What is Ransomware?
Ransomware is one of many types of malware that plagues the world of technology. As the name implies, it is a type of malware that involves a ransom. Generally speaking, once ransomware infects your system, you will be unable to access your data unless you pay a ransom to the hacker(s).
Ransomware can be split into two categories: “crypto-ransomware and locker-ransomware. Crypto-ransomware encrypts an organization’s data and demands a ransom in order to have the files decrypted and safely returned”, while “locker-ransomware” simply “prevents users from accessing the files instead of encrypting them, before demanding a ransom for the data to be ‘unlocked’” (Jones). Either way, turning on your computer to be met with a “Your Data Has Been Locked” message is unpleasant. It is an ugly sight for both the average user and businesses alike. Verizon, in its 2022 Data Breach Investigations Report, identified that the “number one action type in our dataset for very small businesses are ransomware attacks” (Verizon). Smaller businesses likely don’t have the same data protections as a larger corporation, thus making them easier targets.
Ransomware is utilized by a variety of hacker groups and individual hackers, all from different nationalities. However, according to Verizon, “though this crime is not limited to one country or region”, “most prolific ransomware networks are Russian-speaking” and, “according to one industry estimate, 74% of ransomware payments were Russian affiliated” (Verizon).
What Should You Do if Infected with Ransomware?
If you find that you are a victim of a ransomware attack, Jones plainly states “first things first: don’t pay the ransom”. This is easier said than done, but it is crucial advice. Regardless of if you get your data back or not, paying the ransom has two effects. The first is that it “encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity” (Federal Bureau of Investigation). If all companies refused to pay the ransom, then it is possible that ransomware would die out, or at least die down. The second effect is that it shows that your company in particular is willing to pay a ransom for its data. If you have paid a ransom once, you may be likely to pay another ransom if your company is re-infected.
The next step is to report the attack to the authorities. This “will help authorities identify the attacker” as well as “how they’re choosing their targets”, which can “help prevent other organizations from falling victim to the same attack” (Jones). We all have to do our due diligence in working to stop ransomware attacks.
Recovery is often the immediate thought after a ransomware attack occurs. Jones states that “the best plan of action is to completely wipe all of your storage devices and start afresh, reinstalling everything from the bottom up” (Jones). It can be hard to figure out just how deeply rooted a ransomware program is. Thus, if you simply try and reboot the system, it is possible that the ransomware will be triggered again later on down the line. While it has its detriments, completely wiping the systems will be beneficial later on down the line. Before doing so, however, ensure that the authorities have all of the data they need on the ransomware.
Once you have cleaned your systems (or, as an alternative, gotten new systems), it will be time to “restore your data through backups” (Jones). Keeping frequent backups can turn a ransomware attack from a devastating catastrophe to a more manageable interruption of business. Plus, backups are useful tools for a variety of incidents, not just ransomware attacks. Finally, Jones recommends that you should “identify what caused the breach in the first place and work out what the attacker did before they managed to encrypt or lock down your data”. Verizon found that “40% of Ransomware incidents involve the use of Desktop sharing software and 35% involved the use of Email”, so it is important to ensure that these types of software are secure and being used appropriately by employees.
Will I Get My Data Back if I Pay the Ransom?
It is hard to say for certain if you will get your data back if you do pay the ransom. The Federal Bureau of Investigation states that it “does not support paying a ransom in response to a ransomware attack”, mentioning that “paying a ransom doesn’t guarantee you or your organization will get any data back”. It is, in essence, a risky gamble. You may get all of your data back, you may get some of it, you may get asked for a second ransom, or you may get nothing at all./
How Should I Protect Myself Against Ransomware?
As stressed earlier, you should “always make sure that you have a strong backup solution in place” (Jones). Backups are extremely valuable assets that should not be taken lightly. Further, having “offline backups [can] come in handy” (Verizon). Having a backup media that is not Internet-connected reduces the number of incidents that can compromise the backup’s integrity.
Another important consideration are “endpoint detection and response solutions” which “continuously monitor all incoming and outgoing traffic on a network for potential threats” (Jones). Having some sort of network monitoring setup allows for quicker detection of malicious data and can possibly prevent a breach or attack from happening. In the case that the attack still occurs, you may be able to use the network monitoring devices to find out how it entered into your system or network.
Similarly, “secure email gateways… filter incoming and outgoing email communications to identify threats and prevent them from being delivered. This can stop ransomware from ever reaching its intended victim” (Jones). These are especially important, given the statistics (mentioned earlier) that the Verizon Data Breach Investigations Report shared: “35% [of ransomware attacks] involved the use of Email”.
You can also make use of web filters. There are two types: cloud-based and domain name system (DNS). Cloud-based filters work by “filter[ing] harmful websites by scanning for malicious code and filtering harmful URLs” (Jones). DNS filters “sit between the browser and domain so that the browser can’t load any malicious sites” (Jones). Employing both of these solutions can provide a heft amount of security for your network.
Of course, there is also the traditional method: antivirus software. Antivirus software can detect and contain malicious (or suspicious) files, preventing them from running on your machine. However, they are not entirely perfect, and should not be viewed as the sole solution to stopping ransomware attacks.
Finally, one of the most important ways to defend against ransomware (and other types of malware) is education. “Education is one of the best defenses against social engineering attacks, and strong phishing awareness training solutions can transform your employees into a powerful line of defense” (Jones). Oftentimes, malware and ransomware are installed on systems due to employees falling for phishing schemes or social engineering attacks. But, if they undergo proper training, they can be more prepared for dealing with these sorts of attack vectors, possibly averting major disaster.
Resources & Further Reading
Federal Bureau of Investigation. “Ransomware.” FBI, FBI, 3 Apr. 2020, https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/ransomware.
Jones, Caitlin. “How to Recover from a Ransomware Attack.” Expert Insights, Expert Insights, 24 Nov. 2022, https://expertinsights.com/insights/how-to-recover-from-a-ransomware-attack/.
Verizon. 2022 Data Breach Investigations Report, vol. 15, 2022, pp. 1–108. Retrieved from https://www.verizon.com/business/resources/reports/dbir/.
The H.A.C.K.E.R. Project 
Leave a comment