Ransomware And Its Criminal Use

Uploaded on 2021-05-31 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Ransomware is a type of malicious software cyber criminals use to block you from accessing your own data. The digital extortionists encrypt the files on your system and add extensions to the attacked data and hold them ‘hostage’ until the demanded ransom is paid. After the initial infection, the ransomware may attempt to spread throughout your network to shared drives, servers, attached computers, and other accessible systems. 

If the ransom demands are not met within the cyber criminals' timeframe, the system or encrypted data remains unavailable, or your data may be deleted by the software and the decryption key obliterated. 

How Ransomware Works

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing email, this is an attachment that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer.

Ransomware enters your network in a variety of ways, the most popular is a download via a spam email attachment. The download then launches the ransomware program that attacks your system. 

Other forms of entry include social engineering, downloads of the malicious software from the web that can be direct from a site or by clicking on “malvertising,” fake ads that unleash the ransomware. The malware can also be spread through chat messages or even removable USB drives.

Typically, the software gets introduced to your network by an executable file that may have been in a zip folder or disguised as a fax or other viable attachment. The download file then encrypts your data, adds an extension to your files and makes them inaccessible. 

More sophisticated versions of the software are propagating themselves and can work without any human action. Known as “drive-by” attacks, this form of ransomware infects your system though vulnerabilities in various browser plugins.
Without ponying up the money for the key, it is very difficult to decrypt files after an attack. Of course, good backup eliminates the need to succumb to ransomware demands.

Ransomware attackers are honing their distribution plans to hit those organizations that are more likely to pay the ransom demand ,such as healthcare, government, education and small businesses.

How To Defend Against Ransomware

Whether you need to know how defend against CryptoLocker or any of the other 4,000 daily attacks, the first component of the solution is to warn co-workers against downloading suspicious file attachments. They won’t prevent all attacks, but it will help. It is also critical to ensure that your servers are being patched regularly, as many security gaps that ransomware hackers take advantage of are often protected in the latest Microsoft patches.  

Failing to stay up to date can cause major issues down the line.  No matter what, you have to prepare to be hit.  So it’s critical you not only have backups, but secure, tested backups and a well-documented, secure disaster recovery plan if the attack is pervasive enough.  On the data protection side of things, keep these 5 components in mind:

Backup & Protect 

Experts have suggested a number of ways private individuals and organisations can protect their computer systems against cyber-attacks. Blocking suspicious Internet and email accounts and avoiding downloading programs that are not secure are some of the cheap and effective ways of protecting against ransomware, but will not block all forms of the software.

Organisations are warned to back up data on separate networks or on a cloud-based system to ensure continuity of business, should a successful attack be carried out. 

Follow the 3-2-1- rule. Three copies of your data, 2 different types of media and 1 version stored off-site. If you do get hit by ransomware you’ll have an easy escape.  You can even consider keeping a backup offline (on tape or rotational media), but recovery times are longer from offline backups, and offline backups are more difficult to test.

Secure

Ransomware predominantly targets Windows OS. As backup systems can require many role-based instances for centralised management, data movement, reporting, search and analytics, securing all those machines can be complex. Consider locking them down to do only what they are required, and nothing more. Newer solutions based on integrated backup appliances typically remove that complexity and come hardened out of the factory.So security can be far simpler in those newer architectures.

Test

Test the viability of your backup and disaster recovery strategy regularly. A lot of factors can impact recovery, including backups of machines that already contain ransomware.  Test automation is becoming a trend in the data management and data protection industry. It is important those features are used more as security threats become more impactful to IT.

Detect

Early ransomware detection means faster recovery. More backup vendors are starting to use predictive analytics and machine learning to recognize possible attacks and alert administrators of abnormal fluctuations of data as backups are ingested.

Recovery

If you’ve effectively backed up your data and tested its recoverability you will be ready to roll back your network to a safe restore point and avoid downtime, data failure and revenue loss.

Ransomware attackers are ferocious. If you haven’t been attacked yet, it’s not a matter of if, but when…be prepared.

Forbes:       Unitrends:       CSO Online:           Irish Examiner:         Washington Post

You Might Also Read:

Will Governments Ban Ransom Payments To Hackers?:

 

« Get The Best Cyber Security Audits & Training
Denmark Helped NSA Spy On European Union »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Outsource UK

Outsource UK

Outsource UK is an independent recruitment company supplying highly-skilled technology, change and engineering talent to clients within a range of specialist sectors including Cyber Security.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.