Ransomware is a type of malware that locks a device, encrypts content on the device or web hosting and then blackmails the user to pay a ransom to regain access to its content.
And of course, devices are not just cell phones and computers, they are servers and the Internet of Things (IoT). Therefore, in case of ransomware infection (and non-existent or non-functional backups), the company loses access to, for example, invoices and customers.
This form of attack may temporarily interrupt the company’s work or production process. Depending on the business or organization, the ransomware attack is likely to have consequences for its customers , which may eventually lead them to turn to a competitor.
According to ESET , companies often consider ransomware to be the biggest security problem. However, this is not necessarily because ransomware attacks are more common than other forms of cyber-attack, but because such attacks are often widely publicized.
Thus, even someone who has never experienced an ransomware attack can realize that such cyber attacks pose a serious threat.
How does Ransomware get into the PC?
The most common way an ransomware attacks a computer is through phishing, in which “suspicious” emails are sent to users, camouflaged in newsletters from banks or other entities, with attachments, url links and text.
In such a case, the ransomware infects the PC the moment the user decides to install the “unknown” program requested! With the installation, the user gives the program permission to gain administrator access and therefore complete control of the device.
* More aggressive hosting programs – such as NotPetya – take advantage of vulnerabilities in the operating system and attack the system without requiring user access.
Files appear as “inaccessible” and can only be restored by providing the decryption key held by the ransomware developer.
Another way of cheating is when the victim receives a notification from a Security Agency (eg Police, Cybercrime Prosecution, etc.) to be fined for violating the law by engaging in illegal online activities, such as the presence of pornographic software, software. etc. In this way, the perpetrators “persuade” the users much easier to repay the price and automatically avoid the alleged denunciation of their action to the Authorities.
In the same context, in order to immediately pay the ransom “hostage” and at the same time to silence this criminal act, the perpetrators resort to the so-called leakware or doxware, in which sensitive personal data of the user is stolen, threatening to be made public, if not the necessary amount is deposited.
Who is at risk from the “hostage” of files and data?
Perpetrators usually select their victims, based on the security strength of the system. An educational institution may not have invested time and money in setting up an impregnable security wall for its digital activities, which include a large volume of files and data that are distributed throughout the day.
In addition, organizations that have a large amount of sensitive information – such as government agencies, medical laboratories and pharmaceutical companies, law firms, etc. – in case of “hostage” of their data, they are more likely to mobilize to repay the price, for their immediate security.
Email remains the most common form of ransomware infection
While ransomware infection often starts with a click on a suspicious link or fake invoice, ESET has found that email remains the most common method of distribution in a two-step process, with a download program delivered first, followed by ransomware as secondary infection.
The need to raise employee awareness about safety
It is not clear whether successful ransomware attacks are due to the ability of the attackers or the negligence of employees. Some types of ransomware are highly sophisticated, while others are not.
The risk of ransomware infection is one of the many reasons why companies should focus on educating their employees on cybersecurity so they know what links to click and what to do if they have already done so. some security mistake.
Unequal distribution of investments in security issues
Some companies spend hundreds of thousands or even millions of dollars on various advanced security solutions, but not a few thousand more on well-trained staff who will be responsible for developing and managing network security measures.
Instead, companies often choose to acknowledge that there are security vulnerabilities and make this decision because they do not expect to be attacked by ransomware.
The basic rules to follow
According to ESET, the basic rules you need to follow to avoid data loss are:
- Make frequent backups of your data and keep at least one full backup offline.
- Keep all your software – including operating systems – repaired and up to date.
However, holistic coverage should be the first goal of any comprehensive cyber security strategy. This starts with a reliable and multi-layered endpoint protection solution , followed by continuous maintenance and best security practices.
FOR HISTORY: In 1989, the first ransomware attack was carried out with… the postman
The first documented case of ransomware occurred in 1989. It was called the AIDS Trojan and spread through thousands of floppy disks sent by mail. These diskettes reported that they contained a database of AIDS and the risk factors associated with the disease.
In fact, the floppy disks contained malware, which disabled users’ access to much of the contents of the hard disk. The AIDS Trojan demanded a ransom (or, as the message called it, a “license payment”) of $ 189, which was to be sent to a post office box in Panama. Responsible for this ransomware was considered Dr. Joseph Popp.