Ransomware has proven to be a significant problem for businesses large and small. Your data can be attacked in many ways, completely disrupting your business operations.
In many cases, it can cost hundreds of thousands or millions of dollars to regain access and use of hacked information.

Image by Mohamed Hassan from Pixabay

According to Chainanalysis' 2021 Crypto Crime Report, the total amount paid by ransomware victims increased by 311% to nearly $350 million in cryptocurrency (the most popular form of payment) in 2020, and the problem is only set to grow.

In general, the best defense against a ransomware attack is a good attack.

Understanding the different forms of ransomware can help an organization prepare for an attack. Here are some tips for dealing with any type of cyber criminal.

First, for those unfamiliar with ransomware, it is a virus that encrypts user data on your computer in the background. It can infiltrate your system and deny access to vital information, thereby preventing or terminating all trading activities.

Once the intruder steals and encrypts the data, a message may appear demanding a sum of money, to regain access to information.

The victim has a limited amount of time to pay the cyber-criminal. If the deadline passes, the ransom may increase.

Some types of ransomware have the ability to infect other computers on the same network in order to infect them. Others infect their hosts with more malware, which can result in stolen credential sessions. This is particularly dangerous for sensitive information such as bank and financial account passwords.

The two main types of ransomware are Crypto ransomware and Locker ransomware. Crypto ransomware encrypts various files on a computer so that the user cannot access them. Locker ransomware does not encrypt files. Rather, it "locks" the victim out of their device and prevents them from using it. Once it prevents access, it asks the victim to pay money to unlock their device.

There have been many well-known ransomware cyberattacks in recent years. This includes...

WannaCry in 2017. It covered 150 countries, including the UK and was developed to manipulate a Windows vulnerability.

By May 2021, it had infected more than 100,000 computers.

The WannaCry attack affected many UK hospitals and cost the NHS around £92m. Users were blocked and a ransom in the form of Bitcoin was demanded. The attack revealed the problematic use of outdated systems. The cyber attack caused financial damage of around 4 billion US dollars worldwide.

Ryuk is a ransomware attack that spread in mid-2018 and disabled Windows System Restore on computers. Without a backup, it was impossible to recover encrypted files. It also encrypts network drives. Many of the organizations attacked were located in the United States.

The demanded ransoms have been paid and the estimated loss is US$640,000.

KeRanger is believed to be the first ransomware attack to successfully infect Mac computers running the OSX platform. It was placed in an installer of an open-source BitTorrent client, also known as Transmission. When users downloaded the infected installer, their devices got infected with the ransomware. The virus remains inactive for three days and then encrypts around 300 different file types.

It then downloads a file containing a ransom, demands bitcoin, and provides instructions on how to pay the ransom. Once the ransom is paid, the victim's files are decrypted.

As ransomware grows more sophisticated, so do the methods used to spread it. Examples are:

Payment per installation. This targets devices that have already been compromised and could easily be infected with ransomware.

Hidden downloads. This ransomware gets installed when a victim unknowingly visits a compromised website. Links in email or social media messages. This method is the most common. Malicious links are sent in emails or online messages for victims to click on.

Image by Pete Linforth from Pixabay

Cybersecurity experts agree, if you fall victim to a ransomware attack, don't pay the ransom. Cybercriminals could keep your data encrypted even after payment and ask for more money later.
Instead, back up all data to an external drive or to the cloud for easy restoration. If your data is not secured, contact your internet security company to see if they offer a decryption tool for your data type of circumstances.

Managed Service Providers can perform a free risk analysis and determine an organization's security risks.

Understanding possible attack vulnerabilities and preparing ahead of time to eliminate them is the best way to prevent a cyber thief from devastating your business.

More to come on ransomware, What do you think is the best way to stopping ransomware ?

Resources

https://www.trellix.com/en-us/security-awareness/ransomware/what-is-ransomware.html

https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html

https://www.malwarebytes.com/ransomware

https://www.proofpoint.com/us/threat-reference/ransomware

https://www.imperva.com/learn/application-security/ransomware/

https://gatefy.com/blog/real-and-famous-cases-malware-attacks/