Ransomware attacks have continued to grow both in scope and audacity over the past several years.
This type of malware has become one of the biggest cybersecurity threats for enterprises, and experts predict the situation is only going to get worse. The WannaCry ransomware incident of 2017 that affected over 300,000 computers in 150 countries was just the tip of the iceberg. A slew of other similar threats surfaced after WannaCry, and millions of computers with unpatched operating systems are still at risk today.
In 2019 alone, the United States lost an estimated $7.5 billion in ransomware attacks, targeting governments, schools, hospitals, and the private sector. Even as ransomware activities declined by 20% in 2019, attacks on enterprises saw a 12% increase. Threat actors were able to disrupt essential services that caused a cascade of delays in all the affected sectors.
At least 966 government agencies suffered attacks, including:
- 1,233 individual schools.
- 764 healthcare providers.
- 113 state and municipal agencies.
- 89 colleges, universities, and school districts.
These ransomware attacks were more than expensive annoyances. They posed a legitimate threat to the health, safety, and lives of countless Americans. To dive deeper into the concept of security threats, check out Cloud Academy Security Training Library. You can train on the leading security tools and test your skills in live cloud environments.
What is ransomware?
Ransomware is malware that cybercriminals use to infect computers and encrypt files until the user pays the “ransom” to free the data. Ransomware can and will try to spread to connected computers and other devices on the same network. If the ransom demands of the attackers aren’t met, the files will remain encrypted and useless.
However, there’s no guarantee if the criminals would even bother to decrypt the files once they receive payment. Many threat actors even string the victim along with promises and demands for more money. Some hackers delete the data outright, while others play the blackmail card and threaten to post the victim’s sensitive photos or info.
The worst byproduct of a ransomware attack is the threat of using compromised data for identity theft, creating a double-whammy for the victim. Cybercriminals control the data they encrypt, and if they the victim’s personal and financial information, they could easily steal more money by way of fraud. According to identity theft statistics for 2019, almost all types of internet fraud are on the rise, including a 79% spike in account takeovers and a 13% increase in account fraud.
How does ransomware work?
On infected computers, ransomware works by identifying the drives and encrypting all the files. Encrypted files show up with added extensions depending on the type of ransomware used to infect the system. Common extensions include .petya, .crypt, .aaa, .encrypted, .vault, .xyz, .zzz, .micro, .ttt, .cryptolocker, and .locky.
Once ransomware completes encrypting the data, it creates and displays the inaccessible files with instructions on how to pay the ransom. Cybercriminals may or may not provide the victim with a cryptographic key to unlock the data, even after paying the ransom.
Ransomware delivery methods
The most common method of delivering ransomware is through “drive-by downloads” and phishing emails. Criminals work hard to make phishing emails appear as if they’re from legitimate companies or someone the victim knows. These emails usually contain messages that either entice the victim with a deal or threaten legal action. Threat actors add malicious links that take the victim to an infected website, or an attachment that downloads and installs malware.
Preventing ransomware infections and securing data
The best way to keep your data safe is to prevent ransomware infections from happening and having a secure backup in case things go south. Here are a few prevention tips.
1. Update and patch your OS
Install the latest operating system update and security patch for your system. The same goes for all installed apps or programs. Attackers love to exploit vulnerabilities in unpatched applications and operating systems.
2. Install security software
Use an antivirus and firewall program from a top provider and keep them updated. These programs usually come with email filters that can block known phishing emails and a malicious network filter to keep you safe online. Using a VPN can also help hide your real IP and location from hackers by encrypting your traffic.
3. Perform regular system and file back ups
Add another layer of security by backing up your computer once a week. Backup your system and files on an external hard drive so you can quickly restore them when your data gets wiped out or corrupted by a ransomware attack. Make sure that the hard drive where you store your backups isn’t accessible on the network. Regular cybersecurity training will also help your organization be more aware of the threats and how to respond accordingly.
4. Email verification
If you’re not sure about the legitimacy of an email, verify it by getting in touch with the sender directly. Search for old emails from the same sender to ensure that the contact information is authentic before contacting them.
5. Take extreme caution when opening email attachments
If an email contains attachments, proceed with caution, even if it’s from someone you know. Criminals lace email attachments with ransomware and trojan payloads that cause a great deal of havoc when deployed. If you see a compressed or ZIP attachment, verify the sender and scan it with your antivirus.
6. Keep your sensitive information safe
Don’t store your details, passwords, and other digital documents on your computer. Use an external hard drive, USB stick, or cloud storage. Double-check the security of a website to make sure your data undergoes encryption.
7. Take special care when dealing with links
Use caution when clicking links on an email, even if the sender appears legitimate or known to you. Always verify who the sender is by checking the address URL and doing an individual search online for the organization’s website. Fake or malicious website addresses appear to look like the real ones but have subtle misspellings or false domains. (.net instead of .com or yahooo.com instead of yahoo.com.
If the email has a link saying it will go to the company’s website, don’t click it. Manually enter the name in your browser and navigate towards the page you’re supposed to go. You’ll know right away if the email was legit or not if the page exists on the official website.
8. Keep yourself informed
Read the latest trends on malware, phishing attacks, ransomware, and other cybersecurity threats on security websites or blogs. There’s plenty of information on the Anti-Phishing Working Group website and DHS’s CISA service.
What do you do when a computer gets infected with ransomware?
If you suddenly can’t access your files and a ransomware alert appears, shut down your computer and isolate it from the rest of the network. Make sure the external hard drive containing your backups isn’t connected. Turn off all other devices and computers, including your router.
If you’re a home user and don’t know how to restore your backup, contact your security software’s technical support team. You can also ask around for a referral on a computer technician. For organizations, inform your IT department immediately. Don’t forget to change all passwords once your system has been restored.
It’s important to note that you should NEVER pay the ransom because it only funds and encourages the attackers to launch more ransomware attacks. There’s also no guarantee that your files will be returned to you after paying the ransom.
Should you need further assistance, you can get in touch with the local FBI or U.S. Secret Service office in your area.