What is it?
Ransomware is malware that encrypts your files or stops you from using your computer until you pay money (a ransom) for them to be unlocked. If your computer is connected to a network the ransomware may also spread to other computers or storage devices on the network. Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. Since payment is always the goal, the victim is coerced into paying for the ransomware to be removed either by supplying a program that can decrypt the files or by sending an unlock code that undoes the malware changes.
Some of the ways you can get infected by ransomware include: Visiting unsafe, suspicious, or fake websites, opening file attachments that you weren’t expecting or from people you don’t know, and opening malicious links in emails or social media posts.
Ransomware attacks can be categorized into two types;
- Crypto ransomware attacks (or data lockers)
These encrypt files on a computer to prevent the victim from accessing data. The easiest way to restore data is to use a decryption key, which is what attackers offer in exchange for a ransom. Crypto ransomware typically does not encrypt all data on a device. Rather, the program silently scans the computer for valuable data and encrypts only those files. Typical targets for a crypto attack are financial information, work projects, and sensitive business files. This type of ransomware does not lock the computer. Victims can continue to use their devices even if they refuse to pay the ransom.
- Locker Ransomware
Locker ransomware attacks lock down the entire computer instead of encrypting specific files. Attackers then promise to unlock the device if the victim pays the ransom. A locker attack typically allows the user to boot up the device. However, the device has limited access and enables the victim to only interact with the attacker. Attackers behind locker ransomware often use social engineering to pressure the victim into paying the ransom. Imitating tax authorities or law enforcement agencies is a common tactic.
A few examples of ransomware include;
- Cerber – targets cloud-based Office 365 users through an elaborate phishing campaign. It’s affected millions of users so far.
- Locky – Locky is ransomware that’s spread via spam, often as an email message that looks like an invoice. When opened, the user is instructed to enable macros in order to read it. If the user does this, the ransomware will begin encrypting files, demanding a ransom to unlock them.
- WasteLocker – this is an example of targeted ransomware. Every attack has a custom plan to breach a specific company. Ransom messages always refer to the victim by name, and all encrypted files have the .garminwasted extension. WasteLocker encrypts data with a combination of AES and RSA algorithms. What sets this ransomware apart is that a single public RSA key encrypts files. Most other programs generate a unique public RSA key for each infection.
- Snake, also known as Ekans, first appeared in January 2020. Unlike other ransomware targeting enterprises, Snake spreads through industrial control systems (ICS). Snake does not attack the operating system files or programs. Infected computers still boot up, but Snake prevents access to target data.
How to protect yourself from ransomware
Set Up a Firewall
A firewall is the first software-based line of defense against ransomware. Firewalls scan the incoming and outgoing traffic for potential risks, allowing the security team to monitor for signs of malicious payloads. Your firewall should have the ability to run deep packet inspection (DPI) to examine the data content. This capability automatically identifies packages with infected software.
Improve Your Email Security
Email security best practices are crucial to eliminating phishing and other social engineering traps. Your mail server should be able to;
- Filter out incoming emails with files that have suspicious extensions, such as .vbs and .scr.
- Automatically reject addresses of known spammers and malware.
Setup an immutable backup
operates like any data backup, but it does not allow anyone to change or delete information. This type of backup is the ideal protection against data corruption, whether malicious or accidental. Hackers cannot encrypt data even if they reach the backup storage.
You should back up your data multiple times a day, use at least two backups, and keep one instance offline. If you suffer a ransomware infection, wipe your old system, and recover the last clean backup you have on record.
Segment You Network
Once ransomware enters your system, the malware needs to move laterally through the network to reach target data. Network segmentation prevents intruders from moving freely between systems and devices. Ensure each subsystem in the network has: Individual security controls, strict and unique access policies, and a separate firewall and gateway.
If intruders compromise a part of your network, segmentation prevents them from reaching target data. Attackers need time to break into each segment, which would give your security team more time to identify and isolate the threat.
Use a Cloud Access Security Broker
If you use cloud services, a cloud access security broker (CASB) is an excellent counter to ransomware. A CASB is either an on-prem or cloud-based software that acts as an intermediary between cloud users and data.
We at Infinity Computers and Communications Company are committed to helping you implement the suggestions outlined above so you can stay ahead of hackers and avoid needless monetary losses and reputation damage in your business.