Ransomware is a kind of malevolent software that is built for the purpose of blocking access to a computer system or the information stored in a computer. Cybercriminals use this software as a weapon to attack their prey selectively or at random and ask for ransom (mostly not in usual bank transactions but in cryptocurrency) in return for access to the data or system that was hijacked.
Generally, ransomware is used to encrypt the data stored in a system by the attacker. The encrypted data then can only be accessed through the decryption key that can be obtained by paying the attacker. Detailed instruction of how to proceed to obtain the decryption key is provided to the victim, how the payment can be made, and then how they will be able to regain their access to their lost data.
The frequency of ransomware attacks is not always possible to pinpoint every time as most of the victims pay the ransom to get rid of the attacker and regain their data. Though it is a bad practice to pay the ransom without notifying the authority, most victims do these to avoid further hassle. In 2019, 205,280 victim organizations submitted complaint files that they had been hacked in a ransomware attack which is an alarming 41% rise than the year before.
According to the security experts, even this number doesn’t represent the true nature of the number of the attacks as most of the events remain undetected or the victims don’t report and silently pay off the ransom.
Examples of ransomware attacks
The core target of a ransomware attack is mostly to gain monetarily. Most of the time the companies are the prime victim of ransomware attacks. The attackers know that the companies have multidisciplinary data stored and they are urgent for them to keep operational, this gives them the chance to ask for a large sum of money within a short period of time. However, sometimes competitors or enemies also perform ransomware attacks on their competitors to cripple the competition. Nevertheless, attackers don’t always perform ransomware attacks on companies; they often randomly perform attacks and ask for money.
- On 13th Dec 2020, Habana Labs, developers of AI processors owned by Intel was reported to be a victim of the Pay2Key ransomware attack. Here the attackers stole data and then leaked them online, the data included sensitive code to various business documents that would compromise the business.
- Another recent incident took place on 1st December, 2020. Shirbit Insurance, an Israeli insurance provider that serves many government employees, became the victim of ransomware. After the report was published it was unraveled that a group called Black Shadow, asked for 50 Bitcoin initially for not exposing the company’s sensitive client data. As Shirbit didn’t respond or paid the ransom, the price rose from 50 BTC to 100 BTC and later 200 BTC.
You should keep in mind that ransomware attack and recovery from it is a long and critical process. Attackers nowadays mostly demand bitcoin as cryptocurrency is untraceable.
- Another notable ransomware attack happened on November 29, 2020, where the victim was none but the electronics giant Foxconn that was infected by the DoppelPaymer ransomware. According to a report published in Bleeping Computer, the attackers demanded 1,804 BTC that equals over $34 million(USD) and if the payment is confirmed then they would provide the decryption tool. The attackers claimed that they had successfully encrypted almost 1200 servers and stole 100 GB of Foxconn’s unencrypted files and deleted 20-30 Tb of their backup data. Yes! You read it right 20-30 TB of the backup file.
How to Prevent Ransomware Attack?
At this point, you definitely got a clear picture of the scenario of ransomware and how deadly they are for your company and yourself. According to CSO online, 94% of ransomware, malware is delivered by email.
Here are some preventive steps that you should grow into a habit to minimize the ratio of being the victim of a ransomware attack:
- Never click on the links that are from untrusted contacts or websites. Additionally, avoid downloading contents that you suspect are from unverified contacts or platforms.
- If you receive emails from an unknown contact, it is always suggested not to open the attached files on your device firsthand. Always confirm the senders’ authenticity. If you suspect that the contents of the email are not usual then don’t hesitate to give a call to the sender to become sure of the contents’ authenticity.
- Only download from trusted sites.
- Abstain from giving away personal information like email, phone number, address, social security number, credit card number, etc.
- Try using content scanning and filtering services provided by your mail server.
- Never use unfamiliar or untrusted USB drives
- Make sure that your operating system and software are always up to date.
- Try avoiding public WIFI. In case it is an emergency then make sure to use a trusted VPN to access the internet.
- The most important thing is to keep a backup of your data. Try the backup system to upgrade automatically so that even if you forget to do so, in the event of an attack you can still restore your backup data.
What to do if you are under attack?
Accident happens. But the best course of action is always not to freak out and keep calm. Whenever you are under a ransomware attack, every second and every decision you take is critical.
The very first thing that you would encounter in an event of a ransomware attack is that you will find yourself locked out of your own system or data. Then you’ll find out a notice or some sort of communication from the attacker regarding the money. There are many variables that are interconnected. You might start negotiating with the attacker and end up making them upset and result in losing the slightest opportunity to recover your data and discovering them leaked online. On the other hand, you might end up giving the ransom and yet not getting the decryption key. In every step, there is a possibility of things going sideways. Responding to a ransomware attack is a multi-layered approach, the best way of responding to a threat like this is to get the help of a professional negotiator. Things that you need to perform:
- Incident Response: Initiate the incident response team if you have one or consult professionals to do so. Here the incident response team will do forensics to understand how much you are exposed and vulnerable. They will then help you to discover and understand the availability of backups and the possibilities of recovery process and time. All this would help you to assess the real scenario of the attack and where do you stand at this point.
- Investigating the damage and possibility of recovering: Now you need to assess the missing data and the system that is affected so that you can determine what it would take to get back in business in this situation.
- Threat intelligence: Cyber intelligence performs a critical role in the event of a ransomware attack. It would help you to understand the threat actor or threat actor group, their motivation, methods, previous activity, typical payouts, etc. These would eventually help you to understand the attacker/s and would be very useful while negotiating with them.
- Consulting negotiator: At this point, you should consult a negotiator if you have not done it yet. Then you should keep all the key stakeholders like an insurer, outside channel, PR specialist, etc. in the loop to proceed further. Now the professional third parties or the negotiator will start the communication with the attacker.
- The negotiator will start the communication after keeping all the stakeholders informed about the scenario
- Here the negotiator will structure a feasible deal with the attacker if possible
- Then you need to decide whether you are willing to pay or not. Before doing so, of course, the reports that you have gathered would help you to determine how crucial the data is and whether paying the attacker is worth it or not.
- How to transfer the money, what are the payment methods, etc
- Handling cryptocurrency transactions
- How the data will be recovered
- What to do after payment if the data or encryption key is not delivered by the attacker.
You will have to leverage the expertise of the negotiator to safely handle the ransomware attacker/s. Because everything you say or don’t say, the communication channels you use and the timing of your communication, and the tone of your communication will affect the process severely.
If you have not yet been attacked by ransomware then you are on the verge of being the victim of an attack. It is said not to scare you but to make you aware of the present scenario of the cyberworld. So, to keep ahead of the attacker you must undertake feasible cybersecurity measures to safeguard your organization and yourself. Here at TechForing, we provide all the industry services and solutions you need to secure your organization in cyberspace. Even if you are being the victim of a ransomware attack, we have a dedicated wing to deal with a ransomware attack and what can help you to determine the best course of action in case of a cyber incident.
IF YOU CARE FOR YOUR BUSINESS DATA, AVAIL THIS OPPORTUNITY TO LEARN FROM INDUSTRY EXPERTS.