One of the greatest threats to cybersecurity is ransomware. Each year it affects more and more organizations around the world, with over 72% of businesses worldwide having been impacted by ransomware attacks in 2023. That is nearly a 20% increase since 2018. But what is it that makes ransomware such a threat? Let’s take a deep dive into what ransomware is, why it is such a growing concern, and what you can do about it.
What Is Ransomware?
Ransomware is a type of malware that infects a network, system, or device and encrypts the files, blocking access to them until a ransom is paid. Encrypted files are typically given a unique extension, such as .aaa, .encrypted, .crypt, or .locky. It can infect a network or system through any number of vectors, such as phishing and using Remote Desktop Protocol (RDP). Once the ransom is paid, the victim will receive a decryption key to regain access to their files. There are variants to the traditional ransomware, such as using the threat of data theft as an additional incentive for the victim to pay the ransom.
Why Ransomware Is a Growing Threat
There are several reasons why ransomware has become a greater threat over the past few years. These include:
Advances in Technology
Technological advancements have increased the number of potential entry points into a network or system. This includes devices connecting to a network remotely, such as smartphones, laptops, tablets, and the Internet of Things (IoT).
The COVID-19 Pandemic
COVID-19 brought with it an increase in the number of people working remotely, which in turn increased our reliance on digital technologies. This opened new ways for cybercriminals to access networks to launch ransomware attacks.
The Availability of Cryptocurrency
The ability for cybercriminals to demand payment of the ransom in bitcoin or another form of cryptocurrency, has made it easier for them to receive payment easily while remaining anonymous.
This is perhaps the most significant factor in the growing threat of ransomware. Where once cybercriminals needed to have advanced technical skills to launch a ransomware attack, Ransomware-as-a-Service (RaaS) is now available for purchase on the dark web. This gives non-technically savvy criminals the ability to launch ransomware attacks with ease.
How to Protect Against Ransomware Attacks
There are several steps you can take to protect yourself from falling victim to a ransomware attack. A comprehensive strategy will include all the following.
Employ Best Practices
The best way to protect yourself against ransomware is to reduce your attack surface and prevent an attack from happening. You can do this by using the following preventative measures:
- Ensure each member of your staff is fully trained on how to recognize suspicious emails asking them to click on a malicious link or provide sensitive information and that they know how to report it if they do see one.
- Employ multifactor authentication so that each of your employees uses a strong, complex password and at least one more form of authentication, such as inputting a passcode received on their mobile device, to make it more difficult for attackers to gain access to systems with stolen credentials.
- Control access to your network and systems by using Identity Access Management and the zero-trust model, which assumes no user can be trusted until they prove who they are and that they are authorized to access the data they require
- Regularly back up all your data on a separate system so you have access to an unencrypted copy and can recover it without giving in to the demands of the attacker.
- Install software updates and patches as soon as they are made available to ensure your network and systems have the most up-to-date protection.
- Regularly look for vulnerabilities, determine the types of users who can access the system, and perform a risk assessment.
- Perform regular checks of your network health.
- Avoid running code or software that is out of date or no longer necessary for business operations.
- Regularly check for expired certificates and conduct a routine cleanup periodically.
- Segment your network so that if one part of it becomes compromised, there is no way for other segments to become infected.
Use an Anti-Ransomware Solution
Ransomware has a distinctive fingerprint when it enters a system. An anti-ransomware solution is designed to look for that fingerprint by looking for and quickly identifying a range of variants and providing automatic restoration of compromised data and/or systems.
What to Do if You Experience a Ransomware Attack
If you do have a ransomware message on a device, it is critical that you quarantine that device from the network immediately to help stop the spread of the malware. You should then:
- Avoid turning off the computer, as you could lose volatile memory and reduce your chances of recovery.
- Back up the encrypted files on removable media and try running them through a free decrypting system. In some cases, this can restore at least some of the files.
- Get the help of a digital forensics expert to recover unencrypted copies of files that may be stored on the device.
- Wipe the device and restore a clean backup or reinstall the operating system from scratch.
Contact Platinum Technologies today to learn how we can help you prevent or limit unauthorized access to your network and systems.