Ransomware: How It Takes Your Organization Hostage and What You Can Do About It

Ransomware has been an escalating problem for quite some time, and Calgary organizations are not immune to this crisis. But with recent global events, your level of vigilance needs to be higher than ever.

What Is Ransomware?

Ransomware encrypts your files, usually when someone on your network clicks a link or downloads a file that has been purposely corrupted with malware. Once the malware has been deployed, company files become inaccessible, crippling your organization. The cybercriminals then demand a ransom, usually in the form of Bitcoin, in order to unlock the files. Without the right cybersecurity protocols in place, ransomware can prove catastrophic.

How Does Ransomware Succeed?

Ransomware works by generating fear.

Sent via email, a message is usually designed to make the recipient believe that it was sent by someone they trust, typically someone to whom the employee reports.

The recipient will likely believe that the requested action (opening the file or clicking on the link) is necessary to conduct business and that the matter is urgent.

Cyber hackers are clever, so employees must be constantly on alert and prepared for similar tactics.

In addition to implementing robust email security, as well as offsite backup and recovery solutions, the most important step is to immediately educate staff.

It is easy to be fooled by emails that seem to be coming from legitimate sources, and once an employee has clicked on the link or opened the file, there is no recovering.

How Does Ransomware Work?

Understanding what steps to take to better protect yourself, without understanding how ransomware works in the first place, is difficult.

There are many different ways your system can become infected with ransomware. The most common is through email. Phishing emails are disguised to look as though they are legitimate, causing the recipient to click a link or download a file, which in turn launches malware. But there are other methods of ransomware distribution, and cyber criminals are always coming up with new ways to trick people.

For example, during the pandemic, fake websites were set up promising COVID-19 information or treatments. These websites either prompted a user for personal information or asked the person to fill out or download a form. Were a person to click the link or download the infected file, the ransomware would go to work locking the files within the organization. The malware being used to encrypt the files would then initiate a request for payment, in order to have the files decrypted and the network restored.

Other ransomware may not encrypt the data but simply lock the screen; other forms of ransomware encrypt the master boot record, preventing a system from booting. Computers, laptops, and tablets are all at risk.

In all cases, demands are made for payment in order to retrieve the data. However, 42% of organizations who paid a ransom did not get their files decrypted.

High-Profile Ransomware Attacks

There have been a number of high-profile ransomware cases over the past few years. In each case, cyber criminals exploited people and network vulnerabilities to succeed in their efforts. Some of the most notorious ransomware attacks have included:

WannaCry Criminal hackers released a strain of ransomware that spread itself automatically across all workstations in a network, causing a global epidemic. If an employee was not paying attention and accidentally opened one of these phishing email attachments, they not only infected their own workstation but immediately everyone else’s computer, too. This resulted in more than 200,000 confirmed infections in over 150 countries.

Locky Locky contains a hidden JavaScript file in the attachment that evades most common malware detection software because it appears to be a harmless file. Locky proliferated so quickly that it almost immediately accounted for more than 16% of all ransomware attacks.

Meltdown and Spectre Not all threats start with an email. Some start as vulnerabilities that are then exploited. Meltdown and Spectre exploit critical vulnerabilities in computer systems and allow programs to steal data processed on the computer.

Petya

The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive’s file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system. The Petya malware had infected millions of computers during its first year of its release. (Wikipedia)

CryptoLocker CryptoLocker (KnowB4) CryptoLocker is a ransomware virus that infects PCs via downloads from infected websites and email attachments sent to business professionals via a botnet called GameOver ZeuS. Cryptolocker is particularly nasty ransomware that uses a 2048-bit RSA key pair, uploaded to a command-and-control server, which it uses it to encrypt or lock files with certain extensions, and delete the originals. Once files are locked, Cryptolocker then threatens to delete the private key needed to unlock the files if payment is not received within three days.

Protect Your Organization – and Your Personal Data – from Ransomware Attacks

Individuals and organizations have a responsibility to do everything possible to avoid putting themselves and their companies at risk. With a 485% increase in global ransomware reports (Bitdefender) and ransom demands as high as $50 million USD (Coveware), there is incentive for businesses to take immediate action. Here are just a few things that you can do right now to protect your data:

• Be very careful when you receive an unsolicited email with an attachment. If there is a .zip file as an attachment, do not click on the attachment. Do delete the whole email. Remember: “When in doubt, throw it out!”
• When using public Wi-Fi in a café or hotel, always use a VPN. Never connect to your personal or professional networks using open public Wi-Fi, as your usernames, passwords, and other secure information can be stolen.
• Notify your IT department as quickly as possible if you believe you’ve been the victim of a ransomware attack.

How to Mitigate a Ransomware Attack

For organizations, there are several steps required to mitigate the damages of a ransomware attack.

1. If you think your systems have been compromised by ransomware, immediately shut down workstations and notify your IT team. Hackers will stop at nothing to profit from your data; you should stop at nothing to protect it.
2. Isolate infected computers from your network and storage.
3. Try to identify the type of ransomware with which you’ve been infected and work with your MSP to remove the malware.
4. Report any data breach to the proper authorities.
5. Enact your disaster recovery plan and use your isolated backups to restore your network. You may be forced to decide whether to pay the ransom. In most cases, this is a bad idea, as doing so encourages cyber criminals to continue their efforts.
6. Conduct a complete analysis of your systems and implement a proactive response, to prevent future breaches and to protect your sensitive data.

How The ITeam Can Help You Shore Up Your Ransomware Defences

Can you protect your business from phishing, malware, or ransomware? While 100% security can never be guaranteed, you can take several steps to greatly reduce the risk of your business falling victim to one of these schemes.

The most important thing you can do to prevent such occurrences is to invest in IT security.

A good IT security team will know exactly what risks to look for and how to protect your network against them.

Furthermore, if a cybercriminal is successful in infiltrating your IT system, a professional IT team will have the tools and ability to shut down your network and restore it with minimal disruption to your customers.

Offsite backup is crucial

One thing an effective IT team will do is work to ensure that your sensitive data is regularly backed up offsite.

This means that if your IT system does fall victim to ransomware or other malware, you can simply load your data from the last successful backup and continue working.

The more frequently you back up your data, the less damage any malware attack will inflict.

Prevention is the best form of security

When it comes to securing your business, the importance of a professional IT team cannot be understated.

And the best time to take proactive steps to protect your business is now – before problems arise.

By taking the time to implement a comprehensive IT security plan, and by giving your IT professionals time to create an IT security protocol, you can help ensure that your business is protected tomorrow and beyond.

Download The ITeam Email Security Guide

The ITeam provides essential IT support to Calgary- and Alberta-based businesses, with fully managed and customized services designed to meet the needs of virtually any business. The ITeam will work with you to customize a cost-effective solution and help you develop a comprehensive IT strategy that will help you survive economically stressful times. Contact us for a free consultation or schedule a network assessment today.