What is ransomware? A detailed explanation of how your business can get infected by a malware and what to do if your data is encrypted.
What is ransomware?
Ransomware is considered one of the worst problems you can encounter on the web. It is a malware (malicious software) that encrypts documents, photos, videos, and other information on your personal computer or across a network. The cybercriminals who designed the malware, in turn, demand payments (Ransom) from their victims before they can gain access to their data again.
This attack usually starts from one person within the company opening an infected attachment, and that spreads it across the network. Imagine, walking into the office on Monday, and all your vital documents are encrypted, that can be a pain for most businesses. Cybercriminal made over $1bn in 2016 from ransomware attacks. Not all companies were able to pay on time, so they lost their data permanently. Thousands of other businesses were held hostage for a number days until they can pay the ransom.
What will a ransomware attack cost you?
At first, the cost will boil down to the amount (ransom) demanded by the attackers. The amount, of course, depends on the type of ransomware or the size of your business. The most common amount paid by small to medium businesses is between $700 and $2000. This might not be huge money for some companies but imagine targeting hundreds of firms and demanding the same amount. That is a lot of money at the end of the day. For some businesses, it is not the ransom asked for that scares them, it is the downtime to their business. Imagine the harm having your business data encrypted for a whole week can do to your business. Having paid the ransom, you will now be regarded as an easy mark for future exploits. The cost here is not just the ransom but the additional price associated with upgrading the security of your system. Customers usually find it difficult trusting you with their data if you’ve been a victim of ransomware attack.
Should your company be worried about a ransomware attack?
Absolutely! One ransomware attack can ruin an excellent business. Imagine how not being able to access your vital business documents can affect your bottom line. Recovery from an attack can take up to one week or even months to be complete, and that sums up into a significant loss in revenue. A cleanup period after regaining access to your data is required following a ransomware hostage. All these put together will negatively affect the trust customers have on the business.
How does a computer get infected with ransomware?
The most obvious point of entry is through phishing emails sent to unsuspecting victims asking them to take some actions like download a file or open an attachment. Since employees receive hundreds of legitimate emails on a daily basis asking them to do precisely the same thing, they are now wired to take these actions without thinking. They try to make the emails as enticing as possible including offers that recipients will find irresistible. Once the victim has taken action in the email (download or open an attachment) they are encouraged to view the files and once opened, the malware encrypts the system leaving them a note demanding a payment.
Malvertisment is another scheme used by hackers to infect a computer. They put out an advertisement with a link to an infected website, and once the victim visits the site, their system is automatically affected.
Who are the primary targets of ransomware attacks?
Businesses of any type and size can be a victim of ransomware attack. Small to medium-sized companies are easy targets because they appear not to have enterprise-grade cybersecurity like other more prominent organizations. Some small businesses don’t worry about ransomware attacks because they think they are too small to be a target. However, this has been shown to be false because hundreds to thousands of small businesses have been successfully held hostage by cybercriminals for months pending the payment of the ransom. Some companies closed their doors following a ransomware attack because customers couldn’t trust them anymore with their data.
Another easy target for most attacks is the healthcare sector because losing assess to their data can be life-threatening to their patents. Hollywood Presbyterian Medical Center in Los Angeles was a victim of locky ransomware, and they paid the ransom to gain access to their data because they didn’t want to be the reason for the loss of lives. Educational sectors are sometimes targeted.
The most recent was the University of Calgary that paid about $20,000 in ransom to hackers who encrypted their data. Enterprise level businesses are also targets of this malware, remember the attack on a car manufacturing company Renault in 2017.
Why is ransomware attacks successful?
The answer is simple: victims respond to it. Having an antivirus system doesn’t stop your network from falling a victim because it only takes one careless user to let the hackers into your system. The malware can encrypt the documents on the system within seconds of infecting the machine. Companies whose essential materials have been affected tend to pay the ransom, and that is why cybercriminals keep attacking similar businesses. When companies stop paying the payment, the hackers will stop attacking them and probably find another way to earn illegal money. At the end of this article, I will show you ways to avoid paying the ransom and still regain access to your data in minutes.
How do you prevent an attack on your business (Anti ransomware)?
Email remains the most popular vehicle for attacks, so the first step will be to train your employees on how to spot red flags in emails and other anti ransomware techniques. There are lots of cybersecurity companies that offer anti ransomware training. There are also some antiphishing software applications out there to help you prevent malware attacks. Write down a clear security protocol for your employees to follow when dealing with company data. This will go a very long way in preventing an attack a successful attack on your data.
Investing in antivirus and anti ransomware software is also advisable because that will go along way in informing you of the presence of some malicious files in your system and most cases will go ahead and remove them.
Backing up files is also an important preventive step to be taken. This won’t prevent an attack, but it guarantees you will always have a copy of your data to fall back to if the originals are encrypted. This is a free anti ransomware technique provided your backup files are not affected.
How long will it take you to recover from an attack?
A successful ransomware attack can cripple a business for a very long time. If the entire network is encrypted, it means that no work can be done until the system is up and running. For a company that has a backup copy of their data, recovery can take days to weeks depending on the size of the organization.
Following recovery, there is also a period of restoration that the company must go through in other to restore the full functionalities of their systems. Most businesses experience a dip in their bottom line following a ransomware attack because most customers don’t want to do business with them anymore.
How to remove ransomware without paying the ransom?
In 2016 “No More Ransome” initiative was launched to answer the question “how to remove ransomware”, and the goal was to offer free decryption tools for ransomware victims to regain their data without paying any ransom. They started by providing four tools, but they’ve increased the numbers to 52 decryptions tools.
V2 Cloud – Anti ransomware solution for small businesses
V2 Cloud offers a workaround solution (anti ransomware) to a ransomware attack. The V2 Cloud system takes a daily snapshot of your data and keeps a seven days history of the replica in an offline location. In the event of a ransomware attack, you can revert your system to the previous day and regain access to your data by flipping a switch. Having your data stored on V2 Cloud means no company information will be on employee devices. Everything is securely saved in the cloud while they have remote access to the data. Even if ransomware attacks their machines, it will not encrypt or affect your data. V2 Cloud is answering the question of how to protect against ransomware with anti ransomware.
V2 Cloud Snapshots Screenshot
Should you pay the ransom?
This is a question that doesn’t have a clear answer. Some people say that paying the ransom is the fastest way to regaining your data and keeping it quiet. Others argue against paying, citing that it will encourage the criminals to continue exploiting other victims.
Whatever side you take in this debate make sure your business doesn’t become an easy mark for ransomware attackers. This is because if it becomes public information that you paid a ransom other criminals will target you for easy money.
What are the most popular types of ransomware attacks?
There are different types of ransomware, some have been successful more than the other, but the most important thing to note is that ransomware is always evolving. Let’s look at the known forms of ransomware attacks:
Locky – Considered the most notorious ransomware because it attacked companies across the world in 2016. It famously infected a hospital in Hollywood and demanded payments to have the hospital’s network restored. According to media reports the hospital paid about $17,000 to get rid of the encryption.
To avoid detection by some antivirus programs, locky updated its code and functionality continuously. Although very dangerous, locky has been quiet for some time.
Cryptowall – It started as an apparition of cryptolocker and has successfully affected some organizations for an extended period. It avoids detection by regularly updating the code.
Cerber – It infected thousands of computers in just one month. The developers of this ransomware sold the code on the dark web so that other criminals can use the code for attacks and in return pay them 40% of the ransom they receive. Cerber surpassed locky as one of the most dangerous ransomware because the developers are continually adding new features to ensure its prolonged success. At the moment, there is no decryption tool available that can help with Cerber infected PCs or network.
SamSam – Another type of ransomware that was notorious for charging victims thousands of dollars for the decryption key. The developers of SamSam did send phishing emails like locky and Cerber instead they found unsecured systems used them in spreading the malware.
WannaCry – The most significant attack reported is ransomware WannaCry. It was a global attack that happened in 2017 with the cybercriminals demanding a ransom worth $300 in bitcoin to unlock the encrypted files. The attackers threatened that the victim’s data would be deleted if they don’t pay within seven days. Over 300,000 computers were compromised in more than 150 countries. Russia, China, and Car manufacturing company Renault suffered the most. The victims of ransomware wanna cry all had one thing in common: they were all using unsupported versions of Microsoft Windows, including Windows XP, Windows 8, and Windows Server 2003.
It exploited a known software vulnerability called EtenalBlue which was a Windows flaw leaked by the Shadow Brokers hacking collective. Microsoft later released a patch for the vulnerability but only for the latest operating systems. North Korea was singled out as the perpetrators of the ransomware wanna cry attack in a report published sometime in December of 2017. Although they denied the accusation, calling it “absurd.”
WannaCry Ransomware Note
Petya/ NotPetya – A few weeks after WannaCry, the world was hit by Petya ransomware. The prominent target was Ukraine, Russia, EU, the US, and Australia. At first, there was some confusion as to what the malware was, but later some researchers at Bitdefender concluded that the malware was a modified version of Petya ransomware combined with GoldenEye. This attack was very vicious in the sense that it not only encrypted data, it also encrypted the entire hard drives thereby preventing the computers from loading the operating system. The developers choose a non-automated payment system for collection of the ransom making it evident that the attack was not motivated by money. It was speculated that the aim was to wipe out data from the infected computers permanently. Russia military was accused of the attack, but they denied it.
Bad Rabbit – This was another high profile malware attack in October of 2017. Organizations in Russian and Ukraine were hit the hardest. The attackers infiltrated many computers through files downloaded from compromised websites. The malware pretended to be a flash update and when unsuspecting victims clicked on it dropped the malware on their machines. It exploited the EternalRomance SMB vulnerability instead of the usual EternalBlue.
You should keep an eye for the continuously evolving ransomware trends. The new variants of the malware engage in not just data encryption but also in stealing and weakening affected machines in preparation for feature attacks.
Contact V2 Cloud today to find out how to protect your data from ransomware attacks.