Risks from Ransomware Gangs
What are some of the most common terms that business owners have reported using when discussing ransomware infections and the associated IT costs?
Following Ransomware: Avoiding infection:
Ransomware is a family of malicious software which has targeted enterprises, governments, organizations, individuals and public sector organisations. It is basically a type of malware that encrypts a system or a network, making it unusable until the owner pays a ransom in order to obtain the decryption key.
While there is no perfect way of preventing ransomware infections, these steps can help reduce the chances of infection.
• Make sure you keep your operating system up to date.
• Enable password management so that users are not able to write down passwords on their laptop or mobile device.
• Ensure that all mobile devices and laptops are completely wiped and running an antivirus software.
• Never click on suspicious emails and links.
• Install a ransomware-blocking program and use a firewall to block incoming and outgoing spam.
• If you suspect that your network has been compromised, disconnect all devices from the Internet and reset passwords.
• Create a ransomware backup to safeguard your company’s data and prevent a ransomware infection in the first place.
• Consider using a data backup cloud backup solution.
Protecting your valuable information can reduce the amount of losses, but it won’t necessarily stop malware infections in the first place. If a ransomware infection is confirmed, you’ll have to pay the ransom before you can regain access to your data.
How does the average IT department prepare for ransomware attacks?
Organizations need to pay attention to threats like ransomware, and take steps to protect their valuable data. It should be their number one priority.
Security and maintenance needs to be planned and scheduled to deal with risk.
These can include:
• Updating systems patches
• Ensuring all necessary security patches are installed
• Checking if security services are enabled
• Ensuring that LAN and wireless networks are secure
• Ensuring antivirus programs are installed on devices
• Setting up login requirements to allow users to access sensitive data
• Reviewing admin policies and passwords
Protecting your system and data
When it comes to ransomware, businesses should be particularly careful with their backups, which are essentially one of the easiest ways of protecting their data from attack.
Creating a ransomware backup is one of the most effective ways to protect systems from attack. But there are several ways in which you can create backups.
There are many options when it comes to backups. These include system image backups, restore points and disk image backups.
If you have an enterprise backup solution, you can use it to store large files (such as database) or entire desktops, which can be restored later when a ransomware infection strikes.
But it's important to note that backups are not infallible and should not be treated as such.
Businesses should set policies for backup copies and be clear about when they are available. They should also never make backups that include sensitive data.
Manage the recovery
Restoring systems and data can be a daunting task, but that’s a worry that most businesses can look forward to. One of the most effective solutions to this problem is the service.
When having a recent backup can recover your data and gives you the ability to restore your backup file even if your computer is damaged or destroyed.
Example of Ransomware
Risks from ransomware gangs are potentially increasing in 2018
2017 was a watershed year for ransomware and for security in general. In 2017, the WannaCry and NotPetya ransomware epidemics demonstrated the biggest and most destructive uses of ransomware to date, and it seems likely that 2018 will be just as critical a year in the evolution of the ransomware threat as 2017 was. However, if ransomware remains a threat, what should businesses and organisations do about it?
WannaCry NotPetya Ransomware
The WannaCry attack in May 2017 was the most virulent, and destructive, so far, of the ransomware strains that have come to the attention of security professionals. The biggest effect of WannaCry, however, was that it demonstrated the weaknesses of Windows operating systems to the wider world, and highlighted the risk of running unsupported operating systems without applying any patches.
The NotPetya ransomware outbreak in June 2017 demonstrated that the basic WannaCry techniques – encrypting your data and holding it hostage until a ransom is paid – could be applied to different systems to create a ransomware "worm" that could spread without the need for a command-and-control infrastructure.
NotPetya was "worse than WannaCry", according to Symantec, in that NotPetya itself was not particular to Windows. It spread by exploiting a flaw in the Windows SMB protocol, which allows any attacker on a network to exploit a weakness in the protocol and upload a malicious file to any SMB-accessible file share that uses the protocol to communicate.
Because there was no out-of-band notification from the attacker, and no external intervention, machines would be infected as soon as the SMB service on those machines was restarted. This vulnerability was known about and patched in April 2017, but it's likely that many organisations did not apply the patch – instead relying on Microsoft to update the SMB implementation in its operating systems.
Because of the security flaws in older versions of the Windows operating system, organisations that had already been infected would also have to take other steps to regain control of their machines, including contacting customers and vendors and destroying the infected computers.
WannaCry and NotPetya marked a watershed for ransomware. They showed the potential scale of the attacks that could be launched via these approaches, and demonstrated that the indiscriminate use of WannaCry and NotPetya would damage businesses as much as it would public sector organisations and the NHS.
Next year, we'll likely see more tools appearing that exploit vulnerabilities in a Windows SMB implementation without requiring the malware to rely on a command-and-control infrastructure.
Ransomware Recovery Efforts Expected To Hit $6 Billion By 2019
Ransomware may not be as scary as some malware that tricks your computer into doing things such as pay a fee in order to use your documents, but it is still the second-most used type of malware out there, just behind Trojans, according to security company Kaspersky. And it is expected to affect around four percent of all PCs in 2018. By 2019, that number is expected to hit around 12 percent.
What is ransomware? The name may be reminiscent of something dangerous but ransomware is really just software that gets installed on your computer, encrypts your files, and then demands a ransom in order to decrypt them. While it is a lot of money if you’re trying to recover those files, not to worry — you won’t actually have to pay for it. The ransom usually costs around $300 to $500 to remove, but will often go up if the ransom is large. Thankfully, you don’t have to pay in order to unlock your data. Security firms will usually send a key for you to recover the files for free or for a reasonable fee, if that is what you’re paying. This is actually a rather recent phenomenon. For the most part, ransomware has been a concern, but not so much a threat, for the past few years. That is until more recently when the criminals started using the sophisticated nature of ransomware to launch attacks in a large scale. More importantly, they started launching attacks against organizations rather than individual users.
Of course, if you have a larger company than one that is just a few people, there is a good chance you are on the network that has been targeted. And this is when paying the ransom becomes so critical. Why? Because your data has already been encrypted and the hackers are just waiting for you to pay them. But, why are they so determined to get you to pay? It’s basically like extortion. They are in business to take money and most victims do not have the money, or they just don’t know how to go about getting it. But some companies are finding ways to combat this particular type of malware.
With that said, here are some of the current ransomware protection options that are available