What is Ransomware?
Ransomware is one of the biggest cyber threats facing business today. Most people have heard of it, but not everyone knows what exactly it is or what it can do to a business. Ransomware is a type of malicious software, or malware, that encrypts or locks your data and applications making them inaccessible. Once devices are infected, hackers demand a ransom from their victims in exchange for the decryption key to unlock their data. Hackers typically give a window in which they request the ransom to be paid, threatening that if you don’t pay by the deadline, your data will be gone forever.
What Happens in a Ransomware Attack?
There are three general steps as to how a ransomware attack works:
The first step is malicious software infecting your device or even a whole network. This can happen in a variety different ways:
- Phishing emails are one of the most common ways for hackers to get in. Hackers send emails to unknowing victims trying to hide undercover and seem like the email they have sent is not one out of the ordinary. These range anywhere from pretending to be your bank, a customer that wants to do business with you, a co-worker, a friend seeking help – they can be pretty much anything. There is typically an embedded link somewhere in the email that someone unsuspecting will click on and boom, ransomware has now been installed.
- Malicious websites can have malware embedded throughout different links across the site, and just like in phishing emails, one click and it’s game over.
- The Remote Desktop Protocol is a favorite among hackers because it allows them to log in to your computer as if they were sitting in the chair. To do this, the hacker needs your username and password, which they can accomplish using password-cracking tools.
The next step is locating and encrypting files on devices. Hackers encrypt your data so you no longer have access to it until the ransom is paid. They may even go as far as removing any backups or shadow files of the encrypted data that they can get ahold of so you feel as though you have no choice but to pay the ransom.
Finally there is the ransom demand. The ransom is then demanded by the hacker for some amount of money, sometimes cryptocurrency, to be paid in exchange for a decryption key. This decryption key can be used to undo the encryption on your field but remember, you’re dealing with criminals so there is a chance this key might not even work.
Not all attacks are the same. This is just a general idea of what goes down in a ransomware attack. Infection, encryption, ransom. The ransom amount can be anywhere from a couple thousand to a couple hundred thousand dollars, it may just be one infected device or a whole network of devices. Regardless, the hackers want money and they are coming for you.
Who is a Target?
Anyone and everyone. If you have a device of any kind that connects to the internet, you are at risk of being the next victim of a ransomware attack. Businesses of all sizes need to do what they can to secure their business not only to protect their data but to keep their business running.
Why are Ransomware Attacks on the Rise?
When COVID hit, many businesses implemented work-from-home and with this, we saw a spike in cyber attacks. Most businesses were not prepared for this sudden change and as a result, there were many gaps left in their cybersecurity. Employees working from home make for great targets of phishing attacks because with frequent sharing of documents through email or other messaging apps, most people wouldn’t think anything of opening a file shared through their usual platforms.
Another reason for ransomware attacks being on the rise is the increase of devices connected to the internet, known as the internet-of-things (IOT). Anything from speakers to smart watches to tablets give the hackers access to your network. All it takes is one unsecured device for a hacker to be able to get in and infiltrate the rest.
How do Ransomware Attacks Happen?
The most common reason ransomware attacks happen is because of human error. In fact, human error accounts for 95% of security breaches. Human error can be a result of clicking on infectious links, reusing passwords or using weak passwords, giving out information online, or just careless handling of information. Another reason attacks happen is just poor practices in general. Most businesses do not have adequate cybersecurity measures in place and this leaves a lot more doors open to hackers than you might think. Not updating software, error in code, contact forms without validation – the list goes on. Diligently implementing cybersecurity best practices is one of the best things you can do to prevent ransomware attacks.
How Serious is Ransomware?
One of the immediate issues with ransomware is downtime. With data and applications locked up, the first thing to happen is loss of productivity which is costly for business and the longer your systems are down, the more expensive it gets.
Depending on the severity of the ransomware attack, it can also cost you your reputation. Hackers can steal valuable personal information on you or your clients and customers and this can affect future business. People expect this personal information to be kept private and it’s your responsibility as a business to make sure it is kept safe.
Legal action may also take place if you are not adequately securing personally identifiable information. It varies from business to business, but it’s likely there are some kind of regulation and compliance measures that you are required to follow in your industry such as HIPPAA or GDPR.
I’ve Been Hacked… Now What?
If you’re aware of an active ransomware attack going on in your network here are some steps that should be taken right away:
- Isolate the machine
- The first thing you should do is disconnect whatever devices are infected from any others on the network. This might mean turning off the network, unplugging the WiFi – whatever you can do to ensure the ransomware doesn’t spread.
- Create a backup
- Backup whatever files, encrypted or not, that you can incase they are removed or deleted by the hacker because a decryption solution may become available to you later on.
- Prioritize the order for recovery of systems
- By prioritizing the recovery of critical systems first, this ensures business will be back up and running as soon as possible (even if it’s not fully up to par right away)
- Wipe and Restore
- Completely clear out the infected devices (once backed up) to remove the malware. Once the device has been cleaned out and there is no more malware, then you can restore it.
- Get Help
- Not everyone is able to remove the ransomware or recover on their own and that’s what companies like Lighthouse are here for. We can help you to remove malware and get everything up and running like normal.
- Consult a Professional
- The best thing you can do after ransomware is to consult a cybersecurity professional to find any vulnerabilities hiding in your systems. It’s common for victims of a ransomware attack to be retargeted by hackers because they know they can get in.
Looking for a cybersecurity professional? Contact Us
Should I Pay the Ransom?
The short answer is no and there are a number of reasons for this. First, you have to remember that you are dealing with criminals who aren’t here to play fair. If you roll over and pay the ransom right away, there is nothing stopping them from exploiting you even more. Paying the ransom actually sets you up to be a recurring target. If the hackers know they can get the ransom money from you, they’ll likely keep retargeting you.
Even if you do pay the ransom, you might not even get the decryption key or any of your files back. Or, if you do get the decryption key, there is a chance it won’t work – again, you’re dealing with criminals here. Hackers also often sell the information they stole from you on the black market. Selling personally identifiable information is a great money maker for hackers so if you do get all that information back, someone else might have a copy too.
Finally, you’ll be keeping the hackers in business. By handing over a large sum of money, not only are you now down a significant amount of money but you have also essentially funded them to go on to hack more people.
How to Protect Yourself Against Ransomware
Having backup copies of critical data can limit the loss of data in the case of ransomware attacks or any other case of potential data loss.
Hackers will also go for your backups so you should also make sure your backups are kept in a secure location and are unable to be edited or deleted.
Using comprehensive security software is also a must. Relying on devices default security settings is not enough and hackers find their way through those firewalls all the time. It is critical that you go the extra mile for security on devices and keep all software up to date.
As mentioned earlier, human error is one of the most common causes for ransomware attacks and it all takes place online. You should be on the lookout for phishing emails and messages and other socially engineered scams. When visiting websites, make sure the URLs contain ‘https:’ and not ‘http:’. Also avoid using public WiFi – this is a common place for hackers to gain access to devices connected to shared networks. An overall rule of thumb is to not open or click on anything from someone you don’t know. Don’t open emails from a questionable address, don’t click on links randomly sent to you, and don’t click on weird looking advertisements online.
Cyber Awareness Training
To go off of safe surfing, you should also be educating your employees with this kind of information. Implementing a cyber awareness training program gets all your users up to date on the latest cyber threats and teaches them cyber security best practices that they can follow everyday to keep themselves and your business safe.
Because user credentials are often the first target for hackers, it’s important to set-up multi-factor authentication to verify the login of a user. To add to this, you should also use password managers like LastPass which generate strong and unique passwords and securely keeps them in a locker for easy and safe login.