HOW TO PREVENT A RANSOMWARE ATTACK?
A COMPLETE GUIDE FOR PROTECTING YOURSELF AND YOUR BUSINESS
Ransomware attacks are on the rise and hit the news now and then. People and organizations fall victim to ransomware attacks before they know it.
Whether it’s local government entities, school districts, healthcare providers, or private companies, no one is safe from these attacks.
Learning about ransomware and how to prevent them is crucial for organizations and individuals.
In this article, we’ll learn about ransomware and some examples of ransomware attacks, how we can detect it, and how to prevent a ransomware attack.
Table of Contents
What is Ransomware?
Ransomware is a type of malware that blocks access to a computer system, or important files in a computer system. Cybercriminals use ransomware to encrypt a target device or important data, only to ask for a ransom in exchange for the decryption keys.
How Does Ransomware Work?
Generally, ransomware infects a computer system and blocks the user by encryption or other means. The encrypted data can then only be accessed through a decryption key, which can be obtained by paying the attacker.
The victim is given detailed instructions on
- How to contact the attacker
- How to make the payment (usually in cryptocurrencies)
- How to obtain the decryption keys
- How to use the decryption key to regain access to the lost data.
Types of Ransomware
New strains of ransomware are being developed every day. However, all of them can be categorized under the following categories:
- Locker Ransomware
This type of ransomware locks the user out of their computer during an attack. Locker ransomware typically doesn’t damage any of the files and causes the least amount of damage.
- Crypto Ransomware
Some ransomware uses a technique called cryptovirology-extortion, where cybercriminals encrypt important data of a device and threaten to permanently delete the files. These are called crypto-ransomware.
Scareware acts like locker ransomware, the only difference is that this type of ransomware would also fill the screen with lots of popups or banners claiming that your device has been infected with serious malware and the hackers can get rid of it with a small fee.
- Ransomware as a Service (RaaS)
RaaS or Ransomware as a Service is a business model sold to cybercriminals with low technical knowledge. Professional hackers carry out the distribution, attack, recovery, and ransom collection for a cut of the total extorted amount.
A Leakware/Doxware threatens to release stolen data in the public domain unless a ransom is paid. This type of ransomware usually targets businesses as they don’t want their data to fall into the wrong hands.
Examples of Ransomware Attacks
Most ransomware attacks are conducted with only one goal in mind, money. That’s why companies are the primary targets of ransomware attacks.
It's difficult to pinpoint the frequency of ransomware attacks as most of the time victims pay the ransom to solve the issue. Even though paying the ransom without notifying the authorities is a bad idea.
The attackers are aware that companies store crucial data necessary to keep the operations running smoothly, giving them a chance to demand a large amount of money within a short period.
However, sometimes competitors or rival companies perform ransomware attacks to cripple the competition.
Here, we’ll mention some notable recent ransomware attacks:
The Habana Labs Incident
On Dec 13th, 2020, Habana Labs, an AI processor developer owned by Intel was reported to be a victim of the Pay2Key ransomware attack. The hackers stole compromising business data and leaked them online.
The leaked data included sensitive code and various business documents.
The Shirbit Insurance Incident
On Dec 1st, 2020, Shirbit Insurance, an Israeli insurance provider became a victim of a ransomware attack. The company serves many government employees. After the report was published, it was revealed that a group called Black Shadow was behind the attack.
The group initially asked for 50 Bitcoin for not exposing the company’s sensitive client data. However, as Shirbit refused to pay the ransom, the price rose from 50 BTC to 100, and later to 200 BTC.
The Foxconn DoppeelPaymer Incident
Another notable ransomware attack happened on 29th November 2020, where the victim was none other but the electronics giant Foxconn.
The company was infected by the DoppelPaymer ransomware. According to a report published in Bleeping Computer, the attackers demanded 1,804 BTC, which equals over USD 34 million. And they promised to provide the decryption tool once the payment was confirmed.
The attackers claimed that they had successfully encrypted almost 1200 servers and stole 100 GB of Foxconn’s unencrypted files. They also claimed that have deleted 20-30 TB of their backup data. That’s right, 20-30 TB of backup data.
Another thing worth mentioning is that recovery from ransomware attacks is a long and critical process. Tracking down the attackers is also a difficult task as they demand a ransom payment in bitcoins since cryptocurrency is untraceable.
How to Prevent Ransomware Attacks?
At this point, you get a clear picture of how deadly ransomware can be for companies and individuals. Here, we'll discuss some ransomware prevention methods to minimize your chances of a ransomware infection:
NEVER Click Random Links
Don’t let random links become ransom links. Never click on links that are from untrusted contacts or websites. Also, avoid downloading content from random websites as they can be laced with ransomware or other types of malware.
Don’t Open Random Email Attachments
Always confirm the senders’ authenticity. If you suspect that the contents of the email are unusual, then contact the sender directly to confirm the content’s authenticity.
Avoid Giving Away Personal Information
Many hackers use social engineering to extract personal information from victims online to send tailored phishing emails. Avoid discussing personal information online. Do not reply to calls, texts, or emails from unknown individuals asking for any of your personal information.
Use Up-to-Date Devices
Keeping your devices updated can be the difference between avoiding a ransomware attack and falling victim to it. Most ransomware infections take advantage of older hardware running out-of-date operating systems or software.
Always keep your devices, drivers, operating system, and software up-to-date to protect yourself against ransomware and other types of malware.
Install Antivirus/Anti Malware Software
Using anti-malware software is one of the best practices to ensure ransomware protection. Anti-malware software can detect and prevent ransomware before they cause any damage to your systems.
Antivirus software will also monitor network traffic and block any malicious software that might be lurking in your systems. Most antivirus software would download security updates regularly to keep their database updated, so they can protect you from even the latest security vulnerabilities.
Don’t Plug-In Unknown Storage Media
Cybercriminals would sometimes place infected devices in public places to trap people with ransomware. NEVER plug a random storage device into your computer, as they can be infected with ransomware and other malware. Be careful of storage devices bought from other people as well.
Avoid Connecting to Public Wi-Fi
Public Wi-Fi networks tend to lack security, which means your device is more vulnerable while using it. But if you ever find yourself in a situation where you have to use public Wi-Fi, make sure to use a VPN. Using a Virtual Private Network will hide your device from hackers and keep your browsing private.
Keep Backups of Important Data
Back up your necessary data. In case of a ransomware attack, you will be able to recover your important data from the backup, even if they get deleted or encrypted, you won’t have to worry about losing your data.
Provide Awareness Training for Employees
Ransomware awareness training for employees can be a great way for ransomware prevention in organizations. Teaching employees about basic security practices can help them secure their systems, keep backups, and report suspicious activities.
What to do if you are under attack?
Being in cyberspace constantly puts you in the crosshairs of cybercriminals. If you ever experience a ransomware attack, the best course of action is not to freak out and keep your calm.
When you’re under a ransomware attack, every second counts and every decision you take is crucial. So it’s important to make sure that you’re not taking any drastic action, and make sure that every step you take is well thought out.
Now, there are two possible ways for things to go sideways in an event of a ransomware attack:
- You find yourself locked out of your system or data. Then you find a notice or some form of communication from the attacker demanding the ransom. You start negotiating with the attacker and end up upsetting them, resulting in the slightest opportunity to recover your data and find them leaked online.
- On the other hand, you might end up paying the ransom, but never getting the decryption key.
Responding to a ransomware attack is a multi-layered approach, and the best way of responding to a threat like this is to get help from a professional negotiator. But before that, here’s a systematic approach that you can follow to restore your systems: