You are locked out of your computer system.
- Some of your file names now have weird extensions on them. (4)
During the attack, the scammers require that the victim pay them within a given time period otherwise the stolen data could be lost forever. They take over your documents and files, personal information, and other data that is stored on your computer and make them inaccessible. It is a pretty stressful situation to face.
The Cost of Ransomware
The cost of a ransomware attack can cost businesses anywhere from a few thousand dollars to over millions of dollars. In Q2 2020, the average ransom payment was $178,254, up about 60% from Q1 2020 (5). This number was heavily skewed by the number of big attacks that have already struck this year, costing millions.
This, however, does not completely factor in all of the damage that comes with an attack. For example, there is lost downtime and data. According to Coveware, the average number of days in downtime was 16 days. A holdup in typical operations can also cause the company to suffer a blow to its consumer trust and hurt their future business practices. The business may have to rebuild their networks and restore backups, in addition to potentially paying the hackers’ ransom. And it is important to note that paying the ransom does not mean that the cybercriminals will actually release a company’s data (4). There have been many instances where a company paid the fee and received little to nothing.
Who is at Danger for an Attack?
Unfortunately, no business is really safe from a ransomware attack – big or small. Anyone who stores important data on his computer is at risk. This could be individuals, home-users, small businesses, and large corporations (4). Over the years though, ransomware has mainly become a “small business” problem. Research has shown that the majority of the attacks hit small and mid-sized businesses, with about 55% of ransomware attacks striking companies with less than 100 employees (5).
Looking specifically at the industries, the most commonly targeted sectors are Healthcare, Education, Finance, Government agencies, Energy & Utilities, and Retail (4). These sectors tend to be attacked now because hackers realized that these companies affect a lot of lives, so they are more likely and quicker to react. Consequently, they are more likely to pay the ransom (6).
Computer systems using Windows OS are most frequently targeted, drawing in about 85% of attacks. This is because Windows computers tend to be more affordable and, therefore, more people buy and use them. A lot of people using the Windows system also do not install the necessary security updates that they need to protect their data. Another vulnerability comes from people using poorly secured Remote Desktop Protocol (RDP) to handle their information. For the last two quarters, this access point has been the most common attack vector for hackers (5).
How to Remove Ransomware
If you’ve been hit with ransomware, there are some things that you can do to regain control of your computer. I recommend that you:
- Immediately isolate the affected computer and turn it off.
- Find your system backup for the computer.
- Contact law enforcement to make them aware of the incident.
- Change all online account and network passwords
- Delete Registry values and files.
Taking it even further, you should:
- Reboot your operating system and put it in safe mode.
- Install anti-malware software.
- Scan your computer system to find the malware.
- Restore the computer to a previous state in which it didn’t have the malware software.
However, these efforts will not decrypt the files that were affected. As I’d said earlier, the attack was a go as soon as you downloaded the suspicious attachment. You won’t be able to read the coded files anymore. And by restoring your computer, you won’t be able to pay the attackers the demanded ransom because the malware code is now gone. Again, I want to stress that paying the ransom is often not the best course of action because that puts you in the hands of the attackers. You have to trust that they will make good on their word and give you back your information – a pretty compromising situation (4).
Once the ransomware is removed, you can carry on with your daily operations.
Preventing a Ransomware Attack
The best way to handle cyber attacks is to make sure that your company and computer system are prepared ahead of time. This means that you should make sure your antivirus or anti-malware systems are up-to-date and active. Make sure your operating system is patched and has the most current setup so that you have fewer vulnerabilities for hackers to exploit. In addition, keep your employees ready and alert. It is important that the company provide user training so that employees know how to react in a variety of attack situations (4).
Even basic cybersecurity hygiene would be helpful: utilize strong passwords, build user awareness, and refrain from downloading unfamiliar software. Make sure that you know what software you are looking at and what it does (6). Follow safe practices when browsing the Internet.
Other future-facing safety measures you can enact are to maintain a sufficient business crisis plan. This plan would explain what actions your company can take in order to continue operations during a crisis. Also, start backing up your files on a regular basis. This doesn’t actually prevent an attack from happening, but it softens the blow from it. If you have backups stored somewhere, the cybercriminals lose some of their advantage because you have other means of accessing your data. Make sure that your backups are protected or stored offline so that attackers can’t access them.
Another helpful way to prevent ransomware attacks is to restrict users’ privileges for installing and running software on company systems. This can limit malware’s capability to spread throughout a network and even prevent the malware from running (2). Enable strong spam filters and configure firewalls to block access to known malicious IP addresses.
Ransomware is fairly common now in the digital world, so it is best that you protect your data and prepare. A good way to safeguard your assets is to enlist the help of a reliable managed service provider (MSP) to maintain your cybersecurity. Using an MSP allows you to allocate your time and resources to activities core to your business, while knowing that your (technological) back is covered. They can bolster your information technology systems and alert you to any attacks that may be attempted on your data systems. Since ransomware can be overwhelming and destructive, it would be beneficial to put safeties in place before any incidents can happen. Better to prepare now than to prepare after.