Introduction
Ransomware attacks are becoming all too common because more people are working from home. Cybersecurity is at an all-time low and companies are starting to realise the problems of a home-based workforce. Although stringent measures should be taken for any business with access to client information, cybersecurity is often considered to be at the bottom of the list when it comes to updating your systems to allow for remote working.
This is why attacks on companies are skyrocketing in recent months. Ransomware attacks alone have gone up by 350% in the financial sector as a consequence of people working from home, the desperately unemployed, and criminals taking an opportunity.
What are ransomware attacks?
Ransomware is a Trojan virus that is sent to a particular user. The virus itself will not flag any systems as it will look like a legitimate file, something that you would find attached to an email. Like your grandmother’s recipe for bread pudding or a database from your co-worker. How many times have you blindly downloaded an email attachment because it came from your boss or a friend of yours? Ransomware relies on the ordinary and familiar in order to spread, and it can be very convincingly disguised as multiple harmless files or activities.
Once inside your computer, ransomware takes over all of the administrative capabilities of your computer. Effectively putting itself in charge of your system. Remember that time you locked your keys in the car? It’s like that, except your car now has a mind of its own, and has gone hurtling down the street.
Typically, ransomware attacks will encrypt certain key files – in especially dire cases, it encrypts all of the user’s files – and then locks up your computer. At this stage, the computer is no longer usable by the original owner but is completely within the attacker’s control.
From there, the software will generate alerts and pop-ups asking for a monetary fee to unlock their files.
If, at this point, you’re thinking, ‘but what if I don’t pay?’, here is the thing: most people end up paying. If you need your files, it’s not like you have many more options other than paying.
Ransomware attack encryption can only really be unlocked by people who know the encryption key, which means that only the attacker can truly give you your files back. Although paying is risky in a ransomware attack, big companies occasionally do pay so as to regain access to their systems, as to do otherwise would mean a significant loss.
Why are ransomware attacks dangerous?
Besides losing credibility with your clients, ransomware payments can amount to a significant percentage of your revenue and might be difficult to recoup in the long-run (plus, try explaining it to your board that you paid a ransom fee for access to your own files; it’s not a good look for anyone!).
Ransomware attacks also render businesses incapable of operating if they rely on their files and computing systems. Which makes it a threat, not just to the current state of the company, but to the company’s existence itself.
Forms of Ransomware Attacks
Ransomware can take multiple forms, and each has slightly different ways of encrypting and attacking a user’s files.
The most common ones are:
Encryption Ransomware
Encryption ransomware has been around since 1989, and it has only gotten more and more sophisticated since the first failed attempt. With encryption ransomware, the ransomware encrypts and locks up your files, and you have to pay a fee to get the decryption code from the attacker.
Non-Encryption Ransomware
This type of ransomware only rose to notoriety in 2010, with the creation of the Trojan virus WinLock. WinLock would, when downloaded, freeze and restrict access to your own systems until you sent the attacker a premium-rate SMS (usually costing around EUR10) to receive the code that would unlock your system.
Other forms of this ransomware also include mimicking the Windows Product Activation notice to force the user to call long-distance and incur large international charges, ‘clickjacking’, or taking over the web browser, and masquerading as law enforcement or FBI.
Leakware/Doxware
With this ransomware, the user keeps access to their files but has to pay to prevent the virus from exposing sensitive information such as embarrassing imagery, trade secrets, or customer account information. Leakware attacks are very targeted, with at least some preliminary investigation involved to find both potential targets as well as weaknesses.
Mobile Ransomware
The higher rate of mobile usage has led to an increase in ransomware specifically targeting mobile devices such as cellphones. With mobile ransomware, most of the attacks focus on blocking access to information. Although typically disseminated through APK files on Android, there’s a significant risk to iOS devices as well as both iCloud and Find My iPhone systems have a vulnerability that can allow attackers to access the device.
Furthermore, recent research has shown that it is possible to target Internet-of-Things devices for ransomware purposes as well.
Notable Ransomware Attacks
WannaCry
Circulating the internet in 2017, the WannaCry ransomware attack was a worldwide cyberattack that targeted computers with Microsoft Windows operating systems. WannaCry’s proliferation was helped by the fact that it specifically attacked computers running older versions of Windows. There was a significant vulnerability present there that had only been recently discovered, and while Microsoft released a patch to address it, many users had not applied the changes.
WannaCry infected more than 300,000 computers in just four days and extorted billions of dollars as each computer was held hostage for anywhere from $300-$600 dollars to be paid in bitcoin, That doesn’t seem like much unless you multiply the figures, and then you realise how much money the hackers netted in just such a short period of time.
ISS World
In the early days of 2020, ISS World, a Danish facility management company and workplace experience, was taken completely offline to try and mitigate the spread of a malware attack. Besides leaving thousands of employees completely offline, the ISS World ransomware attack also did about $45 million to $75 million worth of damage. The true cost going somewhere higher than that due to the need to rebuild certain parts of ISS World’s infrastructure in order to recover fully from the ransomware attack and limit the risk of this happening further.
Imagine being the employee who brought down your company’s entire infrastructure!
Travelex
A New Year’s eve attack on money-exchange brand Travelex led to the company taking all of its internal networks, consumer websites, and its app offline for nearly a month in an attempt to stop the virus from spreading even further into its systems. Without getting into the amount of revenue lost as the business went offline, Travelex also paid an estimated $2.3 billion ransom to the hackers to try and save its business.
These stories are not the outliers, but a small part of the reality of working in business in an era dominated by technology and a lot of clever people who know how to game the system. Fortunately, it’s not all doom and gloom: there are a ton of ways to make sure that your company never falls victim to a ransomware attack!
Preventing Ransomware Attacks
While it might be tempting to think that ransomware attacks could never happen to you, the reason they’re one of the most effective cybersecurity threats is that they’re very, very believable and very easy to get caught up in. Kind of like one of those ‘send this to five people and good things will happen to you’ email chains.
However, here are a few tips to make sure your computer doesn’t get locked up on you:
1. Never click on unverified links.
Someone sends you an email. You click on that email, and it sends you to a web-page.
In less than a few seconds, you’re locked out of your computer.
Unverified links from emails you don’t know are the number one way people get caught up in these ransomware attacks. It doesn’t matter what the email is promising: if you can’t scan and verify who sent it, best leave those unclicked emails where they belong – in the spam folder of your inbox.
2. Never open email attachments if you don’t know who sent them.
Preferably never open email attachments without scanning them first. However, if you don’t have the possibility to do this on your computer, make sure that the email that sent you the attachment is correct. If it’s slightly off, leave the email unopened, and alert the person who should have sent it to you. Half the time, it’s an innocent mistake, and that email is completely safe to open – but the one time it won’t be is enough to make sure that you’ll struggle to gain access back into your computer.
3. If you have to download software, make sure the website you’re downloading from is legitimate.
The lure of free software is a universal experience; who hasn’t thought about how good it would be to use thousand-dollar software without paying the publishers? While you definitely shouldn’t consider pirating software because it’s morally wrong, it’s also a great way for hackers to inject backdoors into your organisation. And it goes even further than that! Are you sure your copy of Firefox is legitimate? Did you download your Google Chrome from the Google Chrome site? Freeware is still susceptible to ransomware, so if you need to be sure that the file you’re downloading is legitimate, double-check the address bar: is there a lock or shield symbol? If not, maybe avoid downloading from that site from now on, and just sigh very, very deeply, and open your wallet to pay the fee.
4. Never give out personal data.
This one might be a long con game, but if someone calls you asking for personal information, or sends you an email from a reputable source asking for personal information, double-check before you actually send anything. A very sophisticated attacker will try to gain access to information that will make it easier for them to target you, so avoid making it easy for them and keep your personal information to yourself.
5. Use a VPN when using public Wi-Fi.
Public Wi-fi networks are just that: public, and easily accessible to anyone who needs access. They’re usually rife with vulnerabilities, and if you have to make use of a public Wi-fi network, limit the risk you take and use a VPN, especially if you’re about to make some monetary transactions.
6. Use security software and keep it updated.
If you have security software already installed, you’re awesome! Security software such as browser and internet security make it that much harder for people to gain access to your information. Comprehensive online security software can help keep you safe from not just ransomware, but other hacking and cybersecurity threats too. Of course, it doesn’t make sense to just buy the software and forget about it – you need to make sure that you update it regularly to take advantage of the best security practices and new patches that come out.
7. Backup your data.
Of course, all the security in the world can’t account for human error, so if by any chance you do become infected, it’s not the end of the world. Update your files regularly to an external hard drive which can then be unplugged and put in a safe location, or upload to a cloud storage solution. Even if you do get hacked, you can still keep your data without paying an extra cent towards decryption.
Bonus
Get a software security company to help you run a simulated test. Everyone is busy nowadays, and software and security typically rank low on the scale of things to take care of when there’s so many other things that take priority; that’s why you need to outsource your security needs before they become a problem! By running a simulated phishing attack, you can see whether or not your employees are cybersecurity-ready, and to help them learn better cybersecurity practices online. If you’re interested, just fill out the form at the end of this post.
Conclusion
AIRO Software can help keep you safe and secure, and we’re excited to work with you to figure out a security solution that’ll benefit your business best. Contact us today for a custom quote, and let’s see what we can do for you!
Human error is the leading cause of cybersecurity threats to corporations. See how well-prepared your employees are and run a simulated phishing attack to make sure your employees know exactly how to spot a scam.
Here’s how it works:
- available for up to 100 users.
- customisable language selection, landing page, and test templates.
- identifiable red flags and explanations.
- PDF emailed within 24 hours with phish-prone %
- rank your organisation against others in your industry