Organizations today are extremely dependent on data. Customer and user data is now central to virtually all activities, including facilitating day-to-day transactions, target marketing, product development, logistics, and everything else we could imagine.
Unfortunately, this widespread institutional dependence on data means that cybercriminals have a huge incentive to hold it hostage. This is mostly facilitated through the use of malware called “ransomware.”
Ransomware locks legitimate users and their organizations out of their data or database systems, usually through some type of encryption that only the attacker could undo. Below, we’ll explore how ransomware works and why it is such a danger to businesses and other organizations. To learn more about the details and best practices on how to protect from ransomware, you can refer to this ransomware protection guide.
Are startups in Southeast Asia doing enough to combat ransomware attacks and cybercrime?
How does ransomware lock out legitimate users?
As previously mentioned, most ransomware is designed to lock out users through some kind of data encryption. In most cases, ransomware applications also replicate themselves across different devices and servers, reducing the amount of data that could be recovered. Others will also disable network security features and delete automatic backups to better force a ransom payment.
If such a payment is made and the attacker honours the ransom, a digital key will be given to the victim to undo the damage. However, there is no guarantee that these bad actors will keep their side of the bargain, and it’s not unheard of for organizations to lose all access to their data even after paying a ransom. If the organization did not back up their data to an external system, then such events can become even more catastrophic.
How does ransomware infect systems?
Ransomware hackers can gain entry into a network and infect databases through a variety of entry points. Here are a few of the most common ways ransomware can hijack an organization’s data.
1.) Storage Media
Hard drives, USB drives, and even peripheral devices can harbour malware that can directly or indirectly facilitate ransomware attacks. Storage devices can hold malware that, when connected to a device, transfer themselves onto it and replicate through any networks the machine is connected to. Peripheral devices could be hacked to log keystrokes and other types of information that allow unauthorized users to gain access, and directly install ransomware on a target machine, later on.
2.) Phishing Emails
Emails that contain ransomware attachments or a link to an infected website are one of the more common entries that cybercriminals use to access a network and important data. Once these attachments or links are clicked, ransomware or other malware could be downloaded onto the victim’s machine and, from there, the hacker can gain entry and begin to infect the entire network. This is highly dependent on ignorance or negligence, which is why every ransomware protection guide will advise some kind of user training to prevent this very common attack. To be safe, it is better to implement a Privileged Access Management (PAM) system so that when a device gets compromised, the damage is only limited to that device.
3.) Remote Device Access
Systems administrators often rely on Remote Desktop Protocol (RDP) to configure individual workstations without them needing to physically access the target device. This allows systems administration and IT teams to address various workstation problems even from the other side of the world.
However, RDP can also be used as a way for unauthorized parties to infiltrate databases. This is especially true for systems that are improperly setup as well as for those that do not implement multi-factor authentication that confirms user identities.
4.) Infected Websites
Some websites harbouring ransomware pose as legitimate sites, waiting for users to visit them so that they could upload malware onto their devices. Victims may be led to the website through an email, as mentioned earlier, and even through social media. Again, proper user education and two-factor authentication (2FA) are critical for preventing ransomware attacks of this nature. And again, it is safer to implement a PAM system so the damage is only limited to the one compromised device.
Why are ransomware incidents increasing?
Ransomware incidents are not new. However, they have become prevalent in recent years due to the following issues:
- Stronger Motives. Organizations the world over are dependent on data. Denying them this data or the systems that manage it can lead to a catastrophic interruption in services and revenue. This means that many of these organizations are willing to pay ransom fees when ransomware attacks are successful. These successes, in turn, embolden cybercriminals to continue such illicit activities.
- A Change in Work Culture. More and more people are now working at home than before 2020. While beneficial in many ways, remote arrangements make it difficult to ensure the security of every part of an organization’s network. This has resulted in a rise in ransomware incidents in recent years.
- Low Risks for Cybercriminals. The risk that a competent cybercriminal will face justice for any single ransomware attack is relatively low. Rarely do we see any news about cybercriminals being comprehended, perhaps because these cybercriminals are out of the country. Now more cybercriminals are asking for payments to be made in less-traceable cryptocurrency, something that makes these malicious actors even harder to pin down.
Can You Protect Your Organization from Ransomware?
Backing up data on multiple sources, following best practices for cybersecurity, and having a standard ransomware protection guide is a good start for preventing virtually all ransomware attacks from becoming catastrophic. To better protect yourself, it is better to take a layered approach to stop ransomware hackers at each phase of their attack. However, that requires multiple solutions and can get quite costly. One way is to look for an all-in-one solution that has multiple modules built-in, like Mamori.io, so you can save both on cost and the complexities of integration.