1. Blog
  2. /
  3. Cybersecurity
  4. /
  5. How to defend...

How to defend against Ransomware, the threat that holds your data and business hostage

 | 5 min read
How to defend against Ransomware, the threat that holds your data and business hostage

With contributions by Anwar Haq

Ransomware has grown to become a significant threat to organizations today, no matter the size or industry. Cybercriminals are exploiting vulnerabilities in small businesses and enterprises alike, creating short-term and long-term damage that can impact everything from your employees’ productivity to your relationship with customers.

In Canada alone, 17% of organizations¹ experienced a successful ransomware attack in 2021. In the US, over 22 million records² were compromised due to ransomware attacks in 2021, and this disruption has resulted in a dedicated government Task Force and updated sanctions³ to hold criminals accountable. In India, 68% of organizations experienced a breach4 in 2021, putting them at the top globally in terms of ransomware attacks.

“With the pandemic accelerating digital transformation initiatives, businesses of all sizes are becoming increasingly reliant on digital infrastructure and systems, making them more susceptible to cyberattacks,” Anwar Haq, Principal Security Manager of Sryas, said. “It’s not a coincidence that ransomware attacks are on the rise, becoming much more frequent and sophisticated. Developing and implementing the right cyber resilience framework for your business is no longer a nice to have, but a must-have. It’s mission-critical for organizations to adopt a preventative, multi-layer cybersecurity approach that protects multiple areas—from the outer network infrastructure to internal controls and systems.”

So, how can organizations start building this framework to shore up defences? It helps to know exactly what you’re defending against, and below are some important considerations to ensure you cover all the bases. You can also work with a cybersecurity partner to bring in the expertise and experience needed.

What is Ransomware?

As the name suggests, this malicious threat involves cybercriminals demanding a ransom in exchange for valuable data they have previously infected, encrypted, and withdrawn from an organization. A cryptographic key, which is a random string of data used in conjunction with an encryption algorithm, is needed to unlock the compromised files but will only be provided by the hacker when the ransom is paid.

This key is not only difficult and mathematically impossible to crack, but also requires a lot of resources and time, something that may not be readily available in the event of an attack. What’s more, an unsuccessful decryption attempt is risky and may result in losing the compromised files for good.

Ransomware is the malicious software that infects the organization’s system and encrypts the files. What’s one way of knowing if one of your files has been compromised? The file may have an extension that is unique to the kind of ransomware being used, such as .aaa, .encrypted., .ttt, and so on.

Attackers will commonly include files that contain the details of their demands: what ransom they want and how the organization can pay it to acquire the cryptographic key. Another important element to keep in mind, ransomware can readily spread to connected systems—making the threat even more critical and time-sensitive.

4 common ways ransomware occurs

But how do ransomware attacks even happen in the first place? Like most cybersecurity breaches, it starts with a security vulnerability, even the smallest vulnerability, being exploited. Organizations can become infected with ransomware in various ways, here are the 4 most common.

1. Phishing emails

These emails may look legitimate, from a credible sender or even from someone known to the recipient. It encourages the user to click on something, which will turn out to be a malicious link or attachment.

2. Infected websites

These seemingly innocent websites will initiate the unintended download of malicious code—a drive-by download—by exploiting vulnerabilities in the browser or browser plug-ins.

3. Fake apps

Cybercriminals create these apps with attractive features: an ad blocker, a security tool, or even live wallpapers. Once downloaded, the app will perform malicious routines that compromise the user’s data.

4. Malvertising

This involves injecting malware-laden advertisements into reputable online advertising networks and websites. When clicked, the ad will redirect the user to a malicious website or initiate a drive-by download.

Once malware gets into the organization’s system—through an employee opening an unsuspecting email or website—cybercriminals may spend a while undetected in the system to identify valuable data and files to encrypt. This is called dwelling, and it’s possible the organization may detect the breach weeks or even months after the penetration.

7 deadly examples of ransomware

While all kinds of ransomware are a cause for concern, some are more robust and deadly than usual. To put things into perspective, below are some well-known examples of ransomware that disrupted organizations on a large scale. If anything, these will show the extent bad actors will go through in order to launch an attack.

  1. Ragnar Locker – Associated with the hacking group Ragnarok, this has been plaguing service providers since 2019. It was used to demand a hefty ransom of $10 million5 in 2020.
  2. Sodinokibi – This highly sophisticated type of ransomware targets high-profile Managed Service Providers and once breached, proliferates to their customers using legitimate admin tools.
  3. UIWIX – This uses a vulnerability for the Windows OS called EternalBlue to initiate a fileless infection, which is more dangerous because it makes detection all the more difficult.
  4. Petya – This unique form of ransomware reboots the infected computer, making it inoperable and unable to boot up until a ransom is paid.
  5. CryptoWall – Creators of this ransomware6 run it like a business, making it very dangerous. They are continuously enhancing code, staying on top of trends, and developing numerous social engineering tactics to pressure victims into paying the ransom.
  6. Jigsaw – This encrypts and progressively deletes files until a ransom is paid or until all remaining files are deleted.
  7. Locky – This malware is spread using an email message disguised as an invoice, which becomes scrambled once opened. The user is then directed to enable macros in order to read the document, which will initiate AES encryption of a large array of file types.

Strengthening Defenses: Reduce the Risk of Ransomware

When it comes to cybersecurity, the key is to address existing vulnerabilities. This may involve reducing the attack surface by protecting the organization’s devices and networks. Install an Antivirus Firewall, apply security patches to all applications, and whitelist computer applications and websites. Since ransomware involves taking data hostage, it also helps to back up everything, every day for safekeeping purposes.

Another important measure to take involves the first line of defence: the users and employees. Investing in Security Awareness Training will keep everyone informed of common tactics and create a culture of vigilance. This may reduce the risk of phishing attempts, malvertising, and other stealthy ransomware strategies.

Remember to develop a Disaster Recovery Plan that’s easily accessible to everyone in the organization. While it’s important to take a proactive cybersecurity approach to ransomware attacks, it’s also crucial to have a comprehensive action plan when things go south. This plan should address the following:

  1. Immediate steps to take (e.g. shut down most of the organization’s network, Wi-Fi, and Bluetooth to prevent the infection from spreading)
  2. Involvement with local authorities
  3. A ransom policy (e.g. either pay the ransom to get files back; or don’t pay the ransom, delete all the infected files, and restore using the backup)

And lastly, develop a cybersecurity strategy that covers all bases, because it only takes one exploited vulnerability to compromise the organization. We encourage you to implement some of the suggestions above when developing a cyber resilience framework for your organization. You can also partner with a security solutions provider that makes cybersecurity an integral part of everything they do. Sryas is here to help.


About the contributors

Anwar Haq is the Principal Security Manager at Sryas. With a decade of experience, he plays a key role in transforming the organization’s Cybersecurity Services and Information Security Risk Management (ISRM) program. He has a M.Eng. is certified in PMP, NPDP, CISSP, CISA, CSSBB & ITILv3. Cybersecurity, Cloud Computing, AI/ML, and Project & Program Management are his areas of expertise.

References:

1. Perceptions and Attitudes of Canadian Organizations Toward Cybersecurity

2. Ransomware Attacks on US Businesses Cost $20.9bn in 2020

3. Ongoing Public U.S. Efforts to Counter Ransomware

4. The State of Ransomware 2021

5. Portuguese Energy Company Hit with Ragnar Locker Ransomware

6. The State of CryptoWall

About the author

Fiona Villamor

Fiona Villamor

Fiona Villamor is the lead writer for Sryas, a global technology company that delivers powerful insights and business transformations at scale. In the past 10 years, she has written about big data, advanced analytics, and other transformative technologies and is constantly on the lookout for great stories to tell about the space.

Share this post

Subscribe to the Innovation Digest

Get exclusive data & tech insights delivered to your inbox.

Related articles

How to integrate customer 360 faster

How to integrate customer 360 faster

Data analytics is a complex process that demands time and effort from data scientists. From cleaning and prepping data to performing data analysis, data scientists go through an extensive procedure to uncover hidden patterns, identify

Read more »