Ransomware Is Alive And Well

By now, you’re likely familiar with the threat of ransomware, and hopefully that is through training and not experience. While ransomware may not dominate the headlines the way it used to, don’t get fooled into thinking cybercriminals have retired this attack – it is alive and well.  

What is ransomware?  

In case you’re unfamiliar, ransomware is a malicious software that blocks computer access until a ransom demand is paid. Ransomware has been around for a long time, in fact, the virus was first created all the way back in 1989 by Harvard-trained evolutionary biologist Joseph L. Popp. 

How is it distributed? 

The most common way for ransomware to be distributed is via a phishing email containing malicious attachments.  The malware may be directly inside the attachment or may include a link to a website hosting the malicious software. Another common method for dispersing malware is by using an exploit kit to search for vulnerabilities in outdated software and then exploiting those vulnerabilities. 

Vulnerable servers are also an open door for cybercriminals to distribute ransomware. Once a hacker gains access to a server, they can do serious damage, some of which may involve using administrative rights (which can also be obtained relatively easy with the right tools) to turn off certain protections that may alert administrators of the threat. 

Who is a target? 

Anyone could be targeted by ransomware. While cybercriminals do have industries they favor, everyone is susceptible to a ransomware attack if the proper training and security measures aren’t in place. If a cybercriminal thinks you have files that you can’t be without, or files that you wouldn’t want exposed, you are a target – that includes individuals, small business, or large corporations.  

Is ransomware still prevalent today?  

Absolutely. Although ransomware may not make the headlines as often as it used to, the threat still exists. Breaches at large corporations are often heavily publicized, but it’s the breaches at small businesses that are happening every day that we don’t hear about. Mix in the fact that cybercriminals continue to advance their tactics, and scams relating to the COVID-19 pandemic have taken the world by storm, ransomware seems to be something that no longer needs to be on our radar- but don’t be fooled.  

Since the beginning of the pandemic, ransomware attacks have actually spiked, jumping 148% between February and March of 2020. Cybercriminals will continue to carry out ransomware attacks, working hard to hand out ultimatums to their victims – pay up to unlock your data or lose it indefinitely.  

 How can you protect yourself and your organization? 

  1. Provide security awareness training routinely to educate employees on current threats and best practices.
  2. Ensure that proper controls are in place that only give employees access to areas and information needed to perform their job function.
  3. Utilize two-factor authentication as an added security metric for gaining access to your system and your company’s sensitive data.
  4. If users are connecting remotely to your network, make sure it is done so securely through a VPN.
  5. Keep your systems up-to-date and patch when necessary to prevent system vulnerabilities from being exploited.
  6. Make sure your organization is using reputable antivirus software and firewall. 
  7. mail filters should be put in place to help identify and block known threats on incoming communications.
  8. Confirm routine backups of your organization’s data are being performed.
  9. Implement policies and procedures that outline your organization’s rules and expectations, such as password requirements.
  10. Have a disaster recovery plan in place to ensure that your organization knows how to respond to a ransomware attack if one were to occur. 

What are your thoughts?