October marks the 18th annual National Cybersecurity Awareness Month, and industry leaders are urged to invest time re-imagining their ability to defend against a debilitating ransomware attack.
Professionals outside the technology sector hear a great deal about ransomware when major incidents occur. But with wide-reaching business concerns on your plate, few manage to set aside enough time to understand the intricacies of a ransomware attack. The following information is guidance to help protect your livelihood and avoid being hacked.
1. What Exactly is Ransomware?
Everyday people typically do not follow computer security trends to understand how a ransomware hack occurs. But most people understand that a ransomware attack can disrupt even Fortune 500 corporations. That’s largely due to the splashy national headlines following a high-profile cybersecurity hack.
Essentially, ransomware ranks as the most popular and preferred method of infiltrating and seizing control of an organization’s digital assets. Although most companies deploy standard anti-virus software and malware detection tools, many are late to the party as cybercriminals exploit vulnerabilities.
Ransomware is a type of malicious software that possesses flexibility in terms of delivery. Hackers can deploy it through email to an unsuspecting employee who mistakenly downloads a file or clicks a malicious link. Sophisticated hackers can penetrate a network and deposit ransomware in ways only the most determined virus detection tools can identify. These types of schemes often provide digital thieves time to let the infestation spread to networks in a company’s orbit. Once the malware has been activated, cybercriminals take operational control over the entire company and demand a cryptocurrency payment – in other words, a ransom.
Those who pay the thieves are promised a decryption code to unfreeze their network. Cybercriminals do not always follow through with their promises. It’s also essential to know that 80 percent of ransomware attack victims who pay digital thieves reportedly suffered a second attack. Another 46 percent indicated their data was corrupted even after decryption.
2. What Makes a Ransomware Attack Different from Another Cybersecurity Hack?
With National Cybersecurity Awareness month here, let’s dig into the importance of understanding the different methods and nefarious goals of hackers. Nearly 550,000 computer security attacks involving ransomware were carried out on a daily basis during 2020 to the tune of $20 billion in business losses. Hackers reportedly develop upwards of 300,000 strands of malware each day to overcome inadequate or outdated antivirus software and virus detection tools. Here are some of the markers that distinguish a ransomware hack from others.
- A ransomware attack is motivated by financial gain or espionage 95 percent of the time
- A ransomware hack follows the street crime modus operandi of a kidnapping
- Cybercriminals who leverage a ransomware scheme typically negotiate a payoff
- Ransomware hackers openly take control of digital assets
- A ransomware hack deploys malware most likely through email, but could also be deployed by brute force computer security penetration, social engineering, or inserting the malicious files covertly
Among the many reasons a ransomware attack differs from other security hacks include its brazen openness and defined cycle. Other hacking schemes typically involve siphoning off or copying valuable personal information and digital assets for sale on the dark web.
These are more akin to late-night burglaries and petty theft than big-league ransomware.
3. Aren’t Just Big Companies Targeted with Ransomware?
A common misconception exists that only large corporations with resources to pay millions to cybercriminals are targeted. That notion is largely driven by media attention paid to large-sum payouts and disruption.
Many recall the recent Colonial Pipeline ransomware attack that caused widespread gasoline and diesel fuel shortages along the U.S. Eastern Seaboard. Coverage was splattered across television and print media for weeks, and the organization reportedly doled out upwards of $4.4 million to regain control of its network. Although garnering less media attention, an Acer computer manufacturer ponied up $50 million in 2021, and Kia Motors reportedly paid $20 million.
While seldom making front page news, approximately 46 percent of small and mid-sized businesses have been the subject of a ransomware attack at least once. Victims of a ransomware hack reportedly paid the digital thieves 73 percent of the time. Payments, usually in the form of cryptocurrency, ranged between $10,000 and $50,000 just over 40 percent of the time. And at least 13 percent paid over $100,000.
The lower payouts seem like good reasons to believe that small and mid-sized organizations are not necessarily on a ransomware attack hit list. However, nothing could be further from the truth.
4. Who Can be Impacted by a Ransomware Hack?
Following the Colonial Pipeline ransomware attack, Senate Judiciary Committee member Chuck Grassley released a statement that highlights the imminent threat ransomware attacks pose to companies of every size and sector.
“Ransomware does not just affect the deeper pockets of large companies like Colonial Pipeline and JBS. An estimated three out of every four victims of ransomware is a small business,” Sen. Grassley reportedly stated. “Ransomware often originates from countries with a permissive law enforcement environment that allows these cybercriminals to flourish.”
The key takeaway is that every organization, ranging from Fortune 500 companies to small and medium sized business, as well as Federal, State and Municipal government (link to new blog on municipal hacks) entities, require determined IT security defenses.
It’s important to take a proactive approach to your organization’s cybersecurity preparedness. You should always be on the defensive with constant monitoring of your IT infrastructure. This is critical. Whether your infrastructure supports a dispersed, global business or six desktops in a small law firm it’s imperative to be using the latest antivirus scanning, endpoint solution protection, cybersecurity awareness training, and malware removal tools, among others. Hackers target outfits with seemingly weak computer security and fleece them for every penny possible.
5. Examples of Ransomware Attacks
Ransomware ranks among the most destructive types of malware, and it has a long and infamous history. This brand of digital theft has been around for decades, and each generation of online criminals adds to business losses. Whether spread by email, worms, vectors, or computer security vulnerabilities, ransomware attack victims often pay without reporting the incident. The FBI confirms that few ransomware victims ever report the incident These are high-profile examples of ransomware that have plagued honest business people.
- AIDS Trojan – Considered one of the earliest ransomware files, it was transmitted via floppy disc. Victims were scammed into making a $189 payment to a Panama address. The perpetrator was eventually caught and donated the money to AIDS research.
- WannaCry – Although the payment demand ranged from only $300 to $600, WannaCry became something of a household name because it targeted outdated versions of Microsoft Windows. It’s one of the reasons cybersecurity professionals are hyper-vigilant about updating software today.
- CryptoLocker – This malware used a type of automated shakedown scheme in which victims could click through and make a crypto payment and receive a decryption key. The scheme reportedly scammed victims out of $3 million.
- Bad Rabbit – This remains a good example of how sophisticated hackers operate. So-called Russian hackers used a phony Adobe Flash update to trick people into downloading their ransomware. This also stands as a good example of why the most current and determined AV scan and malware detection tools are necessary.
- SamSam – This ransomware hack exploits computer security vulnerabilities such as weak passwords. Hackers also use tricks involving social engineering and brute force attacks to get leverage over systems.
Cybercriminals have been developing their version of next-generation ransomware attack files since almost the advent of the personal computer. Without the most proactive malware detection capabilities, organizations remain at risk.
6. How Will I Know if My Business is Hit by a Ransomware Attack?
As you’ve probably heard, “An ounce of prevention is worth a pound of cure.” This Benjamin Franklin quote is very applicable here. When asked if you would know if a ransomware attack was underway, the answer would be, “Sometimes yes. And sometimes, by the time you recognize such an attack, it may be too late.” This is why monitoring for malicious activity is imperative.
Although the cybercriminals who deploy ransomware seem to act swiftly, that perception may not necessarily mirror reality. It’s not uncommon for hackers halfway around the world to cast a wide net that includes hundreds, if not thousands, of potential targets. Bulk email strategies, called “Phishing,” send messages to random people. This low-level tactic plays the odds that at least one unsuspecting employee will click on a malicious link or download a file.
That misstep doesn’t always trigger a real-time response from the hacker to pounce on your network. In some cases, the malicious file may need time to spread. In others, cybercriminals may wait patiently as it migrates across your business network and those of others. This is why monitoring tools are important. The key point is there will likely be a window of opportunity to bring malware removal tools to bear. The earlier an intrusion is identified, the easier it is to prevent it from getting too far. That’s why being knowledgeable of the following telltale signs of a possible ransomware attack and knowing how to respond to a cybersecurity hack are crucial.
Staff members receive electronic messages that ask them to download files or click on links. These phishing schemes are often accompanied by an incentive or reason for urgency. By bringing such emails to the attention of supervisors and computer security specialists, AV software can be activated, and the malicious file purged.
When hackers breach the computer security of one station, they typically begin searching for information to overrun the organization. This may entail discovering a domain, company name and understanding the admin access of a given computer or profile. To gather this information, hackers leverage some type of network scanning tool. Discovering a foreign network scanner often means your system has been penetrated, and proactive defensive measures are necessary.
Antivirus Software Disabled
Once a ransomware attack is underway, hackers typically try to disable antivirus scanning packages. Those that are not considered enterprise-level can be sidelined with relative ease by clever hackers. If your antivirus scan or software isn’t functioning properly, the system may have been breached.
When a business system appears to repeat a behavior each day, that may indicate malicious files are hiding under the radar. It’s essential to understand that even though malware may have been recently removed, savvy cybercriminals continue to create new ransomware every day. Cybersecurity involves a chess match between honest developers protecting business networks and hackers trying to pry open vulnerabilities. Having the latest AV scanning and malware detection capabilities remains mission-critical for business survival.
Recon Ransomware Attack
Sophisticated hackers may be inclined to probe organizations by using limited cybersecurity attacks that target the computer security of only a few workstations. The point of small-scale incursions is to gather information about an organization’s ability to respond in kind and potentially repel the ransomware attack. Hackers usually expect in-house IT support teams to take a victory lap after deterring the threat. Truth be told, a tsunami of malware could be coming down the pipe.
It’s critical to promptly follow up small-scale attacks and other telltale signs with big-league AV scanning, antivirus software deployment, malware detection, and quickly close any cybersecurity gaps before you’re talking to a hacker about crypto payments.
7. What Do I Do If This Happens?
A ransomware attack causes disruption in terms of productivity, lost digital assets and can tarnish your business or brand. Industry leaders can do two specific things to protect their operations — harden your defenses and have a fallback position.
The fallback position involves diligently backing up digital files to multiple servers and hard drives that cannot be reached through the primary network. By conducting thorough backups on a daily basis and keeping them in a different location, a ransomware hacker only holds sway over yet-to-be secured data. That may put you in a position not to pay the cryptocurrency demand.
But the best defense may be investing in robust software and detection capabilities that deter threat actors. Keep in mind that hackers are obviously not hard-working individuals. They’re looking for easy money, and you can make that a non-starter.
8. How Can I Protect my Business and Infrastructure from a Ransomware Attack?
The first step to achieving determined cybersecurity involves gathering information about evolving security industry strategies and the latest technologies used to prevent breeches like ransomware attacks. There’s no better way to Celebrate National Cybersecurity Awareness Month over the coming weeks than to become more astute to the risks, like ransomware, that could impact your business when you least expect it.
You may want to consider providing a refresher security awareness seminar for your team or perhaps even conduct a network health check to identify any potential threats your business faces. We’d be happy to help you determine what would work best for your unique needs, just let us know when you’d like to talk.