What You Need to Know about Ransomware
When you picture your business being robbed, images of armed men in black masks, money in a paper bag, or screeching tires of a getaway car may come to mind…but alas, we live in a digital age, and even robbers are working remotely these days.
Fear not, I’ve got you covered with all the knowledge you’ll need to be savvy to the sly little tricks of the modern boogey-man.
The basics: In today's digital age, all businesses, regardless of size, need to prioritize cybersecurity. A breach could mean loss of sensitive information, customer data, or even company reputation.?
WHAT IS RANSOMWARE?
Ransomware- A type of malware that encrypts a victim's files, making them inaccessible until a ransom is paid.?
So basically, the attacker acquires data (and restricts the trusted officials’ access) that is either sensitive, or necessary to the business’s function. Then the attacker asks for money in exchange for the data being restored. This is usually in the form of crypto currency to retain their anonymity. If the business does not have the money or refuses to pay it, the data is either released or destroyed.
Cyber-attacks are becoming more common because there is significantly less traceability than an in-person robbery. These attacks are targeted and can be very effective, even against well-protected businesses. Small businesses need to be especially vigilant against these types of attacks, as they usually don’t have the same level of security measures in place as larger organizations.
WHY DO YOU NEED TO IMPLEMENT RANSOMWARE PROTECTIVE MEASURES?
A cyber attack can have serious consequences. The obvious outcome is financial loss when you have to pay off the attacker. But what happens if you don’t have the money to do that??
If the attacker doesn’t receive payment, they will destroy or release the data they encrypted. That would obviously compromise your customer service and likely affect your customers directly. In that instance, the financial loss comes from your name being ruined amongst your audience.?
And law-suits. Those can get expensive fast and send your reputation up in a cloud of smoke.
So, let's get equipped to understand and effectively prevent ransom cyber-attacks.
HOW IT WORKS:?
Using phishing, the scammer uses emails to acquire the necessary data or information. The scammer poses as a real organization that needs the vulnerable information for legitimate reasons. The scammer posing as a legitimate corporation provides a link back to their website in the email. The victim clicks the link, and begins to check the legitimacy of the website.
Here’s where you have to be especially careful. The presence of the padlock icon next to the URL means the site uses encryption, probably SSL or TLS. While these protocols are designed to protect transferring information from being intercepted by unauthorized parties, scammers are controlling and implementing SSL/TLS as the authorized party. However, security systems used in attempts to trace the stolen data will not flag the culprit, because although the safeguards were grossly misused, they would have been in place.
PROTECTION MEASURES:?
So, just because the requesting website has the padlock icon, don’t offer sensitive information until you have manually verified the URL. Then, run software with a reputation-based screening system. That could include spam-blocking browser extensions like AdBlock Plus or uBlock Origin, or services like Google Safe Browsing, Norton Safe Web, or McAfee SiteAdvisor. These types of services look beyond the fake-able indicators to the reputation (or lack thereof) of these businesses. You will receive a pop-up hard-stop warning you away from the website if their reputation does not warrant transfer of sensitive information.
HOW IT WORKS:
Drive-Bys can happen without any initial interaction with the attacker prior to the ransom demand. The attacker exploits vulnerabilities in your web browsers or browser plugins to download and install malware onto your device, completely without your knowledge or consent. This method relies on your habits, as shown by browser history. Basically, the attacker infects your frequented sites. Then, the next time you visit a bookmarked/frequented website or link, you have fallen into the trap. The download of the ransomware is triggered, and the malware infects your device, encrypts your files, and demands a ransom payment to restore access to the data.
This is why pornography sites are such a common source of viruses. The truth is, many people frequent pornography sites…which makes these links very exploitable to attackers. Plus, nobody wants to expose the fact that they were on an inappropriate site in the process of tracing the attack, so the criminal walks away untouched.?
PROTECTION MEASURES:
Always, always, always enable the “click-to-play” feature on any plugins you have. That makes sure that only your approval runs the plugin, which is one less vulnerability to worry about.?
Keep up on updates to make your browser less target-able, and keep your important data backed-up so you still have a copy even if it is encrypted by an unauthorized source.
?Another good measure is to keep an antivirus program and pop-up blocker running over all your browser windows.
?Also, just don’t do anything important on public wifi; any forms you fill out (especially credit card billing for purchases) are extremely vulnerable to drive-bys. So definitely no online shopping on Starbucks' wifi.?
HOW IT WORKS:
The attacker creates a fake software update or modifies a real one, and then distributes it through malicious websites, emails, or pop-up ads. Once the user installs the malicious update, the malware infects the device, encrypts the user's files, and demands a ransom payment to restore access to the data.
PROTECTION MEASURES:
Make sure you know who your software publisher is. Then when you get any notifications that you need an update, make sure it is from your software publisher (always deny any 3rd party update offers), and check the digital signature [right click, properties, details, “Issued to” field should match the name of the publisher].
Then check up on the version and release date of what you currently have and make sure the offer does not sequentially or chronologically contradict.
You can also just google the update name and people usually post any complaints on forums, so you can dodge any potential bullets that way as well.
HOW IT WORKS:
This is only applicable to those who need to use RDP for work or school, but it is important to be aware of due to its whopping damage potential. The intent of RDP is to allow multiple people remote access to a desktop, which is the cyber-criminal’s dream. The attacker usually goes one of two routes to get logged in to an RDP: Either they have stolen credentials from a separately performed breach (probably via phishing), or they have brute force software, which means software that runs every possible combination of username and password until it gets it right.? Once they’re in, they infect the host device with ransomware, encrypt *all* the users’ files, and demand a ransom payment to restore access.? This method is especially scary because it spreads to other devices on the network, snowballing into a complete massacre of the company’s data and security.
PROTECTION MEASURES:
First, before you allow anyone into the network, educate them on the risks of a breach and potential situations where a breach could happen. Limit network inclusion to trusted members of the team and always use firewalls or VPNs. Then enable very strong passwords (and 2FA!) and make sure everybody in the network regularly updates their login info. Then perform routine maintenance on the servers, patching and updating as necessary. This will hopefully prevent breaches.
In the event that ransomware somehow does get through, make sure your network is segmented and your important data is backed up to minimize and contain the spread of damage.
With digital crime on the rise, this guide should help you keep your business safe!