Ransomware… it’s only something on the news right?
Ransomware is a trending for of malware that locks users out of their file or device. The Ransomware then demands payment in-exchange for releasing the device. Sometimes threats are made along the lines of either deleting the data or exposing it publicly.
These attackers are smart because they leverage many social engineering pressure building techniques to manipulate people into action. Using time pressure, or count down clocks where the demand price increases based on the time taken. The fear of public scrutiny if the files are exposed are just some of the manipulation.
What’s the fuss about?
You may have heard someone at the office talking about ransomware… usually in one of those boring cybersecurity workshops. Or you may have heard about it on the news. There have been over 40 USA Counties attacked this year alone.
Ransomware is a threat to anyone who is using the internet. Yeah, that’s right anyone using the internet.
There are multiple variations of these ransomware attacks, based on what information hackers can get on you.
Ransomware is on the rise.
Ransomware attacks have increase 88% in the last 12 months.
Ransomware is now even a new business model. No, you’re not going to see “Ransomware” besides Starbucks. But you might see someone running a Ransomware business from Starbucks.
There are websites out there that allow you to buy ransomware as a service. That’s right; you pay them to attack a specific person or company. You make money by cashing in on the ransom. Scary right?
What’s clear is that with more people paying the ransom demands of these attackers. The more likely hackers are going to increase the occurrence of these crimes.
What is ransomware?
Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment to regain access. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.
How do I get ransomware?
There are several different ways that ransomware can infect your computer. One of the most common methods today is through malicious spam, or malspam, which is an unsolicited email that is used to deliver malware. These are also called phishing emails. The email might include booby-trapped attachments, such as PDFs or Word documents. It might also contain links to malicious websites.
Malspam uses social engineering in order to trick people into opening attachments or clicking on links by appearing as legitimate—whether that’s by seeming to be from a trusted institution or a friend. Cybercriminals use social engineering in other types of ransomware attacks, such as posing as the FBI in order to scare users into paying them a sum of money to unlock their files.
Another popular infection method, which reached its peak in 2016, is malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations and then select the malware best suited to deliver. Often, that malware is ransomware.
Malvertising often uses an infected iframe, or invisible webpage element, to do its work. The iframe redirects to an exploit landing page, and malicious code attacks the system from the landing page via exploit kit. All this happens without the user’s knowledge, which is why it’s often referred to as a drive-by-download.
Types of ransomware
Scareware, as it turns out, is not that scary. It includes rogue security software and tech support scams. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.
A legitimate cybersecurity software program would not solicit customers in this way. If you don’t already have this company’s software on your computer, then they would not be monitoring you for ransomware infection. If you do have security software, you wouldn’t need to pay to have the infection removed—you’ve already paid for the software to do that very job. We have noticed an increase in these types of phone calls as well. That’s right cybercriminals are not scared of using the telephone to solicit their next victim.
After you have clicked on that phishing email and clicked the link, your device becomes infected. When lock-screen ransomware gets on your computer, it means you’re frozen out of your device entirely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine. However, the FBI would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy, child pornography, or other cybercrimes, they would go through the appropriate legal channels.
This is the really bad stuff, that’s getting huge pay-days. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.
9 out of 10 attacks occur because of a phishing email.
That’s right all of these attacks start because of a phishing email was opened when it shouldn’t have been.
I use Mac, so it’s immune to ransomware.
Wait .. I’m almost done…
That’s a myth. Cybercriminals understand that people who purchase an Apple device spend more money. This created a business opportunity for these criminals to attack Apple OS devices.
The first ransomware for Mac OS was in 2016. Called KeRanger, the ransomware infected an app called Transmission that, when launched, copied malicious files that remained running quietly in the background for three days until they detonated and encrypted files. Thankfully, Apple’s built-in anti-malware program XProtect released an update soon after the ransomware was discovered that would block it from infecting user systems. Nevertheless, Mac ransomware is no longer theoretical.
Ransomware criminals are equal opportunity exploiters.
Ransomware criminals are equal opportunity exploiters. They don’t care what hardware or software you use. If they can exploit it, they will make you pay!
Even Mobile devices can be exploited by ransomware.
It wasn’t until the height of the infamous CryptoLocker and other similar families in 2014 that ransomware was seen on a large scale on mobile devices. Mobile ransomware typically displays a message that the device has been locked due to some type of illegal activity. The message states that the phone will be unlocked after a fee is paid. Mobile ransomware is often delivered via malicious apps and requires that you boot the phone up in safe mode and delete the infected app in order to retrieve access to your mobile device.
- 22% of organizations had to cease bus
- 66% have suffered a data breach.
- 35% were victims of ransomware.
Stats from Osterman Research report survey 1000 small to medium size business in June 2017
What’s really interesting is from another recent survey, 68% of CISO had no confidence in their own organization’s ability to defend themselves against a cybersecurity attack. How confident are you?
What to do if I’m infected with ransomware?
Even the FBI has endorsed the “do not pay the ransomware.” This may feel like a hard thing to do due to the emotions at the time. However, it is the better action to take.
You are able to receive some of your files using a free decryptor. Not all ransomware encryptions can be unlocked using these tools, but some can be based on the type of malware that was used.
Contact your insurance company. Insurance companies have specialists who are trained in responding to these threats and negotiation. The Insurance company is on your side, as they have a vested interest in reducing the loss of your business experiences. This also means you have the right type of business insurance for cybersecurity risks. Something it’s worth reviewing every six months at least.
How do I protect myself from ransomware?
The security community takes the position of the best way to protect yourself is to prevent it from happening in the first place.
This can be easier done than said. But there are tools out there that provide real-time scanning of your emails for malicious threats like our ChatFortress Email Guardian.
There is no perfect way to prevent ransomware. There are only steps to mitigate the risk and recovery processes. You need to ensure you are proactive with system updates and patches across every device of your network.
One of the most common ways that computers are infected with ransomware is through social engineering. Educate yourself (and your employees if you’re a business owner) on how to detect malspam, suspicious websites, and other scams. And above all else, exercise common sense. If it seems suspect, it probably is. This means you need to create a culture that is cybersecurity aware.
How does ransomware affect my business?
Firstly you’ll be affected by not being able to use your device for an extended period of time. Just imagine that not being able to do anything on your computer for 12 hours or three days? How would that impact your business?
Here are some of the names of ransomware malware that infected businesses in 2018. GandCrab, SamSam, WannaCry, NotPetya malware caused massive business loses and still continue to cause loss.
Ransomware attacks on businesses went up 88% in the second half of 2018 as cybercriminals pivot away from consumer-focused attacks. Cybercriminals recognize big business translates to big payoffs, targeting hospitals, government agencies, and commercial institutions. All told, the average cost of a data breach, including remediation, penalties, and ransomware payouts, works out to $3.86 million.
The majority of ransomware cases as of late have been identified as GandCrab. First detected in January of 2018, GandCrab has already gone through several versions as the threat authors make their ransomware harder to defend against and strengthen its encryption. It’s been estimated GandCrab has already raked in somewhere around $300 million in paid ransoms, with individual ransoms set from $600 to $700,000.
In another notable attack happening back in March of 2018, the SamSam ransomware crippled the City of Atlanta by knocking out several essential city services—including revenue collection and the police record-keeping system. All told, the SamSam attack cost Atlanta $2.6 million to remediate.
Considering the spate of ransomware attacks and the tremendous cost associated with them now is a good time to get smart about protecting your business from ransomware. We’ve covered the topic in great detail previously, but here’s a quick gloss on how to protect your business from malware.
- Backup your data. You can remediate your ransomware attack by wiping your infected machine and re-installing your data from a backup. You need to ensure your backups are stored securely and encrypted to prevent ransomware infection. This is the main target for malware.
- Patch and update your software. A lot of malware attacks compromise systems because of vulnerabilities within the software. Delaying the updates to patches which on average is 181 days creates a massive risk for your company to attack.
- Educate your end-users on malspam and creating strong passwords. If you are not sure how to protect yourself and your employees take the ChatFortress Free Cybersecurity Crash Course. Our course shares with you how you can create passwords that will reduce your risk of attack, and steps you can take to detect social engineering scams used by hackers.
- Invest in good technology. There are a lot of options for cybersecurity. These tools are being updated on a daily basis as the threat landscape evolves. Using the right tools can help protect your business.
- Invest in Cybersecurity professionals. Cybersecurity is a specific skill set and there are many elements to cybersecurity. The right professionals will help your business assess your vulnerabilities and create plans for how you can solve these vulnerabilities before cybercriminals exploit them.
Who is ChatFortress
ChatFortress is a leading cybersecurity company that is helping small and medium-size companies protect themselves from hacking attempts. Using Cybersecurity AI, Gamified cybersecurity awareness programs and providing virtual security analysts. Our goal is to help you create a cybersecurity aware culture.
ChatFortress Eliminates Bank Transfer Wire Fraud and Eliminates Email Phishing Attacks!
Helping you verify the device and the person you’re sharing wire information with via our secure chat platform. When you need to validate the person you are sending information you need ChatFortress communication. To speak with a ChatFortress Agent call (307) 999-7755. If you want a demo you can Schedule a ChatFortress demo here.
Has your username, password or PII data been exposed to hackers on the darkweb?
Complete your FREE scan using our Hacked Scan Tool which scans over 11 Billion compromised data records and the darkweb to see if your data has been exposed to hackers. We will tell you exactly which third party services exposed your data and what you can do about it. Complete your free scan now it only takes 30 seconds!