What is Ransomware?
How does ransomware work?
Infection
Cryptographic key generation
Encryption
Ransom Demand
Once encryption is done, the ransomware will display instructions demanding a ransom payment, often threatening to destroy or publicly release your data if payment isn’t made within a specified timeframe.
If the demand is met, the attacker will provide a copy of the cryptographic key. You will be then asked to enter this information into a decryptor program provided by the attackers to decrypt the data.
However, we will never suggest accepting the criminal’s demands. Remember that you are dealing with criminals – you can never be sure that they will release your system or data even after the ransom payment. If the criminal intends to make some financial gain quickly, they might not have even taken the trouble to enable decryption. Also, making ransom payment gives a signal that you will be willing to pay in future attacks too. Agreeing to ransomware demands will only encourage cybercriminals more.
Popular Ransomware Variants
Akira Ransomwar
RansomHub
8Base Ransomware
Chaos Ransomware
MedusaLocker
MedusaLocker continues to evolve, with new variants emerging in 2024. It typically encrypts files and demands a ransom for the decryption key. MedusaLocker is known for its persistence and ability to evade detection.
These ransomware variants highlight the evolving tactics and techniques used by cybercriminals. It’s crucial to stay informed and implement robust cybersecurity measures to protect against these threats.
Who Gets Attacked by Ransomware?
Ransomware targets businesses of all sizes. This means small and medium-sized businesses to enterprises of all sectors are vulnerable to ransomware.
The attackers choose their targets by different means:
How to Protect Your Business from Ransomware Attacks
1. Prevention
2. Protect
- Backup – Perform regular backups for your system and ensure that the data is stored, preferably, in multiple locations. The best way is to have a cloud backup solution as well as a local server backup. Cloud backups provide redundancy and additional protection, but ensure they are isolated (not constantly connected to the network) to prevent ransomware from encrypting them as well.
- Disaster Recovery Plan – It is also essential to have a disaster recovery plan in place for your organization. Work with a reliable IT service provider to develop, implement, and test this plan regularly to ensure it effectively responds to ransomware attacks.
- Train Employees – A lack of knowledge in identifying potential threats or inattentiveness is one of the major reasons why an attack gets through to your network. Stress the importance of being up to date on security issues. Security training for all staff should be conducted at regular intervals to ensure that they are aware of the latest threats and how to recognize and deal with them.
- Install adequate anti-ransomware - Ensure you have robust endpoint protection, anti-ransomware, and security software installed across all devices. Keep these updated to protect against evolving threats.
- Use Firewalls and Network Segmentation to block unauthorized access to your computer. Additionally, implement network segmentation to limit the spread of ransomware if an attack occurs, isolating critical systems from less secure parts of the network
- Implement Spam Filtering and Email Security – Use advanced spam filtering solutions to prevent phishing emails from reaching your employees. Consider using email security solutions that include threat intelligence and sandboxing to analyse attachments and links before they reach the inbox
- Regularly Install Software and OS Updates/Patches – Stay current with software, firmware, and operating system updates/patches to repair vulnerabilities and protect your systems against ransomware exploits.
- Enforce Strong Password Security and Multi-Factor Authentication (MFA) – Ensure that strong, unique passwords are used across your organisation, and implement multi-factor authentication (MFA) wherever possible to add an extra layer of security. Make sure that employees use different passwords for personal and work accounts.
3. Detect
4. Respond
In the unfortunate event that your system is attacked, the first step is to immediately disconnect the infected device from the network, including any Wi-Fi or Bluetooth connections, to prevent the ransomware from spreading to other systems. Next, switch off any shared drives or cloud storage that might be connected. Then call a professional IT company.
It is essential that you do not pay any ransom demand associated with the event. People who commit these crimes are unscrupulous and you should not assume that they will comply just because you have paid. In the majority of cases, they will simply disappear after a ransom is paid. Reporting the incident to relevant authorities, such as the Australian Cyber Security Centre (ACSC), is also an important step in helping to combat ransomware on a broader scale.
5. Recover
You will need to do a backup download; system restore or reinstallation if you are locked out. It would be a good idea to have a professional cyber-security service provider assist you to minimize damage and speed up the recovery process.
Ransomware attacks are merciless and affect not only businesses but also personal users. These threats continually evolve with new variants and tactics designed to bypass even the most advanced detection software. Staying informed and implementing comprehensive cybersecurity measures is crucial to mitigate the risks.
Keeping yourself one step ahead of security threats can take up a lot of your time and focus, away from your core business. Let us help you.
Computing Australia has vast experience in cybersecurity; we provide you comprehensive cybersecurity services including Security Audits, Penetration Testing, Staff Training, Firewall and Security Software supply and installation, and Recovery assistance if you have been hit with a ransomware attack. Talk to our security analyst or email us at sales@computingaustralia.group.
Jargon Buster
Phishing – is a type of social engineering where a fraudulent message is sent to manipulate the receiver to reveal sensitive information.
Spear phishing – a targeted and personalised phishing attack on a particular individual, group, or business.
Revised by Rhan Robles 09/26/2024
Added updated information
Revised by Blake Parry on 11/08/2021
Added new sections:
How Ransomware Works?
Popular Ransomware Variants Who Get Attacked by Ransomware?