The What, Why, How, and Prevention of Ransomware Attack

Research and publishing company Cybersecurity Ventures has predicted that by 2031, ransomware will cost its victims over $265 billion annually, with a new attack happening on a business, consumer, or device every two seconds. To put it in perspective, that's a new attack every time you pronounce the word "ransomware."

But what is ransomware? And why is it believed to be the fastest-growing form of cybercrime?

Ransomware is a type of malicious software that holds your device and data captive. Following the thread of traditional hostage-takers, cybercriminals gain access to your computer, encrypt your data, and lock you out of your device until a certain amount of money or ransom is paid. These cybercriminals extort their victims, often threatening the destruction of the victims’ data or its release to the public.

A Look at Two Cases

One of the biggest cyberattacks we've seen in the past year involving ransomware was the attack on Colonial Pipeline, one of the largest pipeline systems in the United States. The strike, which forced the company to shut down its pipes and lead to fuel shortages in the southeastern states, was only resolved after the company paid the requested ransom of $4.4 million (75 bitcoin) with the help of the Federal Bureau of Investigation. Although authorities were able to recover $2.3 million of the cryptocurrency ransom, the remaining $2.1 million that the hackers ran away with is still an eye-watering sum that cannot be ignored.

In the same month, JBS USA, one of the biggest meat suppliers in the U.S., also became a target of a ransomware attack, forcing its five largest beef plants to halt their operations. In the end, JBS paid $11 million to cybercriminals to avoid further disruption of its production.

Ransomware involves big money; cybercriminals are aware of this, and in this digital age, are only emboldened to get greedier and more aggressive with their schemes. While the cases above have involved huge conglomerates, be warned that your regular individuals and small businesses are not shielded from such ransomware attacks.

Best Practices to Prevent Ransomware

Prevention is the best intervention. Before scrambling to figure out what to do in the advent of a ransomware attack, these best practices can help you steer clear of becoming a target of cybercriminals.

Educate Your Employees

In the ways of cybersecurity, ignorance is not bliss. Awareness of basic cybersecurity, from as simple as implementing strong passwords to being knowledgeable of email safety, can go a long way in protecting yourself and your business from cyberattacks. By fostering a culture of awareness, your staff is made aware of the ways to best safeguard their devices from different cyberattacks, as well as its perils and costs.

Keep Your Operating Systems and Other Software Updated

There are many ways to infect devices with ransomware, but the FBI's Internet Crime Complaint Center (IC3) Internet Crime Report 2020 has identified software vulnerabilities as one of the most common.

With this said, don't ignore that annoying reminder from your device that it's time for an OS update. In the middle of the day, while you’re buried with work, sure that ping from your computer can be quite jarring, but a few minutes of updating your OS and other software cannot compare from thousands of dollars lost. These updates usually include patches that fix or improve security vulnerabilities in your operating system or software.

Think Before You Click

According to Datto's Global State of the Channel Ransomware Report, the top four leading causes of ransomware attacks reported by managed service providers (MSPs) are phishing emails (54%), poor user practices and gullibility (27%), lack of cybersecurity training (26%), and weak passwords and access management (21%).

Phishing is an online scam wherein cybercriminals use a real-looking email to get users to click on a suspicious link, which provides cybercriminals with the users’ sensitive information, such as their passwords, bank accounts, and more.

If your company uses Microsoft 365, you can protect your email attachments and verify URLs in emails through Microsoft Defender's Safe Attachments and Safe Links.

Back Up Your Data

Always keep your important data backed up, protected, and stored offline. The Center for Internet Security's (CIS) Multi-State Information Sharing and Analysis Center (MS-ISAC) believes that backing up your data "is the single most effective way of recovering from a ransomware infection." When a ransomware attack happens, the victim can delete their infected files and restore data using their backup copies.

Can You Get Rid of Ransomware?

It is possible to remove ransomware, but not always. As highlighted above, it is important to keep your data backed up. One way to remove ransomware is by deleting the malicious or infected files from your device. However, this would be difficult to do if you have been locked out by the hackers from your device.

If you happen to not have any backups of your data, you can consider looking at online tools to try to decrypt the files. The MS-ISAC recommends the NoMoreRansom Project, which has decryptors for different ransomware variants. Another option that the MS-ISAC recommends is to rebuild your network from the ground up.

Should You Pay the Ransom?

In the event of a ransomware attack, you'd probably feel harried and pressured to succumb to the ransom demands of cybercriminals. But these adversaries are never to be trusted and paying the ransom does not guarantee that access to your device and data will be restored.

The FBI does not encourage victims to pay the ransom, as this may only motivate cybercriminals to engage in more ransomware attacks and fund other illegal activities. Victims are instead urged to report ransomware attacks to their local authorities.

The Hong Kong Police Force also does not recommend paying any ransom and has advised the public to seek police assistance should it happen.

On the other hand, the MS-ISAC recognizes that paying the ransom may sometimes be the last resort or only available option for enterprises. Paying the ransom, in this case, becomes a critical business decision and must only be considered if necessary.

Uniserve IT Solutions for Your Security Needs

Be one step ahead of security threats by partnering with Uniserve IT Solutions. Reduce your chances of being targeted by cybercriminals with our IT security services, which provide businesses with the best tools to safeguard their systems, ensuring a fast, effective response in the event of cyberattacks. Contact Uniserve today to know more.