Ransomware attacks target firms of all sizes, 5% or more of businesses in the top ten industry sectors have been attacked and any business, from small-and-medium businesses to enterprises, is a potential target. Attacks are on the rise in every sector and in every size of business.
Your options when infected with ransomware are:
- pay the ransom
- try to remove the malware
- wipe the system(s) and re-install from scratch
In a recent survey, more than three-quarters of respondents said their organization is not at all likely to pay the ransom in order to recover their data (77%). Only a small minority said they were willing to pay some ransom (3% of companies have already set up a Bitcoin account in preparation)
A ransomware attack can be devastating for a home or business. Valuable and irreplaceable files can be lost and hours of effort can be required to get rid of the infection and get systems working again.
Ransomware attacks continue to evolve and attack methods become more sophisticated by the day. Don’t be part of the statistics. With good planning and smart practices, you can prevent ransomware from affecting your systems.
To be prepared, you need to know how ransomware can enter your workplace and system. These methods of gaining access to your systems are known as attack vectors. Attack vectors can be divided into two types: Human Attack Vectors and Machine Attack Vectors.
Human Attack Vectors:
Often, viruses need the help of humans to enter computers so they employ what’s known as social engineering. In the context of information security, social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In other words, people can be fooled into giving up information that they otherwise would not divulge.
Common human attack vectors include:
Phishing uses fake emails to trick people into clicking on a link or opening an attachment that carries a malware payload. The email might be sent to one person or many within an organisation. Sometimes the emails are targeted to make them seem more credible. The attackers take the time to research the individual targets and businesses so their email appears legitimate. The sender might be faked to be someone known to the recipient or the subject matter relevant to the recipient’s job. When personalized in this manner, the technique is known as spear phishing.
SMSishing uses text messages to get recipients to navigate to a site or enter personal information on their device. Common approaches use authentication messages or messages that appear to be from a financial or other service provider. Some SMSishing ransomware attempt to propagate themselves by sending themselves to all contacts in the device’s contacts list.
In a similar manner to email and SMS, vishing uses voicemail to deceive the victim. The voicemail recipient is instructed to call a number that is often spoofed to appear legitimate. If the victim calls the number, he or she is taken through a series of actions to correct some made-up problem. The instructions include having the victim install malware on their computer. Cybercriminals can appear professional and employ sound effects and other means to appear legitimate. Like spear phishing, vishing can be targeted to an individual or company using information that the cybercriminals have collected.
Social media can be a powerful vehicle to convince a victim to open a downloaded image from a social media site or take some other compromising action. The carrier might be music, video, or other active content that once opened infects the user’s system.
Instant messaging clients can be hacked by cybercriminals and used to distribute malware to the victim’s contact list. This technique was one of the methods used to distribute the malicious Locky ransomware to unsuspecting recipients.
Machine Attack Vectors:
The other type of attack vector is machine to machine. Humans are involved to some extent as they might facilitate the attack by visiting a website or using a computer, but the attack process is automated and doesn’t require any explicit human cooperation to invade your computer or network.
The term drive-by is used because all it takes for the victim to become infected is to open a webpage with a malicious code in an image or active content.
Cybercriminals learn the vulnerabilities of specific systems and exploit those vulnerabilities to break in and install ransomware on the machine. This most often happens to systems that are not patched with the latest security releases.
Malvertising is like drive-by, but uses ads to deliver malware. These ads might be placed on search engines or popular social media sites in order to reach a large audience. A common host for malvertising is adults-only sites.
Once a piece of ransomware enters a system, it scans for file shares and accessible computers and spreads itself across the network or shared system. Companies without adequate security might have their company file server and other network shares infected as well. From there, the malware will spread as far as it can until it runs out of accessible systems or meets security barriers.
Propagation Through Shared Services:
Online services such as file sharing or syncing services can be used to propagate ransomware. If the ransomware ends up in a shared folder on a home machine, the infection can be transferred to an office or to other connected machines. If the service is set to automatically sync when files are added or changed, like many file sharing services, then a malicious virus can be widely propagated in just milliseconds.
It’s important to be careful and consider the settings you use for systems that automatically sync, and to be cautious about sharing files with others unless you know exactly where they originated from.
It’s clear that the best way to respond to a ransomware attack is to avoid having one in the first place. Other than that, making sure your valuable data is backed up and unreachable by ransomware infection will ensure that your downtime and data loss will be minimal or none if you ever suffer an attack.