Best Practices to Protect from Ransomware

The Rise of Cyber Crime

Cyber attacks have increased exponentially in the past few years, and according to Hiscox Cyber Readiness Report, it was revealed that 3 in every 5 firms experienced a cyber attack recently. This is no coincidence that the increase in these attacks has coincided with the Covid-19 pandemic.

With many businesses changing the ways in which they operate, cybercriminals have echoed this by becoming increasingly sophisticated with the campaigns they are deploying and the tactics they are using, with cybercriminals as young as nine years old now getting in on the action.

As many organisations adapted to hybrid and online working and employees have adopted flexible hours (working outside core working hours), and on their own devices, this provided much more fish in the cyber sea for phishing to occur, which is why ransomware today is becoming increasingly problematic for organisations.

What's more, with further advancements in technology, including artificial intelligence and 5G, more data is being generated every day, creating more and more opportunities for ransomware attackers to take advantage.

For most organisations, it's not a matter of 'if' they will be targeted, but rather 'when' will their data and network be compromised, and what threats are headed their way?

The following describes how to reduce your risk and protect against ransomware without being required to pay the ransom.

Ransomware attacks

Ransomware attacks have been on the rise in recent years, and several high-profile cases have highlighted this detrimental trend. Cyberattack resilience for both private and public-sector should be a top priority right now. But what exactly is Ransomware and how can you protect against ransomware?

Ransomware is a form of malware which encrypts a target’s files, and then demands a ransom with a ransom note, in exchange for the restoration of access to the data for the target or victim.

Successful attacks result in the victim being required to pay the ransom in order to access and decrypt files as per the ransom demands to access the data. Even if local authorities are notified and the attack results in only a temporary loss of access to files and the file encryption is resolved quickly, this loss of time can have a huge impact on a business's ability to fully recover from the attack and the operating systems of the organization as services are halted. The risk of loss is not worth taking and it is vital for all organizations to protect themselves and their services as much as they can.

A ransomware attack can infect an operational system the same way as other malware, such as infected files in an email attachment, fraudulent websites, a malicious URL, or suspicious links.

This can happen through social engineering where the attacker forms trust with the target through personalised messages before coercing them into opening an infected attachment in an email or clicking on malicious links, allowing them to access the computer, releasing the malicious file on the operating system resulting in infected computers.

Thus begins the process of file-encrypting, where the malware holds files hostage until a ransom is exchanged before the decryption of the files is granted. Not only can this have an impact on a company financially, but it also has the potential to tarnish your business reputation.

Even if you click on a malicious link on the internet, and immediately disconnect, the ransomware infection will have already embedded itself in your files on your computer, including backup files, and you risk losing valuable files in the entire operating system.

Ransomware Statistics

According to research, approximately 67% of ransomware typically begins with a phishing email. To make matters more challenging, most ransomware attacks also target the backup systems in order to prevent the recovery of operating systems, and include data theft capabilities...making recovery incredibly challenging!

Because of this, it's important to be preventative rather than reactive in the case of ransomware, as it's often designed to exploit vulnerabilities and limit access to encrypted files on the computer and in the network.

According to Accenture, a ransomware attack occurred about every 11 seconds, resulting in an increase in attacks by 148% in 2021. WatchGuard reported a decline in unique ransomware variants, summarising that this was likely due to attacks now being mostly targeted, seeing a 888% increase in file-less malware, or threats using ‘living-off-the-land (LotL) techniques’.

Preventative techniques such as security awareness training for employees, and other ransomware protection solutions like ensuring backups to help mitigate the risk and protect an organization's data are safe and protect against ransomware.

What Happens in a Ransomeware Attack

Cybercriminals have become aware of companies' over-reliance on backups, thus resulting in the targeting of backups in the case of a ransomware attack. Advanced ransomware has the capability of remaining undetected, laying low, and delaying an attack for months. In doing this, the ransomware is able to infiltrate your backups and backups of backups, leaving no files safe. Then when the attack is launched, your whole operating system is compromised and irrecoverably compromised; it's not a risk worth taking!

During a ransomware attack, the following is likely to take place:

•Backups will be deleted and all the data is lost.

•The most recent backups are available, but they are infected.

•It takes the better part of a month for businesses to get back on track on average.

•Reinfection could happen if all the malware is not eradicated properly from the backups, causing attack loops. This allows the ransomware to not only gain access but regain access to your files indefinitely.

Examples of Ransomware Attacks

An example of ransomware attacks today is the ALPHV ransomware group also known as BlackCat. One of the most notorious cyber extortionists, BlackCat recently upped the ante by creating a website allowing customers and employees of their target to check for themselves if their data was compromised.

By doing this, the hope was that these customers and employees would put pressure on the targeted organization to pay the ransom, in order to recover their own data including social security numbers, date of birth, phone numbers, email addresses, and other information mostly from the employees rather than customers.

Additionally, having these data packages of each employee visible on a public website, left them more vulnerable to other criminals piggybacking, and turned this into an urgent matter for the targeted organization to resolve the problem quickly.

The time sensitivity of the matter gave the targeted organization fewer options where paying the ransom appeared to be the most logical solution. Though potentially time-consuming for the attackers to set up a website, it proved an effective tactic in monetising the attacks. Ransomware attackers are always developing and looking for more innovative ways to ensure financial gain from their attacks.

Another example of ransomware attacks in the news is the WannaCry ransomware that attacked the NHS several years ago. This prompted the National Cyber Security Centre to issue guidance on ransomware. This ransomware was a crypto worm which targeted computers running Microsoft Windows operating systems. The attackers had demanded Bitcoin as a ransom payment in cryptocurrency. This attack was estimated to affect 200,000 computers across 150 countries and cost billions of pounds in damages.

Steps to Protect Your Business From Ransomware

Ransomware protection solutions and proactive measures are required to prevent ransomware attacks. It is vital to prevent the attack loops from taking up residence in your backups and having a multi-faceted strategy can assist in this endeavour of ransomware protection or resilience. Here are some ways to protect yourself against a ransomware attack:

• Back up all of your data, configurations, and files, and keep copies of everything in a backup offline on an external hard drive. This will allow you to restore systems immediately if your online files become compromised. Backup, backup, backup!
• Make sure all firmware is up to date and installed properly, and any exposures or gaps in protection are covered quickly. Next-generation firewalls and extended detection and response systems designed to prevent attacks are helpful tools, but they need to be employed in conjunction with a backup system.
• Trial your business continuity response plan in case of an attack, and make adjustments where vulnerabilities or weaknesses are exposed. Fill out an impact analysis report to assess your contingency plan. Monitor your data resilience weaknesses and resolve them as soon as they are detected during regular simulations and tests.
• Keep various operations in your network separate. This will minimise the impact on your operations if only one system goes down. Another tactic is called data tiering, which is a system to prioritise the most critical data in order to save money on less essential data backups and storage.

Another way to help prevent ransomware attacks is to educate your employees and provide users with security awareness training on what to look out for, especially with email security, and who to report suspicious activity to, along with other resources to encourage prevention.

Though this seems very basic, and obvious, it may help your business from falling victim to an attack. This can include keeping an eye out for suspicious emails and attachments, behaviour monitoring, and the release of sensitive information, important files, or other forms of exposure to critical data and encourage email security.

Additionally, the only software that should be downloaded by employees onto their computers, should be from reputable sources and be verified through a digital signature prior to downloading in order to best protect the integrity of the entire network and the data of the organization from threats.

What to Do if You’re Already Infected

If you suspect your organisation has already succumbed to a cyber attack, take the following steps to help reduce the damage after ransomware detection:

• Disconnect the infected computer, mobile device, or another device by both physically unplugging and disconnecting from the network and internet.
• Consider shutting off the wifi and disabling all core network connections.
• Reset all passwords without locking yourself out of the systems you need for recovery.
• Do a hard reset, wipe all affected devices, and prepare for reinstallation.
• Ensure the device is free from malware prior to restoring files.
• Reconnect devices to the clean network.
• Run antivirus software, and make sure everything is up to date.
• Monitor and scan the network for remnants of the virus that may still be hiding somewhere.
• Reinstall the backup after it is deemed safe, and watch out for future risks and threats, including phishing and suspicious emails and malicious links!

Ransomware Protection and Protecting An Operating System

In addition to the other protective measures, security software can also assist in detecting ransomware and ransomware attackers. Our software walks you through the steps to ensure nothing is missed and is also aligned with ISO 22301, the official standard for Business Continuity (BC). This means that you will, by default, identify any need for cyber security measures when setting up and maintaining your BC Plans. C2's Meridian allows you to create, store, manage, and distribute business continuity plans through smart automation and data collection. On top of this, we have created a host of business resilience tools that allow you to view and report on the data that matters most to your organisation, track your actions, and communicate on any incidents that may occur through our innovative incident management.