Since it was first documented in 1989, ransomware has only become far more severe, ruthless, and, most of all, prevalent. Let’s review some important statistics to remember if you are to understand ransomware and, even more importantly, avoid its impact on your business.

I hate to be the bearer of bad news, but when it comes to cybersecurity threats it’s kind of hard not to be. I used to look at it from two sides; one side is fascinated at the innovation and intensely brutal ways that high-end cyberattacks work, and the other side of me loses sleep at night worrying about these risks affecting our clients, prospects, and even my own business. This one particular classification of cyberattack, however, takes the cake for being especially frightening.

Cybercriminals fight dirty, whether it’s attacking small businesses, large enterprises, or individuals who just want to watch Netflix. It doesn’t matter who you are or what you do for the community; you’ll always be a target for hacking attacks. To save time and effort, hackers will use low-tech attacks and social engineering attacks to target individuals. Hackers aren’t developing new threats all the time; if anything, they largely use existing exploits, purchasable software, and social engineering to take advantage of people.

Ransomware has rapidly climbed to be one of the most dangerous and feared malware attacks that is used nowadays. It’s gotten to the point that, if you wish they would just stop, we can hardly blame you.

Unfortunately, there is no reason to believe that ransomware is going anywhere.

Ransomware is one of the more dangerous threats out there for businesses of all industries and sizes. To help emphasize just how dangerous it is, however, you have to look past the initial threat of having to pay a ransom and look at the other risks associated with it. We’re here to try to get the point across that ransomware is something your business should absolutely be taking seriously.

Ransomware is such a common occurrence these days that it has entered the public discourse, but we also want to note that it’s such an important topic to discuss with your team that you can never talk about it enough. We want to address some of the most common questions we get asked about ransomware and what can be done about it.

There is a lot made about ransomware, for good reason. It is quite simply one of the nastiest cyberattacks out there and it demands your attention. A lot of people understand what exactly ransomware sets out to do, but they don’t understand how it got that far and how to address the situation if they have the misfortune of being put in that position. 

We talk a lot (and we mean a lot) about cybersecurity, with ransomware getting a lot of our focus…and for very good reason. Ransomware is a huge threat that today’s businesses need to be prepared to deal with. In light of this, we wanted to share a few tips to help you avoid the negative ramifications of ransomware.

This past January, the Federal Bureau of Investigation issued an announcement that they had targeted and taken down the servers for a Dark Web organization responsible for the Hive ransomware group. While there is certainly cause for celebration here, one major statistic is enough reason to continue being concerned.

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

How Ransomware Works

Imagine for a second the surprise you would have if you tried to log into your computer and you were presented with a message telling you that your files have been encrypted and that you need to pay in Bitcoin before the clock runs out or you will lose those files forever. Then you noticed the clock clicking down. Would you panic? You probably would. That is ransomware, a particularly ugly malware that could cost you everything. 

First, it will help to briefly review how each attack works.

How Ransomware Works

Imagine if you tried to log into your computer, only to be presented with a message that your entire computer had been encrypted, and that (unless money is transferred to the perpetrator, often through cryptocurrency, within a period of time) the contents of your device will be wiped. This is precisely the experience of someone victimized by a ransomware attack.

How Phishing Works

Remember those old scams, where the target would receive an email from some nobility or long-lost relative that asked for a sizable loan or investment (all to be paid back with interest, of course)? These are phishing scams, known as such because the scammer responsible simply distributes a message and waits for someone to take the bait. As time has passed, these schemes have become much more effective - and harder to spot.

These Attacks Can Easily Cooperate 

Cybercriminals have taken to pairing these attacks together to help them take advantage of as many targets as possible. Let’s run through a fairly typical scenario that someone using both may subject you to, and how you can spot these kinds of joint efforts.

Let’s say you open your business email to find a message that appears to come from the Microsoft Support team - which, unnoticed by you, actually reads “Micrrosoft Support” in one or two places. According to the email, there’s a hugely serious security issue affecting systems across the board, which is why Microsoft is supposedly sending out these emails, with the necessary fix bundled in as an attachment.

Trouble is, this isn’t actually a fix to an issue - it’s actually an executable file that installs ransomware when you try to apply the “security fix” and creates a huge problem.

This is exactly why these two distinct attacks combine so well… by incorporating phishing strategies into the distribution of their ransomware, a cybercriminal has the ability to boost how successfully their ransomware can infect the users that are targeted.

How to Spot Phishing to Avoid Ransomware

There are assorted warning signs that a message is a phishing attempt that you should always keep an eye out for in order to protect your business. For example:

• Details are off - In keeping with our above example, how likely do you think it is that “Micrrosoft” would send out an email in which they misspelled their own name? While this is admittedly happening less in phishing emails, the same goes for the small things that are easily overlooked. Was the email in question sent from “user at example.com”? Or, was it actually sent from “user at exarnple.com?” Tricks like this are common ways that cybercriminals will try to pull the wool over a user’s eyes.
• There’s excessive urgency - To keep users from paying too much attention to the minutiae of the email - like the “off” details we just discussed - many cybercriminals will write their phishing messages to instill a sense of urgent panic. If an email starts to make you panic, collect yourself and look at it more objectively.
• There’s a link or an attachment - As the preferred means of delivering a ransomware payload or other issue, attachments or links to websites present no small amount of risk, especially if they are received unexpectedly. If at all possible, avoid accessing these without reaching out to the sender to confirm their legitimacy through another method of communication.

There are many other steps you need to take to protect your business from these insidious threats - from keeping a comprehensive backup to user training to applying spam filtering to your email. Coleman Technologies can help you implement them - give us a call at (604) 513-9428 to get started.

Variants of Ransomware
Unlike other malware threats, ransomware isn’t designed to gain access to a system to steal data outright. Rather, it’s just to convince the user to hand over some cash for the safe return of their data. Businesses struck by ransomware are in danger of losing their data and money completely, as there is no guarantee that the hacker will ever return the data, even if the ransom is paid in full. There are two different types of ransomware--“locker” type ransomware targets the CPU, while “crypto” variants go for the encryption of file systems.

It doesn’t matter which strand you contract. The basic premise is still the same. After the threat is unpackaged and executed on the user’s device or network, it encrypts access to data, processing, or both, and it gives the system its demands in the form of instructions on how to make payment. The user then has to make the decision of whether they actually pay the ransom. If they don’t, there is always the option to restore from a data backup platform, if you have one.

Ransomware is a drastically different kind of malware compared to the more traditional methods of hacking. Unlike malware that wants to keep itself hidden so it can siphon information from a computer or install backdoors, ransomware wants you to know what misfortune has befallen you. Ransomware has grown more common in recent years, and so many strains are now seen in the wild that it’s tough to keep up with. These attacks have targeted municipalities, enterprises, and other organizations, all with the goal of leeching as much money from them as possible.

How Ransomware is Delivered
Ransomware might seem like something created by only the most nefarious hackers, but in reality, it’s spread in much the same way that any other threat would be. Spam messages and targeted email campaigns can initiate a ransomware attack, either through clicking on infected links or downloading suspicious attachments. In these cases, ransomware is typically most effective against businesses that have poor network security practices.

Take spam, for example. There’s no reason your business should be dealing with messages like this on a daily basis. With enterprise-level solutions, they can be outright prevented from even entering your inbox. The same can be said about your employees. With proper training, they shouldn’t be downloading unsolicited attachments or clicking on suspicious links in emails. If you invest some time and resources into proper network security, you can minimize the odds of being infected by ransomware.

The Consequences of Ransomware
The most dangerous aspect of ransomware is the downtime that ensues because of it. If you can’t get your work done due to your files being locked down by ransomware, you’re simply wasting time. The same can be said for any employee on your network. Assuming that the entire network is now encrypted by the ransomware, your whole organization could be left with nothing to do until either a backup is restored or someone hands over the ransom. It’s generally a best practice to not pay the ransom, as there is no guarantee that the hackers on the other end will stay true to their end of the bargain.

Instead, it’s best to take preventative and proactive measures to ensure that ransomware doesn’t become a problem in the first place. A Unified Threat Management (UTM) solution is a great way to keep your network secure from external threats, and employee training can keep influences beyond your direct control (like your employees) from placing your entire business in jeopardy. It’s also imperative that your business have a continuity and redundancy strategy in place, as in a worst-case incident like a ransomware attack, you’ll want to restore affected files and systems from a time before the attack struck.

To learn more about how your organization can stay safe from malware--including ransomware--reach out to us at (604) 513-9428.