Understanding what Ransomware is
You may be wondering why Ransomware is one of the most threatening forms of malware and how it poses a threat to you and your devices. Just by looking at the name Ransomware we can already identify what the true outcome of this malware attack is. Ransomware is an extortion software that will make its way onto your computer and lock it requesting that you send a certain amount of money somewhere before receiving access to your machine again, hence the name including “Ransom”.
Malware is a blend of the words ‘malicious’ and ‘software’ which is why the term is used to cover all malicious software that can be dangerous to the machines that you are using. Ransomware is often spread through phishing emails that contain malicious attachments and content or through drive-by downloading. Drive-by download is when a user goes to an infected website and then malware is download and installed without the user’s knowledge.
Crypto Ransomware is another type which encrypts files on your machine meaning you cannot access them, again this is spread through drive-by download along with social media and instant message applications. There are always new types of malwares, and this is no different for Ransomware. There are examples of web servers being exploited as an entry point gaining access to an organisations full network.
Challenges of detecting Ransomware
Ransomware attacks are difficult to detect, and they need little to no time to cause damage. Cybercriminals can use social engineering on unsuspecting users to install Ransomware, then using encryption algorithms they can scramble sensitive data. When a device is encrypted, Ransomware can work its way through a network and execute extremely quickly meaning that there is little to no time to respond to the threat. Often when a machine is infected the organisation won’t become aware of the Ransomwares presence until it is demanding a payment to free up the machine or device.
Signs of a Ransomware attack
Ransomware can create major damage to an organisation and stopping it in its tracks is extremely important, using some of the warning signs below you will be able to identify whether your organisation will receive a Ransomware attack.
Ransomware attacks often start from a phishing email, this is when attackers send out legitimate looking emails to unsuspecting victims but are embedded with malicious links or attachments that will download the Ransomware.
Network scanners are becoming more commonplace but can also be the sign of a cybercriminal attempting to infiltrate your network. Ensure that you know all the network scanners on your network ensuring that you can identify when a suspicious one appears.
Software removal programs such as Process Hacker and GMER can be a sign that there is a cybercriminal attempting to remove the security software, such as antivirus, from your device.
Small-scale test attacks
Hackers will sometimes run small dry runs to attempt to identify any vulnerabilities in your network before deploying and performing a full-scale ransomware attack.
Mitigating Ransomware attacks
Below are some actions that your organisation can take to help prepare for a potential Ransomware attack.
Make regular backups
By making regular backups you are ensuring that you can recover more effectively from a Ransomware attack. Having these backups are useful but you will need to make sure they are in different locations as you don’t want your backups to be on the potentially infected machine.
Prevent malicious content from being delivered
You can reduce the likelihood of a Ransomware attack through numerous methods:
- Block websites that are known to be malicious
- Use signatures to block known malicious code
- Filter to only allow file types you expect to receive
- Actively inspect content
Prevent malware from running
The measures required to prevent malware from running will vary for each device type, OS, and version but in general you should look to use device-level security features. Things like installing security updates when they are available, automatic updates for OSs are all things you can do to prevent malware from running on your devices.
Prepare for an attack
Ransomware attacks can be devastating for any organisation as it renders computer systems unusable. The following will ensure that your organisation will be able to quickly recover from an attack:
- Plan for an attack even if it seem far fetched
- Identify your critical assets and the impact on them if they were attacked
- Develop an internal and external communication strategy
- Identify legal obligations regarding reporting the incident
- Determine how you would respond to a ransom demand
What to do if already infected
If your organisation has already been infected with malware and you are unsure on what to do, the list below can give you some advice on how to limit the impact:
- Immediately disconnect the infected machines from network connections
- Consider turning off your Wi-Fi, disconnect all switches and even disconnecting from the internet is a possibility
- Reset credentials including passwords, this is especially important for administrator and other systems accounts
- Wipe infected devices reinstalling a new OS
- Install and update anti-virus software’s on unaffected machines
- Run network monitoring software and run antivirus scans to identify any remaining infection
As Ransomware is one of the most notorious and challenging malwares to detect and protect against taking the necessary precautions is extremely important. Educating your employees on common red flags, installing antivirus software and tools, and establishing system monitoring can all help safeguard your organisations system and protect your data.
If you are looking for some more help and advice on how setting up your organisation to better withstand a Ransomware attack, then please get in touch. If you are looking for an example of Ransomware in action then read our blog, Small Business latest victim of ransomware virus, to get a better understanding of what Ransomware can do to your organisation.