A few months earlier, one of the world’s largest aluminum producers, Norsk Hydro, was infiltrated with this malware that hit 22,000 of its computers across 170 different sites in 40 different countries. Here is how to detect and protect against Ransomware and the best practices for 2020.
Malware has proven to be a threat to many businesses and firms.
Most organizations have tried various methods to fight malware, all to no avail. Figuring out how to protect themselves against malware can help minimize the amount of damage it is known to cause.
The consequences of a malware attack are not just limited to unwanted costs.
Companies waste valuable time, and their reputation ends up damaged at the end of each attack. Most ransomware-attacked companies recover their data, pay the ransom — or attempt to recover their data from a backup.
Effective detecting and protection against ransomware are critical to protecting your company. In a company, it’s also necessary to protect your messaging via e-mail. Email has been found to be the medium where many ransomware goes through and your system compromised.
Ransomware is malware that invades the computer of its victim and encrypts all files available to it.
In simpler terms, this software codes all of your data via a password, and the hacker is unable to access your files until the ransom has been paid.
Most times, the ransomware gets in by an inconsequential-looking e-mail that persuades users to click on a malicious link or open an attachment that is infected. Once your system is compromised, the ransomware accesses all files of its victim. Hackers even go as far as threatening to publish sensitive information if the ransom is not paid as demanded.
Detecting and Identifying Ransomware.
It’s important to note that Ransomware viruses were not built to display the ability of their creators. The Ransomware’s purpose is rather the vile gain, used to the detriment of users. Most users and businesses that are targeted by ransomware are often poorly informed and scared.
When Ransomware infects a computer or other device completely the device becomes unusable.
The ransomware is usually hidden in some file on the target computer or system. Ransomware is stored as a document, attached in videos, e-mail, images, program installers, or any other place the hacker has found to breach your system.
Once the infected file infiltrates a computer, it blocks access to all data, and sometimes the operating system itself. It then sends a warning message with the payment information to the owner.
There is usually a time allotted by the criminal-hackers of when to pay before the encrypted files get deleted permanently.
The tactic these cybercriminals exert is to propose an affordable figure as a ransom to be paid, and then promise the restoration of computers and files to their original state. Unfortunately, many users and companies don’t take the time to back up their most critical and sensitive data. Backing up your data should become standard operating procedure in your business.
The Best-Known Ransomware
- WannaCry (Wana Decryptor)
Learn to minimize the potential for attack.
A ransomware attack remains one of the biggest threats on the Internet today. Merely clicking the wrong link is all the hackers need to have your files and valuable information at their fingertips.
The hacker then encrypts the information and will only unlock on the condition of a robust ransom paid in bitcoin or another cryptocurrency — making it hard to trace.
Many of these ransoms have been paid in bitcoin. The criminals involved in ransomware attacks get sufficiently funded and keep on improving on their strategies.
Low-level hackers are usually just interested in encrypting PCs individually. Criminal groups are more interested in exploring a backdoor in the corporate networks. A corporate network is where a hacker can do maximum damage by encrypting as many devices as they can all at once.
With this level of threat, there’s currently no way to protect yourself or your business from ransomware or any other type of malicious software.
Protect Yourself from Ransomware Attacks in 10 Steps.
Protecting your company from ransomware attacks.
Apply patches to keep systems up-to-date.
Fixing software flaws can be really strenuous and time-consuming but is worth the effort and much more essential for your safety. Hackers will try to discover your software’s frailties and take advantage of it before your companies can test and deploy patches to defend it.
One typical example of ransomware that attacks your software if not patched early or fast enough is WannaCry.
WannaCry caused havoc in the summer of 2017. The hackers exploited the Windows Server Message Block protocol that allowed WannaCry to spread itself. There was actually a patch that was released several months before the success of the ransomware.
But not enough organizations patched their infrastructure, and more than 300,000 PCs were infected. Learn this lesson now — that many organizations have yet to learn.
One in three IT professionals admits that their organization has been damaged due to an uncorrected vulnerability. In a survey by the security company Tripwire, this statistic has been verified.
Change default passwords for all access points.
The common way to get infected by malware is by clicking on wrong links in e-mails. But what if I told you that’s not the only way. According to a study by F-secure, up to a third of ransomware got distributed with brute force and remote desktop protocol (RDP) attacks.
A brute force attack tends to access servers and any other device by trying as many passwords as they can with the help of bots — until they eventually hit the jackpot.
Many companies don’t change their default passwords or make use of combinations. Another issue is that businesses use passwords that are quite predictable. Brute force attacks are known to be continually effective.
Some businesses have asked about Remote Desktop Support (RDP). The RDP enables remote control of PCs and is another channel that can be infected with a ransomware attack.
There are certain methods you can adopt to prevent the risk of an attack via RDP. Make sure that strong passwords are used — and change the RDP port. By changing the RDP port you hence limit its accessibility to only the necessary devices.
Make it more difficult to walk on your networks.
Hackers are out to make bigger and bigger sums of profits as much as possible. This explains why compared to hacking a single PC, they go after bigger firms and companies that have a corporate network. Hackers like to extensively analyze a network in order to spread their malware before ultimately encrypting the whole thing.
With the goal of the hacker in mind, it’s essential to make hacking more difficult for cybercriminals. Segment your networks to be much more restricting. Secure the number of administrative accounts using unlimited access.
Most phishing attacks are usually known to target developers — typically because a developer or dev team has full access to multiple systems.
Understand what is connected to your network.
As much as PCs and servers may be where you store data, they may not be the only devices you should be concerned about. With the advent of the Internet of Things, there is now a number of devices that can connect to any corporate network.
Most of these networks don’t have the kind of security that you would usually expect in a business. Devices should be using a device secured device by the ISD (Infrastructure Service Department.
The increasing number of devices you have connected, the higher the risk of giving hackers a backdoor they can access to explore. Hackers want to target more lucrative targets than your printer or a smart ticket machine. Consider who else has access to your systems, and take action in restricting them as you wish.
Understand what your most important data is and create an effective backup strategy.
By having secure and updated backups of all important business data, your information stands a lesser chance of being infected by ransomware. This move saves you time should in case ransomware compromises certain devices, therefore allowing you to restore data and be up and running again almost immediately.
But it is critical to be certain of the location of these business data. Could it be that your customers’ private data is on the CFO’s data stored in a spreadsheet on the desk rather than saved in the cloud?
It’s useless having a backup if you save the wrong thing or aren’t consistent with saving valuable info and data where you should.
Think carefully before paying a ransom.
Let’s look at a scenario in business. Think, hackers have now broken all your defenses, and now every PC in your company is encrypted.
You have two choices: you could either pay a ransom of maybe a few thousand dollars or refuse to pay and restore from backups — which might take days to accomplish your backup. Which would you go for? Do you pay the ransom?
For a number of companies, paying the ransom might be the best move.
If the hackers are only asking for an affordable sum, it might be wise to settle them, and have your business up and running as soon as possible.
Some reasons why it may not be advisable to pay.
- Firstly, you cannot be certain that the criminals will eventually give you the encryption key after paying. After all, they are pirates. The effect of your company paying the ransom will ultimately encourage more attacks which may or may not necessarily be from the same group but another one.
- Consider the greater effect it will have. Regardless of how you pay the ransom, whether it’s with your funds or crypto, both methods reward the gangs for this behavior.
- Any payment to a criminal or criminal organization means they will be better funded for executing more operations against you or other companies.
- However, paying may save you the trouble, but the payment of the ransom just feeds the epidemic.
Have a plan to know how to react to a ransomware, and test it.
One of the fundamental parts of business planning is having a disaster recovery plan that factors in all possible technological disasters as well as a response to ransom demands.
Not just the technical answer of cleaning the PCs and reinstalling the backup data, but much more a broader business response that may be required.
Other things you might want to consider would be how to explain the matter to the staff, customers, and even the press. Decide whether the regulators should be informed or the police or insurers should be contacted.
It’s not just abbot having a document but test-running the conditions you made, knowing fully well that some will fail.
Analyze and filter e-mails before they reach your users.
How can you easily prevent staff from clicking on just any link? Don’t allow an infected email to reach their inbox in the first place.
This would mean screening content and also filtering e-mails, which help to prevent potential phishing frauds and ransom demands before reaching the staff.
Understand what is happening in the network.
There is a vast number of related security tools that can give you an outline of traffic on your network. From intrusion prevention and detection systems to Security Information Management and Event Management (SIEM) packages.
These products provide an updated view of your network and help you monitor the type of traffic anomalies that may want to infiltrate your software with ransomware. Once you are not able to see what’s going on, on your network, you will be unable to stop any attack that comes your way.
Make sure your anti-virus software is up-to-date.
This may seem ridiculous considering it’s the first thing every company should ensure to do, but you’d be surprised a number of companies still don’t use anti-virus software — especially the small ones.
Many anti-virus software provides add-on’s that can detect any fishy behavior related to all ransomware, which is file encryption. These apps help in monitoring your files and go as far as to duplicate copies of your files that may be threatened by ransomware.
Ransomware is nothing new.
What’s new is the growing number of attacks and more sophisticated strategies that accelerate the development of new and unexpected ways of exploiting individuals and businesses. It is more important today than ever before that security is an integral part of business processes.
Businesses should be sure to work with security experts who know they need a sophisticated security solution to defend themselves.
What is needed is a system of highly integrated and collaborative technologies that only work in combination with effective policies and life-cycle strategy in the form of provision, protection, detection, response, and learning.
Security solutions must share their information to detect and respond effectively to threats throughout your distributed environment.
You need to weave these solutions into your network to provide concurrent protection and growth and to dynamically adapt to new threats.
Cybercrime generates billions in sales. Like companies, cybercriminals are highly motivated to find new sources of income. They rely on deception, extortion, attacks, threats, and lures to gain access to critical data and resources.