In our previous blog post, we defined ransomware and identified common ways that hackers attempt to deliver ransomware attacks. In this post, we will discuss options to respond to and prevent ransomware attacks.
Even large organizations can be the victim of a ransomware attack as these incidents demonstrate:
Due to a security incident data center colocation company, Equinix, ransomware got into some of the company’s internal systems. Although Equinix itself did not disclose who the attacker was and whether a ransom was demanded, according to BleepingComputer, the ransomware attack was carried out by Netwalker, who demanded a $4.5 million or 455 bitcoin ransom to prevent the stolen data from being released. If this payment was not made by a certain time, Netwalker threatened to double the ransom to $9 million.
According to BleepingComputer, in its ransom note, Netwalker included a link to a screenshot of data that was allegedly stolen from Equinix which included files that contain financial information, accounting, audits, payroll, and data center reports (Novinson, 2020).
Canadian Trucking Company, Manitoulin Transport, was recently a target of a ransomware attack as part of a wave of cyber incidents targeted companies in the country’s supply chain. It started off when some of the personnel of the company reported that they were having issues accessing their computer systems.
After being in contact with the hackers, Manitoulin Transport decided not to pay them. According to Jeff King, the company’s President, the hackers didn’t have enough information that was concerning to” them. Therefore, the hackers (named Conti), posted the data that they stole from Manitoulin.
To investigate and respond to the attack, efforts were being taken with the help of an outside security firm. Since this attack, the company took additional measures to “tighten its internal cybersecurity”, elevating their vigilance (Tabak, 2020).
If attacked by ransomware, these steps should be taken (Strawbridge, 2020).:
1. Isolate the infection: To prevent the infection from spreading, separate all the infected devices from each other, the network and shared storage.
2. Identify the infection: Determine which type of malware strain is being dealt with using the messages sent by the attacker, evidence on the computer, and identification tools.
Doing so can help you understand how the ransomware spread, what files it encrypts, and how it can be removed.
3.Report the event and notify your IT security team: To receive support and coordinate measures to counterattack, you should report to the authorities.
4. Determine and evaluate your options: Find out all the possible ways to deal with the infection and determine which approach is the most suitable for you.
5. Restore and refresh the device infected: By using safe backups, programs and software sources, you can restore your computer or outfit a new platform.
6. Take measures to prevent the recurrence of the ransomware attack: This can be done by making an assessment of how the infection happened in the first place and what can be done in order to prevent it from occurring again.
If your computer gets infected with ransomware, avoid paying the ransom. By paying the ransom, cybercriminals are encouraged to launch more attacks, either against you or someone else.
To deal with the ransomware infection, there are several options you can try:
1. Retrieving some encrypted files with the use of decryptors.
2. You can also download a security product known for remediation and run a scan to remove the threat. This can get rid of the infection; however, the return of your files is not guaranteed.
3. As for screen locking ransomware, a full system restore can be done, or a scan can be run from a bootable CD or USB drive (Ransomware – What Is It & How to Remove It | Malwarebytes, n.d.).
4. Recovering from encrypting ransomware is more difficult as instead of denying access to the user, it finds and encrypts all the sensitive data, demanding a payment to restore and decrypt the data (Strawbridge, 2020).
Ransomware attacks can be prevented if certain precautions are taken. Such preventive measures include:
Avoid clicking on unverified links: By clicking on links on unfamiliar websites and in spam emails can cause downloads to occur that can lead to the infection of the users’ computers.
Avoid opening untrusted email attachments: Be cautious of who the sender of the emails is, avoid senders that you do not trust. Also, before opening the attachments, ensure checking and assessing whether it looks legitimate and genuine. Attachments that ask you to enable macros should be avoided as opening an attachment that is infected will run the malicious macro and give the malware control over your computer.
Do not give out personal data: Avoid revealing personal information in calls, texts or emails from untrusted sources. Cybercriminal try to collect this data in advance of the attack. This is research material for them to launch effective phishing emails to specifically target you. Hence, if a company requests for your information, contact that company independently for verification that it is genuine before giving out any data.
Do not download from unknown sites: To reduce the risk of downloading ransomware, ensure that you are downloading software and social media files from verified and trusted sites. Most often, reputable websites have markers of trust that can be recognized.
Use content scanning and filtering on mail servers: Such a software can prevent spam emails that contain malware-infected attachments or links from reaching your inbox.
Keep operation system and software updated: This can help in protection from malware as updating ensures that the latest security patches are present so that it is harder for cybercriminals to exploit vulnerabilities in the software.
Use a security software: Ransomware protection is becoming increasingly crucial as cybercrimes are becoming more widespread. Provision of such internet security can prevent your computers from being infected by ransomware when downloading or streaming.
Backup your data: Copying everything to an external hard drive and ensuring that it is not connected to your computer when not being used, can keep data safe. Cloud storage can also be used as if files become encrypted by ransomware these solutions can allow for them to return to its previous versions.
As we continue to navigate this pandemic globally and work in new ways to continue the economy and our individual sources of income and growth, this form of attack will continue to become a part of our daily lives.
For businesses today, training is a critical aspect of helping employees to take part in securing data and learning about the various ways they can be targeted by bad actors. Our focus should be risk management and mitigation from a cybersecurity and privacy perspective. Let us all make a difference by being aware and following some basic tips in protecting our data and the data of others.
Contact us at [email protected] if you have any questions or need assistance with cybersecurity for your organization.