Ransomware: How to protect yourself & business
Ransomware attacks are on the rise, with their scale and ransom demands increasing each year. Nearly every computer can get compromised, so it is important to stay safe.
With many popular attacks like the Colonial Pipeline, Kia Motors, Acer Computer, and JBS foods making headlines this year. It is obvious that the ransomware industry is growing in sophistication and scale.
From reports of up to $40 million in ransom payments to average payments rising from $5,000 in 2018 to $200,000 in 2020, even the Ransomware protection industry is now worth nearly $20 billion as roughly 100,000 computers get infected each day.
To properly protect yourself from ransomware requires an understanding of malware infections in general. And that is exactly what this post focuses on.
What is Ransomware
Ransomware is any malware – a malicious software program – that locks access to a computer or computer’s files and requests a ransom payment to release the system.
There is no specific architecture or operation method for ransomware. Some can lock just the screen and request for a voucher code to reopen it, while more sophisticated programs will encrypt important files on the system.
Other ransomware can even encrypt the entire hard disk, rewrite the system’s boot-loader, change registry settings, and so much more.
The fact is, once your system is hit, then you have a problem that might not simply go away. So, it is best to protect yourself and prevent your computer or network from getting infected in the first place.
RaaS – Ransomware-as-a-Service
To understand how bad the problem has gotten, consider the RaaS or Ransomware-as-a-Service industry.
It includes highly proficient hackers that develop ransomware and then work with affiliates to distribute the payload and split profits with them. The affiliate’s job is to get machines infected, often using social engineering, email phishing, RDP vulnerabilities, and other system and networking loopholes.
As you can see, this business model is very enticing, because it tempts even otherwise loyal employees to betray their companies and share in the loot.
Notable Ransomware Attacks
Over 120 ransomware incidents have been reported in the first half of 2021. Here is a list of the few notable ones.
- ExaGrid – Offers backup storage and recovery from ransomware attacks. Got hacked.
- JBS USA – Global beef manufacturer hit by the REvil group in march.
- Acer – Taiwanese computer maker hit by REvil with $50 million demand.
- Quanta – Another computer maker that got attacked by REvil in April.
- Colonial Pipeline – U.S. Fuel supplier, allegedly attacked by DarkSide
- Kia Motors – Apparently hacked in February
- CNA Financial – Attacked by CryptoLocker and reportedly paid a $40 million ransom.
- Axa SA – European insurance giant hacked by Avaddon
How to Protect Yourself & Business from Ransomware
All computer systems are vulnerable to attack. A malicious actor just has to invest enough time and resources to hack into the system. So, as a computer owner, it is in your best interest to make the penetration of your machine(s) as difficult as possible.
You can prevent ransomware attacks on your system or that of your business by abiding by the following cyber-security best practices.
1. Regular Updates
As the WannaCry ransomware attack from 2017 showed, keeping your computer systems up to date is very important. Because the worm targeted old computers that lacked security updates from the Microsoft Corporation.
WannaCry exploited known vulnerabilities on Microsoft Windows and spread itself across networks without human interaction.
You should know that hackers closely monitor system vulnerabilities and related news because system exploits are developed to ‘exploit’ those loopholes.
Most software publishers also monitor news about these vulnerabilities. But unlike hackers that create programs to exploit them, these reputable organizations release patches to ‘patch’ those security holes.
So, unless you intend to use your computer completely isolated from the Internet, you need to keep it up to date.
2. Create Backups and Keep Them Safe
Another thing that you need to do is to create backups of your system and keep those backups safe. The goal here is to save data that is important to you, so that a system crash, ransomware attack, or even hard-disk failure will not disrupt your work.
It is left for you to determine which files are important and worth backing up. And you can as well go with two or more backups for better security. For instance, after backing up to Google Drive, you also back up to Dropbox.
With online storage, you should take care to disable auto-sync with these services or for the specific folders. Because if malware encrypts your local drive and your computer syncs that new data with your cloud account, then everything is lost.
For website security, many hosts offer automated backups for your site’s pages. And you can also use plugins like BackupBuddy and BlogVault to automatically backup WordPress sites.
The best method, however, remains to backup to a physical drive in your possession. This could be an external hard disk or thumb drive, that you can then secure.
3. Regularly Scan & Assess Online Assets
If you run a web service, such as a website, API resource, or anything else that is available on the web, then you need to periodically scan your assets to detect vulnerabilities and fix them before a hacker does.
Tools like Acunetix and Intruder can detect thousands of such vulnerabilities. And while they cost money to use, they can save you a lot more by keeping your systems safe.
4. Avoid Suspicious Attachments & Websites
Do not click on links or open email attachments from a sender that you do not know. These can contain dangerous malware that will end up infecting your computer and others on the network.
Hackers will even break into the social media accounts of your friends or colleagues and send messages from there. Or they can break into official email accounts for banks, online shops, and government agencies to try to lure you into taking action.
Always be alert when you suspect inappropriate behavior or when an email or website is requesting personal information. Instead, call the company or agency by yourself.
5. Implement Proper User Privilege Rules
Do not surf the web with an administrator account. And there is no need to use an admin account for everyday computing. Setup a normal user account to limit potential risks to your system.
6. Increase Your Organization’s Security Awareness
You need to educate your employees or co-workers on the need for improved security discipline. Taking such simple steps as using strong passwords and changing them for each website can go a long way in preventing many breaches.
The reality is that despite the abundance of online threats, many people still use stupidly simple passwords like ‘pass123’. And then, even enter it on every website they register on.
So, while your co-workers’ security might not be your cup of tea, they can still become the weak link in your organization. Because a hacker might break into their system, since it is easier and then attack your main infrastructure from there.
7. Encrypt Sensitive Data
If you have important data on your computer that you would not like to fall into the wrong hands, then you should seriously consider encrypting the files. This will ensure that any cyber-criminal that possibly gains access to your system will find nothing of value to blackmail you with or sell to other criminals.
8. Consider Using Less Popular Software
No system is 100% safe, but some systems are safer than others. If you do mostly online work, then switching to a Linux-based OS might save your company a lot of headaches.
Sure, there is ransomware that targets Linux systems, but they are not as many. Neither are the vulnerabilities that they exploit.
The same goes for other types of software, from databases to web and file servers. Hackers target popular systems, plugins, and services. So, whenever you can avoid these or use custom solutions, then you are off the radar for many potential attacks.
9. Use Ransomware Protection Tools
Unlike other malware types that are easier to detect and remove, it is often too late to do anything once you have a ransomware attack. So, the best approach is to protect against one and the following tools can help you.
10. Install Only Official Software
On systems like Android and Apple iPhone, you should only download software from the Google Play Store and the Apple App Store for your safety. Programs from external sources often contain malware. So, avoid them at all costs, no matter what they promise you.
The same goes for Linux systems, as they often come with distribution-maintained repositories. Downloading software outside of these repositories is not recommended. Do so at your own risk.
On Windows, you should also stick to the Microsoft Store or the official site of any publisher that you trust. Microsoft Store takes after the App and Play stores. It is a curated and welcome development. But long-overdue for the Windows ecosystem.
11. Use a VPN When On A Public Wi-Fi
Your computer or smartphone is more vulnerable to attacks over public Wi-Fi hotspots. Hackers can even set up free hotspots solely for stealing information and infecting systems. So, make sure to only connect to public Wi-Fi using a premium VPN, not the free ones.
What to do If You Are Under A Ransomware Attack
If you find your system under a ransomware attack, the first step to take is not to panic. Your second step should be to try and identify the exact ransomware that is responsible because there are tools to recover your files from certain attacks.
Head over to the No More Ransom website and use the Crypto Sheriff to upload files from your computer for analysis.
The general advice from nomoreransome.org is not to pay ransom to criminals. As this helps to build their trade. However, what you eventually do is up to you, as up to 96% of victims do receive the keys to decrypt their hijacked files.
No More Ransom is a collaboration of law enforcement and top tech companies. It provides decryption help for a long list of ransomware, including Avaddon, REvil, Ragnarok, Crypt32, Darkside, and others.
List of the Top Ransomware
Here are some of the top ransomware that caused the most damage to individuals and companies around the world. They are in no specific order.
- WannaCry
- CryptoLocker
- Ryuk
- REvil
- Petya
- Bad Rabbit
- Jigsaw
- Shade
- B0r0nt0k
- GoldenEye
Conclusion
Coming to the end of this guide, you have seen that there are bad actors out there trying to lock up your computers and make money from the process.
There is also no complete protection from these malicious hackers. But if you follow the tips above, then you would have gone a long way to protect yourself and your business.