Ransomware is a class of malware that is used to digitally extort victims into payment of a speci?c fee and often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by download occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge. The payload is executed on the target machine, one of the ?rst actions taken is the encryption of the ?les on the hard drive. The virus then delivers a ransom note demanding payment in exchange for the decryption key of the victim’s ?les
How ransomware works?
- Victim receives a malicious link through di?erent modes and user visits the link.
- The web server of the visited link establishes a connection with victim’s machine.
- Ransomware arrives at the victim’s machine and executes itself.
- The ransomware tries to take over the system and tries to ?nd alternate ways to travel through the network.
- The ransomware then starts to encrypt the data on the victim’s machine.
- As soon as the data is encrypted it takes over the system completely and denies the user access to it.
- It then displays the warning and the ransom message on screen.
- Alongside this, the ransomware tries to spread in network in order to a?ect more systems.
Top ransomware attacks of recent times
1. Colonial Pipeline Company:
- In May 2021, Colonial Pipeline Company, an American oil pipeline company, was hit by a signi?cant ransomware assault. The virus impacted the company's computerized equipment that manages the pipeline that originates in Houston, Texas, causing a days-long disruption in fuel supplies to much of the US East Coast.
- Even though the attack only a?ected its IT systems, Colonial Pipeline Company shut down all its pipeline operations to avoid additional damage. The corporation paid the hackers $4.4 million in bitcoin with the help of the FBI.
- In March 2021, the Taiwanese computer company Acer was attacked by the REvil ransomware attack. The hackers requested a stunning $50 million in exchange for their information. They released screenshots of stolen ?les as proof of the security breach & subsequent data leak at Acer. Images of ?nancial spreadsheets, bank correspondence, & bank balances were among them.
- In March 2021, Chicago-based CNA Financial Corp., one of the country's major insurance businesses, discovered a breach. The ransomware assault is claimed to have exposed the personal information of about 75,000 people. Names, health bene?ts information, and social security numbers of current and past employees, contract workers, and their dependents might have been included in this data.
- According to media sources, CNA Financial agreed to pay $40 million to regain access to its network later in May. According to reports, the hackers employed Phoenic Locker, a variation of Hades created by the Russian cybercrime gang Evil Corp.
- DarkSide, a hacking organisation based in Germany, targeted Brenntag in May 2021, a chemical delivery ?rm, around the same time as the Colonial Pipeline Company breach. DarkSide is said to have requested $7.5 million, or 133.65 bitcoin, in exchange for access to 150 GB of data. DarkSide also posted a data breach page with a summary of the data obtained and images of a few ?les to back up its allegations.
- The ransom was discussed, and Brenntag ?nally paid $4.4 million.
How you can safeguard your organization from a ransomware attack?
- Spread awareness and provide training to all the users and stakeholders in your company about basics of cyber security.
- Strong security policy against phishing needs to be implemented to eliminate the threat of ransomware attack.
- Create strong access policy for systems and data to protect unauthorized access from inside and outside of organization.
- Strong infrastructure management policy should be implemented to make sure periodic review of systems, timely patching and updating systems and other applications to the latest release.
- Strong web access policy and awareness of users to let them know which things should be accessed over internet and which should not.
- Implement strong password policy for all users in an organization.
- Implement strong security monitoring system which will monitor every user as well as all the devices present in the organization.
- Implement solid data backup solutions to make sure in any circumstances an organization will never lose the data and it can recover the important information as and when required.
Organizations should consider implementing security policies considering all factors that leads to ransomware attack. Security infrastructure management and monitoring teams should design the security policies keeping protection against ransomware in mind.
Ransomware is the most dangerous cyber-attack as it focuses on the most important asset of current era that is Data. Data is the new fuel to the economy and if it is lost, it can cause a huge commercial impact on the organization.
Subscribe to our newsletters. Visit Skillmine
website to learn more.