Ransomware is becoming the biggest nightmare for all organisations with the increasing number of attacks amid the pandemic. Cyberattacks have become quite common and all countries whether big or small are falling victim to them. Power companies, oil and gas majors, telecom vendors, educational institutes, universities, retail chains, restaurant chains, transportation, hospitals and even diagnostic labs have been victims of cyberattacks.
In this globally connected world the cyber incidents happening in one part of the world can impact millions of citizens of other countries. In February 2021, a data breach of the Geneva-based air transport giant (serving more than 90% of the world's airlines) became a challenge for cybersecurity affecting millions of people globally.
Cybercriminals are actively targeting corporate users, raising concerns for the organisations. If they manage to get into the corporate network, it poses a huge threat to the entire organisation not only to the attacked device. According to the researchers, 80% of the organisations were hit by ransomware in 2021 and more than 60% of them paid the ransom.
Being a business owner, one must be aware of ransomware and the ways to protect the business against ransomware attacks. It is always better to take preventive measures and have a strategy in place to tackle the crises. So let's get a closer look at this matter and how to stay safe from it.
Cyberattacks in any form are not good for any organisation and its stakeholders as they can put everyone associated at risk. There are many incidents where hackers targeted the clients of the service providers bringing multiple companies down together.
Ransomware is a type of cyberattack in which threat actors get inside the system using malware and encrypt or steal the data, asking for a ransom from the organisation for accessing their own data.
In some cases, they may send the encryption key after taking the money or may release the data on the dark web. Very few organisations have been able to get their complete data back even after paying the ransom. This is not only a financial loss but may lead to complete disruption of the organisation.
If we talk about how ransomware is deployed in the targeted network there are multiple ways for it. Cybercriminals use a number of methods to spread ransomware on computer networks as follows-
Removable media - Spreading the infected application through the USB drives and connecting those infected devices to a local machine to trigger the spread of ransomware across the network.
Network Propagation - Some advanced ransomware strains like WannaCry have the capacity to self propagate over the network infecting other devices.
Remote Desktop Protocol - RDP is a communication protocol being exploited by the threat actors to gain access to another computer over the network.
Email attachments - Sending infected files as attachments over the emails. The infection starts spreading as soon as the attachment is open.
Malicious Link - Spreading the malicious link through emails, social media or other sites. Tricking the victims to click those links for the download of the harmful software.
Drive-by downloads - injecting the malicious codes to the unprotected sites or their own sites and scanning the visitor's device for vulnerabilities to exploit it for inducing the infected software.
There are many other ways in which the threat actors can trick the internet user to click and download the infected file and then exploit it for their bad intention.
If you are here, then you understand how important it is to save a business from a ransomware attack. Any business can fall victim anytime and through any medium. One can only take precautions by implementing the safe practices mentioned below.
Regular system patching - It is always advised to monitor and patch all the devices, applications and operating systems connected with the network. Patches protect against vulnerabilities or backdoors that are being exploited by cybercriminals.
Data backups and Disaster Recovery - Having a backup strategy in place is important in the event of a security incident, or natural disaster, for the continuity of the business. The IT team should be maintaining a regular schedule of backups and store them safely at more than one location. Ransomware can also infiltrate cloud backup solutions, hence offsite backups are helpful.
Employee Cybersecurity awareness training - Training the employees is mandatory to protect any organisation. Having a clear understanding of how they work with technology, how often they connect to personal devices, what all applications are being used etc. People are more susceptible to social attacks and phishing scams that they receive on their personal devices. Employees should be regularly engaged with cybersecurity and phishing training.
Antivirus programs and Network monitoring - Users in an organisation have access to emails, social networking websites and various applications in a day. All of these bring multiple challenges for the security employees. Mobile devices are susceptible to Wi-Fi based man-in-the-middle attacks, email still accounts for 94% of successful malware delivery and social engineering attacks are also scary. It is important to monitor the contact points for the information entering and leaving the network. Making rules for the network traffic and implementing antivirus solutions are required to keep it safe.
Firewall Protection and Security Design - Every business is unique and has different requirements when it comes to configuring the network. These networks are combinations of LAN, wireless networks, cloud services, and remote locations accessing the organisation's network. Hence it is required to create a security design that is able to address all access points and devices used.
Various security models and firewalls are present and must be selected as per the network and organisation requirements. A secure web gateway and implementing Zero Trust Network Access will be a smart move for providing security to all types of networks.
Endpoint security - Threat actors often target specific assets like mail servers, web application servers etc., which can result in big damage to the organisation. Prioritising endpoint security will help in securing the network. Features like Multi-factor authentication are capable of blocking 99% of daily attacks.
Partner with a security consultancy - A big or small organisation, it doesn't matter for the threat actors as long as they are getting money. Partnering with an expert cyber security organisation will help in efficiently securing the entire business. This will help in accessing the current situation and designing a required strategy for safeguarding the organisation's network.
Hackers are finding ways and improving their methods to gain access to the targeted networks and hence even after securing, the business may fall victim to ransomware. It is advised not to pay the ransom as this encourages threat actors. Even after paying the ransom, there is no guarantee of getting the data back, also the organisation has to bear the other costs such as downtime, people cost, equipment costs etc. The malware needs to be removed properly from the system as it may create further problems.
Anyone can fall victim to ransomware, the important thing is recovering with less or no harmful impact. Below are the steps that need to be followed when ransomware is detected, for containment and recovery.
1. Disconnect the infected system from the network and other devices. Check other computers and servers on the network and in case of signs of infection disconnect all from the network.
2. Scan each of these devices with the anti-ransomware software and remove the malware found. Do not connect them back to the network as of now.
3. Report the attack to law enforcement. It should be well informed to the concerned authorities to catch these criminals. If not reported it will encourage them to keep on attacking the organisations that are capable of paying.
4. One may think of recovering the data from the infected system but it may further cause damage. The original malware or the backdoors may be hidden in the system. Instead repartition and reformat the hard disk or install the new hard disk.
5. Rebuild the system using the system image and restore the data from backups. Scan your recent backups for malware as there are chances of infection.
6. Check all the directly attached storage to the network for the infection. In case of doubts, replace the hard drives.
7. Check to confirm if data is stolen. This needs to be reported to law enforcement at the time of reporting the incident, as well as intimate the concerned stakeholders about the data theft.
8. Conduct thorough research for finding out how the breach happened to take the necessary actions and be alert next time.
Ransomware attacks have increased manyfold as the pandemic has forced all businesses to go online without any preparation. Taking necessary measures, training your employees on cybersecurity awareness and constantly staying updated will help in staying safe. Even after all this, some business falls victim to a targeted attack, recover from it with your cybersecurity strategy in place and take legal actions as the hackers are the criminals and should not be allowed to go free.