Unlocking Ransomware

What is Ransomware?

Ransomware is a type of malware or malicious software that “locks up” a user’s data or computing devices and threatens to keep it locked unless the user pays the attacker a ransom.

Earlier ransomware attacks just demanded a ransom to unlock the data or device, but today’s attacks are unfortunately a lot more sophisticated and complicated, like the “double extortion” attacks where they demand a ransom to unlock the data and prevent data from being stolen. And then there is “triple extortion”, where attackers ask for a ransom to unlock the data, prevent the data from being stolen and add the threat of a distributed denial of service attack to the mix.

What types of ransomware attacks can occur?

There are several methods through which ransomware can infect your device or network. Here are some of the most common types of ransomware infections:

Phishing emails attacks: Phishing emails trick users into downloading and running a malicious attachment that appears to be a harmless file, or has the user visit a malicious website that passes the ransomware through the user’s web browser.

User credential theft: There are many ways hackers can gain access to a user’s credentials. One of these ways, for example, is that they buy the users’ leaked credentials on the dark web. They then use these credentials to log into the user’s network or computer and deploy ransomware directly onto their device(s).

Drive-by downloads: Hackers can use websites to pass ransomware to a device without the users’ knowledge. Hackers achieve this by using exploit kits on compromised websites that scan the users’ browsers for vulnerabilities and inject the ransomware directly onto the device without the user even knowing what’s happening.

What are the stages of a ransomware attack?

Now that you are aware of the types of ransomware attacks that exist, let’s take a look at the different stages of a ransomware attack.

Stage 1: The hackers scan the target system to identify any exploits or vulnerabilities that the device and/or network might have. Most hackers also search for credentials that could enable them to move through the network laterally and infect additional devices with ransomware.

Stage 2: Once the ransomware has gained access to the target system, it then starts to identify and encrypt the user’s files. Most hackers use asymmetric encryptions that encrypt the ransomware with a public key and use a private key to decrypt the data. Since the user doesn’t have access to the private key to decrypt their data without the hacker’s help, they have no choice but to pay the ransom. Hackers sometimes disable the system restore and access to on-device backups to put the user under more pressure to pay for the decryption key.

Stage 3: Now that the user’s files are encrypted and the device has been locked,  the ransomware will continue to alert the user of the infection with a pop-up notification. This ransomware pop-up will tell the user how to pay the ransom and is usually requested to be paid in the form of cryptocurrencies or other methods which can’t be tracked. 

How can your business defend itself against ransomware?

Here are a few ways your business can protect itself from falling victim to a ransomware threat.

Employee cybersecurity training can help users recognise and avoid tactics such as phishing, social engineering and other cyber threats. It is a proven fact that uninformed employees tend to be the main weakness in any business’s defence again cyber-attacks.

Update your cybersecurity tools such as your antivirus software, firewall, endpoint detection and response tools, so that your IT security team can identify and respond in real time to ransomware attacks.

Implement access control policies such as two-factor authentication, zero-trust infrastructure, and similar measures to prevent ransomware from targeting sensitive data.

Make backups of sensitive data and ensure that system images of your business devices are stored on external hard drives or other devices that can be unplugged from your network.

Keeping up with updating your software can protect your system from ransomware attacks that take advantage of vulnerabilities found in your software and/or operating system.

Future of ransomware attacks?

Ransomware attacks are steadily increasing each year due to the rise of Internet-of-Things (IoT) devices, third-party software releases, and operational technology. Cybercriminals are constantly looking at finding more creative ways of deploying ransomware, and this makes it a challenge for users to stay protected.

To ensure that your business is protected against the rise in cyber security attacks , AOLC provides a comprehensive, one-stop-shop for all of your company’s IT security and solutions. For more information on this topic or to discuss a customised solution for your business, contact AOLC on 087 55 00 555 or info@aolc.co.za.