How do ransomware attacks happen?
Recently, with stricter regulations imposed, awareness campaigns done, and employee training undergone, there has been a decline in ransomware attacks to deal with. However, one must not be lenient as ransomware is still a serious threat. How ransomware happens is no longer a mystery, and there are ways to protect you from it. But before that, let’s first define what ransomware is.
Ransomware is a variation of malware (malicious software) that encrypts files and documents. It can infect a single unit of a computer or even an entire network, including a company’s servers. From the word itself, the perpetrator demands a ransom from the victim in exchange for a “decryption key” to regain access.
In a successful ransomware attack, the cybercriminals typically provide instructions for communication and the amount to be paid to get the decryption key. Depending on the organization, the cost ranges from thousands of dollars to millions, all paid in Bitcoin.
Also Read: The DNC Singapore: Looking At 2 Sides Better
How do ransomware attacks happen?
There are a lot of possible entries for ransomware to infiltrate one’s computer, and one of the most common delivery systems is phishing scam. In phishing scams, cybercriminals mimic the genuine email addresses and contents of a legitimate businesses, and they will send it to unsuspecting victims with an attachment.
Once the users click the link or open the attachment, the malware attached to that link or attachment will now take over the victim’s computer, especially when the attachment has built-in social engineering tools that trick users into allowing them administrative access.
In a more aggressive form of ransomware like NotPetya, it does not need to trick users to infect the user’s computer. What it does is exploit security loopholes to infect the user’s machine.
There are several things malware might do to a computer, but the most common one is data encryption. In another form, the cybercriminals claim that they are from a law enforcement agency and are demanding a fine for pornography in the computer, or else the computer will be shut down remotely.
Furthermore, another form would be through leakware or doxware, where there will be no encryption of files or shutting down of computers. What happens is the hackers will scout through your files and search for sensitive information or data against you. When they find something, they will threaten you to pay a fine, or else these cybercriminals will disclose everything they have discovered.
How can you be susceptible to a ransomware attack?
Usually, ransomware occurs when businesses fail to follow common cyber security frameworks that are put to safeguard them from unwanted attacks, such as:
- Choosing strong passwords and regularly changing them
- Enforcing access management controls
- Security awareness training for all employees
- Using EDR (Endpoint Detection and Response) or antivirus software
- Updating operating systems and hardware
Cybercriminals use a variety of attack vectors or approaches in accessing your network by finding and exploiting vulnerabilities from it. Effectively preventing ransomware is to understand these attack vectors and learn from them in combating future attacks. Aside from that, the organization must be proactive in their cyber security posture and adopt these 7 ways to protect them from ransomware attacks:
7 ways to protect businesses from ransomware attacks
There are a lot of defensive steps against ransomware an organization can adopt, and the following are some of the practices that these businesses should be practicing regularly:
- Maintain backups – thoughtfully
It is recommended to back up your data as this is the most effective way to recover it from a ransomware infection. One should consider putting your backup files in an appropriately protected and stored offline or out-of-band so that it is out of reach to hackers. One could also use cloud services as it retains previous versions of your files, accessible for you to roll it back.
- Develop plans and policies
It is always helpful for you to create a response plan for your IT security to use so that they will know what to do when a ransomware event occurs.
- Review port settings
A lot of hackers can take advantage of your Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. Always consider limiting connections to only trusted hosts and consider whether your organization needs to leave these ports open. Always be mindful to review these settings for both on-premises and cloud environments and work with your cloud service provider to disable unused RDP ports.
- Harden your endpoints
Always ensure to configure your systems with security in mind. These secure configuration settings can help provide protection from any threat and close gaps concerning security leftover from default configurations.
- Keep systems up-to-date
Make sure to keep your devices and machines up to date with all the security updates released from time to time.
- Train the team
Train your team on how to respond when ransomware attacks. It is the key to stopping ransomware in its tracks.
- Implement an Intrusion Detection System (IDS)
Implementing an Intrusion Detection System (IDS) helps organizations look for malicious activity by comparing network traffic logs to signatures that detect known malicious activity. If there are malicious activities found, IDS will quickly inform you of its presence.