In the year, 2016, the Los Angeles Hospital (Hollywood Presbyterian Medical Center) was hit with a malware and was demanded to pay a ransom of $3 million in bitcoin. The hospital ended up paying $17,000 to gain access back to its files.
While they did have the data backed up on server, the compromised server and the backup were connected to the network at the time of the breach. So, they couldn't access the backups either. This put a lot of patients at risk. Without access to its records the hospital could not provide proper care to its patients which resulted in several deaths.
This is a famous incident of ransomware, a typical form of cyber crime. Before we throw some light on the topic let us consider some statistics.
Cost to rectify ransomware attacks as per a recent survey is $852,000 in US, £564,000 in UK and $803,875 in AU$.
So, it is evident that the financial impact of ransomware is huge. Summing up the full costs of remediation, device cost, network cost, lost opportunities and ransom paid, the final sums are eye-watering.
21% of organizations were hit by ransomware in the last year. In fact, 30 years since the first attack, ransomware now is more devastating than ever. Ransomware keeps evolving, getting faster, smarter and costlier at every turn.
Since today’s ransomware attacks combines multiple advanced techniques, to minimize the risk of falling victim we need advanced protection that monitors and secures the whole attack chain. So, let’s navigate.
In simple words, ransomware is a type of malicious software used by cybercriminals to block a user from accessing his own data. The attackers then demand a ransom from the victim to restore access to his data upon payment.
Many ransomware attacks start with a malicious email. Attackers know it only takes a mistake made by one individual to help them to get into an organization. So, the trap is laid as such.
Types of Ransomware
Mainly, there are three types of ransomware, ranging in severity from mild to dangerous. They are as follows:
Scareware
Scareware, however, is not that scary. It contains rogue security software and tech support scams. One might receive a pop-up message claiming that malware has been discovered and the only way to get rid of it is to pay up. If you do not respond, you are likely to be bombarded with continuous pop-ups, but your files are essentially safe.
Screen Lockers
The terror alert for these guys is orange. If you have lock-screen ransomware on your computer, it means you’re frozen out of your PC entirely. As you start your computer, a full-size window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your PC and you must pay a fine. The accusations may range from software piracy, child pornography or other cybercrimes.
Encrypting Ransomware
This is the ultimate threat. These are the guys who gains access of your files and encrypt them. Then they demand payment in order to decrypt and redeliver. This type of ransomware is considered so dangerous because once cybercriminals get a hold of your files, no security software or system restore can return them to you. Unless you pay the ransom – in all probable cases they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back. So you are in double fix.
What to Do in A Ransomware Attack
a) If you ever find yourself infected with ransomware, never pay the ransom. This is now an advice endorsed by the FBI. A ransom encourages cybercriminals to launch additional attacks against either you or someone else. However, you may be able to retrieve some of the encrypted files by using free decryptors. But it is advisable to go for the advice of a security/IT specialist before trying anything.
b) Other ways to deal with a ransomware infection include downloading a security product known for remediation and running a scan to remove the threat. You may not get your files back, but you can be rest assured that the infection will be cleaned up.
c) For screen locking ransomware, a full system restore might be in order. If that doesn’t work, you can try running a scan from a bootable CD or USB drive.
d) If you want to try and thwart an encrypting ransomware infection in action, you’ll need to stay particularly vigilant. If you find your system slowing down for apparently no reason, shut it down and disconnect it from the Internet.
How to Get Protected from Ransomware
According to security experts the best way to get protected from ransomware is to prevent it from happening. While there are ways to deal with a ransomware infection, they are mostly imperfect solutions and often require much more technical skill than the average computer user. So here are some recommendations for people to do in order to get protected from ransomware attacks.
a) The first step in ransomware prevention is to invest in awesome cyber security - a program with real-time protection that’s designed to thwart advanced malware attacks such as ransomware.
b) You should also look out for features that will both shield vulnerable programs from threats as well as block ransomware from holding files hostage. For example, customers who were using the premium version of the Malwarebytes for Windows were protected from all of the major ransomware attacks of 2017.
c) Next, you need to create secure backups of your data on a regular basis. It is recommended to use cloud storage that includes high-level encryption and multiple-factor authentication. However, you can purchase USBs or an external hard drive where you can save new or updated files. But make sure to physically disconnect the devices from your computer after backing up, otherwise they too can become infected with ransomware.
d) Ensure that your systems and software are updated. The WannaCry ransomware outbreak took advantage of vulnerability in Microsoft software. While the company released a patch for the security loophole back in March 2017, many folks didn’t install the update which left them open to attack. You need to change your settings to enable automatic updating.
e) Finally, you have to stay informed always. One of the most common ways that computers are infected with ransomware is through social engineering. If you’re a business owner, educate yourself and your employees on how to detect malspam, suspicious websites, and other scams.
f) Above everything else, exercise common sense. If anything seems suspicious, it probably is and be on your alert to seek the best support.
Steps To Minimize the Risks of Attack
Follow these top tips to minimize your risk of attack:
ï¶ Use multi-factor authentication (MFA).
ï¶ Use complex passwords, managed through a password manager.
ï¶ Limit access rights, give user accounts and administrators only the access rights they need and nothing more.
ï¶ Patch early and patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
ï¶ Ensure tamper protection is enabled. Ryuk and other ransomware strains attempt to disable your endpoint protection.
Future Targets for Ransomware
Three new areas where the dirty tentacles of ransomware are starting to reach are:
1. Public Cloud Ransomware – These are ransomware that targets and encrypts data stored in public cloud services like Amazon Web Services (AWS), Microsoft Azure (Azure) and Google Cloud Platform (GCP). Confusion around security responsibilities creates protection gaps that hackers are quickly to exploit.
2. Service Provider Attacks – Companies are increasingly outsourcing their IT to specialist managed service providers (MSPs) as technology and threats being dynamic in nature are growing more complex every day. Targeting MSPs enables the cybercriminals to hold multiple organizations hostage simultaneously thereby providing an opportunity to get many ransoms from one attack.
3. Encryption Free Attacks – Cyber criminals in near future shall not need to encrypt your files to hold you hostage as they realize that you will pay up just to make sure that your data do not go public.
Recovery Time
In certain cases where a well-managed ransomware recovery effort is being deployed by an experienced team, a common time frame is one to two weeks. Not all companies have the infrastructure to bear this time frame for a turnaround while being in operation. So you need to be very careful.
Get Set Go
Ransomware is not new. The AIDS Information Trojan, the world’s first cyber ransomware attack was released in December of 1989. Since then cybercriminals have continued to take advantage of developments in both technology and wider society to evolve and finesse their ransomware attacks.
So, take the guidance and advice of the best cyber security experts in the industry to safeguard your valuable data. Educate yourself as well as your employees by participating in awareness programs and implementing the security updates on a continuous basis.
As per the latest news, a ransomware group known as LockBit 2.0 is threatening to publish six terabytes (6TB) of data files allegedly stolen from Accenture during a recent cyber attack demanding a $50 million ransom. Accenture is one of the world's largest tech consultancy firms, known to serve a wide range of industries including automobiles, banks, government, technology, energy, telecoms and many more. When they are hit you are vulnerable too. So, act now.