The double extortion method, in which attackers steal data before encrypting and threatening to publish it if a victim doesn’t pay the ransom, was once seen as an emerging threat. Unfortunately, it seems to have now caught on. A recent study found that almost 40% of new ransomware families discovered in 2020 use this tactic.
With so many different types, businesses must keep up to date on the latest threats to protect themselves and their clients.
What’s the deal with ransomware?
Your garden-variety ransomware is a cyberthreat used to extort money, usually in the form of Bitcoin. Through a fake email or file, operators quietly gain access to a computer and encrypt data before demanding a ransom for the decryption key.
Aside from double extortion, attackers also use the tactic of intimidation and shaming. This method sees the attacker publicizing on social media that they have infected a company. These tactics can be pretty persuasive, but there are no guarantees your data will be unlocked (even if you pay the ransom).
That is why security experts warn against this practice: paying the ransom often encourages more attacks. In fact, the U.S. Department of the Treasury is taking steps to dissuade ransom payments by fining companies that make payments to known hackers.
What are the types of ransomware?
Ransomware operators have creatively come up with different ways to convince victims to pay a ransom. Four of the most common types are:
- Scareware: Uses pop-ups and intimidation tactics to elicit ransom payment
- Locker: Locks your computer, usually with a message from “law enforcement”, until a ransom is paid
- Crypto: Encrypts company files, then the operator demands payment in exchange for a decryption key
- Leakware: Publishes confidential company information on a leak site or sells it on the dark web
What are some common sources of ransomware infection?
Phishing scams are the most common form of a ransomware attack. Still, a system can be infected through other means — for example, visiting malicious websites or clicking malvertising, downloading data off of an infected USB drive, and installing malicious applications and plug-ins.
Ransomware attacks tend to follow a predictable pattern. There are three typical stages:
Stage 1: Breach
This step is usually people-powered. It takes just one person to click a bad link or open an infected email attachment to get the ransomware ball rolling. Once the ransomware gets past the gate, it begins encrypting code -rendering the gate useless.
Stage 2: Dig
Ransomware operators are all about efficiency. They don’t want to encrypt just any data; they want the information that companies are willing to pay for. After the breach, the operators dig around in your files looking for high-value data worth holding and selling on the dark web. For example, this could be sales data like purchase orders or employee information like social security numbers.
Stage 3: Demand
When the operator finishes sifting through your system, disabling antivirus software, penetrating deep into the network, and encrypting and stealing sensitive data, it’s time for the big reveal – the ransom note.
How can you detect ransomware?
In a perfect world, organizations would discover and deflect ransomware attacks before they did any damage. In reality, it’s not that easy.
On average, it takes small and medium-sized businesses almost 800 days to discover malware on their network. As you can imagine, this is plenty of time to encrypt and steal large amounts of data. Ransomware propagates quickly, and attackers are constantly deploying new strains. That’s why it’s relatively easy for operators to sneak in.
This is not to say cybersecurity tools are useless against ransomware – they are an excellent defensive line. The best way to stay safe from ransomware, however, is to avoid it in the first place. This could include teaching employees what to look out for, monitoring systems for suspicious activity, creating honeypots, and configuring email filters to stop suspicious messages from getting through.
How can you protect your business from ransomware?
Ransomware attacks may be on the rise, but there is no reason to sit back and wait to be victims. Here are nine things you can do to protect your organization’s data from ransomware:
- Backup data off-site/in the cloud and keep a copy completely separate from the network.
- Implement and enforce security policies such as email whitelists, approved applications, and access privileges.
- Stay current on patches and security updates.
- Educate employees on good cyber hygiene, and test them regularly with security awareness assessments.
- Segment your network to limit how far an attacker can penetrate and what files they can access before being detected.
- Map your attack surface and take an inventory of all assets, including mobile and personal devices.
- Conduct a security assessment with penetration testing so you see what a hacker sees and how they exploit vulnerabilities.
- Have a crisis plan in place before you need it, including documented business continuity and disaster recovery processes.
- Invest in cybersecurity and data protection technology and update it regularly to keep pace with new and evolving ransomware strains.
How can IT Weapons help?
IT Weapons has an entire staff of security experts ready to ensure you feel safe and your data is protected. We offer broad-based security assessments with options including:
- Information security posture reviews
- Network security assessments
- Vulnerability assessments
- Penetration testing
- Firewall assessments
- Phishing assessments
- Mobile/web application assessments
We also provide comprehensive data protection and business continuity capabilities, such as:
- Fully encrypted disk-based backup and archiving solutions
- Server replication and restoration
- Multi-Site failover and high-availability storage
- Disaster recovery and business continuity plan audits and consulting
A proactive ransomware strategy is crucial to mitigating the devastating impact of a ransomware attack. Take the IT Weapons Ransomware Readiness Assessment to determine whether your organization is properly prepared for a significant security event.
