There have been many major ransomware attacks in 2021. Bangkok Airways, Acer, the Brazilian National Treasury, and the Spanish government made the news this year. Here’s a look at the What are ransomware attacks and why are they on the rise?
What is ransomware?
Ransomware is a type of malware (malicious software), that holds the data on your device to ransom. If your computer system is affected by ransomware, your data and applications may be encrypted such that you no longer have access to them. At this point, the attacker demands a ransom in return for restoring access to the system. Unfortunately, in most instances, the system is not restored even after the demands are met.
In the recent past, ransomware attacks worldwide have significantly increased. A new organisation has become a ransomware victim almost every 11 seconds in 2021. Most attackers demand huge amounts of money the form of bitcoin due to the ease of online payment and to maintain anonymity. While ransomware attacks can target firms of any size, smaller companies tend to have a tougher time recovering from this breach in cybersecurity.
How ransomware works
Here’s what happens during a ransomware attack:
- Malware received
Individuals receive the ransomware in the form of an infected application as an email attachment. Typically, ransomware and other malware is triggered from phishing/spam emails.
- Malware installed
Once you download the application to your system, it installs itself on the system as well as any other accessible devices on the same network.
- Connects with cybercriminals
The application contacts the cybercriminals to generate cryptographic keys for the infected system.
- Encryption
The application crawls through your system and encrypts all the files it finds. You can no longer access any file on your system.
- Ransom demand
The application displays a message on the system stating the demands of the attack and payment instructions.
- System restoration/destruction
You may be able to restore the affected devices with stored backup data. Cybercriminals may or may not restore the system after the payment is completed. If you are unable to restore the system or meet the ransom, you have probably lost the data and information for good.
Why are ransomware attacks rising?
- For cybercriminals, this is a quick way to make a lot of money. A single application can send emails to thousands of people and there is a high chance of someone opening one.
- Malicious applications are being sent in the form of Covid-19-related information such as information regarding vaccines and sanitizers. These click-baits are more likely to hook people.
- The pandemic has caused a spike in Internet usage. This gives the criminals a wider target audience.
- It is almost impossible to track cryptocurrency transactions making it much easier for cybercriminals to hide their tracks.
- Paying the ransom (even though you may see no other choice) incentivizes criminals to find more victims to extort money. It is likely this has encouraged cybercriminals to increase the ransom amount with each attack.
Cybersecurity measures to take during ransomware attacks
While ransomware attacks can happen due to a simple mistake, they can cause significant damage to a company. By following some simple cybersecurity rules, you minimise attacks. But what would you do if your system is affected?
Step 1: Restrain the situation
Turn off the network connectivity to this system so that other devices in the network aren’t affected. Make your colleagues/staff and the IT department aware of the situation. The safest thing to do at this point would be to turn off the network completely before more devices are affected.
Step 2: Assess the systems
Analyze all systems in the network to find ones that have been affected by the malware. During this search, you could also find systems that haven’t been affected in any way. While other devices have to be restored, you can use unaffected devices to continue your business.
Step 3: Assess the backups
A good cybersecurity measure is to have a backup and recovery system in place for your organization. If you have such systems, assess their state to see if they are compromised.
Step 4: Inform the team and stakeholders
Let your staff and stakeholders know what’s happening. This could include the ransom demands, chances of recovery from backup logs, expected downtime, etc.
Step 5: Recover your systems
Using the backup logs, recover each system affected by the ransomware. The IT team should be able to run scripts to identify affected files and replace them individually as well. Conduct thorough reviews to ensure that all malware is eradicated before restoring the network.
Conclusion
With the rise of ransomware attacks, the importance of cybersecurity is now higher than ever. Taking the right measures and being aware of these threats is necessary to avoid such attacks. But you never know how or when these incidents can occur. The best measure against ransomware attacks is to have a reliable backup and recovery system in place.
Sources
- Ransomware explained: How it works and how to remove it
- 2021 Cyber Security Statistics. The Ultimate List Of Stats, Data & Trends
- Ransomware: Paying Cyber Extortion Demands in Cryptocurrency
- Why ransomware attacks are on the rise — and what can be done to stop them
- What is ransomware and how to help prevent ransomware attacks
- Ransomware protection: how to keep your data safe in 2021
