Ransomware is a real threat to organisations, and the number of incidents is rising each year. In this blog post, we will give you some concrete tips on how your organisation can avoid ransomware attacks and what to do if your organisation is hit.
When you hear the word ransom, you are probably thinking of an unfortunate scenario like a kidnapping, where the kidnapper is holding someone hostage until they receive a large sum of money from the victim’s family.
It’s not too far off from what ransomware is. Ransomware is a type of malware in the form of digital hostage-taking using encryption. It is where a computer is infected with a virus that locks files or access to the system. Normally, cybercriminals gain access to computers because of a trojan horse attack – where we have accidentally downloaded or opened malicious files, e.g. from a phishing e-mail. The cybercriminals will demand payment in exchange for giving you back control over your system.
Since the emergence of Covid-19, global organisations have seen a 148% spike in ransomware attacks. With the increase in remote working, overwhelmed hospitals, and our desire to find answers to ease uncertainty, many people have become dangerously vulnerable.
Before we dive into the tips on how to avoid being hit by ransomware, let’s have a look at two famous ransomware attacks to see what’s at stake. By looking at some real-life cases, we hope that it will help you understand the possible consequences and how easily we can be targeted.
Also known as Wizard Spider, UNC1878 is an infamous ransomware gang that is believed to be operating out of East Europe. They have been traced from attacks that have disrupted health care in at least six hospitals in the United States during the Covid-19 pandemic, which could threaten patients’ lives. The rest of the world has also seen significant spikes in ransomware attacks.
Among others, UNC1878 uses the TrickBot trojan to gain access to the victims’ systems, and the Ryuk ransomware to extort victims. Ryuk is responsible for 75% of ransomware attacks against American healthcare organisations.
Bad Rabbit is another ransomware attack that happened in 2017 and used a method called a ‘drive-by’ attack. It spread by targeting insecure websites.
During a drive-by attack, a user visited a legitimate website not knowing that it has been compromised by a hacker. Although merely browsing the website is harmless, users are infected when they click to install something that is malware in disguise. In the case of Bad Rabbit, they created fake requests to install Adobe Flash.
Luckily, there are a few things we can do to try avoiding ransomware attacks. By following the suggested precautions below, you will greatly diminish the risk and consequences of being infected by ransomware.
The easiest way to strengthen your cyber security is to keep your devices and its software updated. Updating isn’t only for the device to run faster and more smoothly, but they are done to update the computer’s security. However, not everybody knows this, and will often decide to delay the updates as they are working to meet the next deadline. That’s why your team has to understand the importance of keeping their devices updated.
Ransomware is almost always targeted at people. They take advantage of our curiosity, sense of urgency, and trust. By having everyone on the same page by providing knowledge about phishing attacks, surfing the internet safely, and ransomware, your team will become aware of threats and be less likely to fall for a ransomware attack.
You can also download our free e-book on how to make your team your biggest cyber security defence!
Since the consequences of ransomware mean that you may lose data or access to devices, we highly recommend thinking of a back-up plan. Here are a few possible solutions:
By having more than one backup solution, you can be more certain that your data can be recoverable if the ransomware infection has spread too quickly. While we understand that implementing this solution could take more time and resources, we highly recommend it to organisations who depend on their IT and data for their daily operations.
Ransomware easily spreads through the network to devices that are connected. By backing up data offline, not only will you have a backup, but it will be in a place that the infection cannot touch.
By actively backing files up more frequently, it will automatically mean that you lose less data when infected with ransomware. For example, if you back up your data every hour, then it could mean that you only lose one hour’s worth of work and data, as opposed to e.g., an entire day’s.
However, it is all about finding the right balance. The more you back up, the higher cost it is for your organisation. It pays to practice data minimisation.
The only thing worse than not having a backup is thinking that you have a backup after all your efforts, then realising that it doesn’t work when you need it. That’s why it is important to test the restoration process continuously.
When you can no longer access your data or use your computer without paying a hefty fine, then you have been infected with ransomware. Here are a few things to do if you have fallen victim.
In the midst of panic when being hit with ransomware, your instincts might tell you to take the ‘easy’ way out – to pay the cybercriminals.
When cybercriminals target your organisation with ransomware, they have one purpose: to extort you for money! Even if you paid up, there is no guarantee that they will honour their agreement and return access to you, as they are dishonest criminals by nature. By refusing to pay up, you invalidate the cybercriminals’ efforts. Fortunately, if you have made the necessary precautions and follow the tips in this blog post, you could have the upper hand in this incident.
Keeping the incident secret will do no good. If your colleagues are unaware of the threat of ransomware or an infection in the organisation, they cannot defend themselves.
Additionally, you should report the ransomware incident to your governmental organisation which deals with cyber security and the GDPR. Unfortunately, many ransomware attacks go unreported simply because people don’t know the importance of reporting. This makes it difficult for law enforcement to track the attacks, warn other organisations, and come up with effective defences against cybercriminals.
Ransomware is notorious for spreading like wildfire. In a matter of minutes, it can spread through your organisation’s network and infect numerous computers. If possible, disconnect the affected computer from the network (Wi-Fi and wired). If there are any external hard drives connected to the computer, be sure to disconnect those to. We also recommend disabling the affected person’s account until a solution has been found.
Unfortunately, there is no one-size-fits-all solution for when you are infected with ransomware. In most cases, we would recommend that you ask for a second opinion of another IT expert to be safe. Sometimes, you could be lucky enough to have solved the decryption, but often, turning to back-ups is the way to go. If you have made frequent back-ups, you can wipe the affected computer clean or restore it without losing too much data.
Ransomware could appear anywhere, from a very convincing phishing e-mail or a fake website. Fortunately, there are steps you can take to minimise losses or prevent being hit altogether. By backing up your data in more than one place, you can recover it without paying the cybercriminals. If you train your team to be aware of possible threats and know how to avoid them, then that will drastically reduce the risk of a ransomware attack.
At CyberPilot, we offer awareness training in cyber security for organisations who would like to protect themselves against ransomware threats. We offer a free trial for our awareness training – no credit card required.
Join our 2000+ subscribers and sign up for our newsletter. You will receive inspiration, tools and stories about good cyber security practice directly in your inbox. Our newsletter is sent out approximately once a month.