Last Updated on May 27, 2021 by Calvin C.
Ransomware attacks are on the rise and hackers are getting better in executing successful attacks. Businesses have lost millions to cybercriminals after paying a ransom to access their encrypted data or locked systems.
How a ransomware attack occurs
A ransomware is a form of malware that cybercriminals use to hinder you from accessing your own data until you pay a ransom, usually using non-traceable means like cryptocurrency.
According to Statista, the number of ransomware attacks hovered around 200 million from 2017 to 2019, but in 2020 this figure jumped up to 304 million.
The rise in ransomware attacks in 2020 is attributed to an increase in the number of businesses that rely on remote work due to COVID-19 restrictions.
If an organization has poor IT hygiene, this is magnified when employees use home networks to connect remotely to their workplaces.
You can read more about dangers of working remotely in one article I wrote and how you can stay safe.
The Colonial Pipeline attack
According to CNBC, Colonial Pipeline was hit by a ransomware attack early in May 2021, forcing it to shut down 5500 miles of pipeline in the United States, thus affecting gas delivery in South-Eastern states.
The FBI blamed the attack on a criminal gang named Darkside, originating from Eastern Europe and Colonial Pipeline reportedly paid a ransom of about $5 million dollars to the group.
Darkside and affiliates received a total of about $90 million dollars in ransom over a period of 9 months from 47 victims, with an average payment of $1.7 million per organization.
How a device or network is attacked
The commonest way in which ransomware is introduced in a device is via phishing emails or email attachments.
Once the user is tricked into downloading and opening the attachment, the ransomware is executed.
This takes over the computer and that way blocks the victim from accessing it.
Only the attacker has the key needed to reverse the process so the victim is forced to pay the ransom.
Variations of the attack may occur but encryption of files has the greatest success for attackers.
In other variants of ransomware attack, the attacker threatens to leak sensitive personal information (leakware) or take confiscated, potentially embarrassing files to the authorities.
Since these other forms of attack require extra resources to find and extract that information, attackers opt for the easier and more effective encryption ransomware.
Who is at risk?
Attackers mainly prey on organizations that handle sensitive data like law firms, government agencies or medical facilities.
They may also target colleges and universities where there is a lot of file sharing and weak security systems.
If an organization needs immediate access to critical records, it becomes a perfect target.
However, just because one does not fall in these categories doesn’t mean you can’t be at risk.
Ransomware spreads across the internet automatically and you never know what’s hidden in an email attachment.
How to prevent ransomware
It is always wiser to implement measures to prevent ransomware attacks than to deal with an active attack.
1. Keep your operating system up-to-date
Manufacturers roll out periodic updates to address any security flaws that occur in their operating system.
Make sure you check for any updates on all your devices and if you can’t do that, set the updates to take place automatically.
Attackers take advantage of leaks in an outdated operating system to mount attacks and introduce ransomware.
2. Install software from trusted sources only
You should never install software from dubious sources especially if your computer has sensitive data.
Use software only from official websites, not cracked versions or software from file sharing sites.
If you are not sure what the software does and it’s source, don’t install it.
3. A good antivirus
An antivirus is still essential in detecting and blocking common ransomware.
However, don’t pin all your hopes on an antivirus as it is no longer 100% effective, unlike in the past.
It works best if you combine it with other preventive measures.
Another effective method is endpoint protection with next-generation antivirus.
This gives protection against more sinister malware like fileless attacks.
4. Keep a regular backup of your data
This reduces the impact of a ransomware attack.
The backup has to be done on an external hard drive, preferably using the 3-2-1 rule (3 backup copies on 2 different media with 1 backup stored in another location).
Once the attack is over you can restore your data and implement more effective measures to prevent a further attack.
5. Email security
I covered email security in detail in another article so make sure you check it out.
Employees have to be taught about the dangers of opening email attachments, even if they are sent from a workmate.
Spam protection and endpoint technology needs to be implemented to block any suspicious links and emails.
6. Use a good VPN
Since a significant number of employees work from home, cybercriminals can target home WiFi networks to execute malicious attacks.
One way to stay hidden when online is by using a VPN.
This encrypts your traffic and changes your IP address so that you browse the internet anonymously.
Some VPNs, like NordVPN, go a step further by incorporating Antimalware and Adblock features.
- More features you find with NordVPN:
- Strong encryption
- No DNS leaks
- No logs policy
- More than 5100 secure servers
Ransomware attacks have definitely increased and with this new development of remote working, businesses and organizations need to be more prepared.
Good IT hygiene reduces the incidence of employees opening dubious email attachments or not following SOPs that protect the company data.
When you are using home network, make sure you use a VPN to prevent infiltration of the network by cybercriminals.
Is your business or organization safe? Leave comments below and share the post with your colleagues on social media.