22-0816/

Blog

A brief guide to Ransomware

22-0816/
  • Allgemein

Ransomware attacks are one of the most dreaded forms of security threats that haunt businesses and government agencies worldwide. These are easy to launch and are extremely effective because all it takes is an email with a malicious attachment. Sometimes, attackers get creative and schedule a fake interview with the target organization’s employee and demand the installation of a software application during the interview process. They do so because they know that the candidate would be using the target company’s laptop.

Before anyone realizes it, the damage is done, and business operations are disrupted or suspended indefinitely. This affects the company’s goodwill, besides causing downtime and inconvenience that can even threaten lives. The  WannaCry ransomware attack on the NHS cost £92 million pounds in 2017 and was a warning bell for healthcare providers worldwide. In 2020, Universal Health Services (UHS) lost $67 million US Dollars in a Ryuk ransomware attack.

Speaking of other government agencies, the US alone witnesses a 62% year-on-year surge in ransomware attacks. In fact, the US had to produce a list of critical infrastructure in the US-Russia Summit at Geneva to safeguard its public office and citizen-centric critical infrastructures that were targeted by Hackers. So, how do the threat actors pull off this dirty job? Let’s find out.

What is a Ransomware Attack and how is it launched?

As the name implies, the ransomware attack involves malware and ransom. It begins with conspicuously introducing malware into a closed IT environment, which has critical data. This could be a government agency, business, or any professional services provider whose operations would be disrupted if they lose access to the data.

The malware is introduced by tricking the target’s employee into downloading it either by transmitting it through an email or by using some other means. After the malware is introduced, it encrypts the organization’s proprietary data, and to regain access, the victim must pay the ransom, often within a short span of time. Most attackers threaten to permanently destroy encrypted data if the time limit is not adhered to.

Therefore, panic-struck businesses end up paying the ransom to regain access and resume operations. In the healthcare or financial services sectors, losing access to data could be devastating. The ransom is almost always demanded in Bitcoin because cryptocurrencies are hard to trace and can be stored in cold wallets for any period of time. Sometimes, the cryptocurrency is spun around before it is exchanged for fiat currency and that again makes it extremely difficult to trace.

Final takeaway

Ransomware attacks are not going to stop anytime soon and no matter the size of a business, it is at risk of being attacked. From a 5-person construction firm to a thriving e-commerce business with a workforce of over 30,000, every business is susceptible to ransomware attacks. The only way to protect your business or organization is by adopting a three-step approach — prevention, containment, and data backup.

Preventive measures include installing email filters, security tools, and educating your employees about the risks associated with downloading emails and applications from unreliable sources. Containment refers to the remediation plan that must be followed in case the worst happens. While that is being done, the periodic backups keep the business going.