2022-1220-Image-1-Ransomware
UncategorizedDecember 20, 2022
2022-1220-Image-1-Ransomware
Image by Mohamed Hassan from Pixabay
The last thing you want is that all work ― even all communication ― at your organization comes to a standstill simply because the computer network has become inaccessible due to a ransomware attack. Just keep in mind that no ransomware occurs out of the blue, or overnight. Typically, it is the last stage of an ongoing cyberattack caused by a malware, which might have entered your organizational server, or via an individual computer through social engineering. When your credentials are stolen by a cybercriminal, a malware is installed in your computer which begins to corrupt and/or encrypt files till you are gradually unable to access any file. That means you simply cannot afford to let your guard down as far as cybersecurity goes.

Ransomware Is the Most Dangerous Malware Threat

Most people still shudder at the memory of the WannaCry worm which attacked more than 200,000 computers across 150 countries bleeding billions of dollars in cryptocurrency. WannaCry targeted frequently utilized office file extensions like .xlsx,.ppt, .doc, .docx, .sxi; archives; graphic designer and photographer files such as .vsd, .raw,, .svg, .psd; media files such as .zip, .rar, .tar, .mp4; and database files like .sql, .accdb, .mdb, .odb. The largest reported payout for a ransomware attack was by an insurance company which paid $40 million to recover its data, and keep it off the dark web. In the healthcare industry, and the finance industry, a ransomware attack would be regarded a data breach, and would be subject to numerous compliance fines, and other penalties. The most worrisome aspect of ransomware is that nobody is proof or secure against it, and no organization is sacrosanct for the criminals. Typically, ransomware utilizes a combination of exploiting existing vulnerabilities and hacking tools to advance into a domain or server.

Kinds of Ransomware Attacks

2022-1220-Image-2-Internet-1536x685
Image by Gerd Altmann from Pixabay

The first recorded ransomware attack is often referred to as the PC Cyborg, or AIDS trojan. This is because in 1989 attendees of the World Health Organization’s international AIDS conference in Stockholm were sent infected diskettes named “AIDS Information ― Introductory Diskettes” by Joseph L. Popp. However, diverse kinds of ransomware attacks have been launched subsequently. These work on two major vectors. The first simply encrypt files ― which cannot be opened without a decryption key ― with a ransom note. This is why such ransomware are called crypto ransomware. The second variety lock you out of the system by locking your screen, which is why they are called locker ransomware.

Burgeoning Out of Control

Over the decades, ransomware attacks have assumed almost pandemic proportions. It has been estimated that around 4000 ransomware attacks have been taking place daily since 2016. Considering that even in 2015 around 1000 such attacks occurred daily; the threat is clearly burgeoning out of control. However, it should be noted that every year when there are humungous numbers of ransomware attacks is followed by a relative lull. Not every ransomware uses a virus to infect your system. For example, the ransomware called SamSam uses stolen credentials and legitimate tools of a Windows network administrator. Further, it selects soft targets like hospitals and educational institutions which must have constant access to data.

Still Wondering What Hit You?

You might have found that the cyber criminals have found a way around your attempt to avoid paying a ransom. When you try to access your encrypted files by opening the backed up files, you might have found that those have also been encrypted. This is because even cloud based files are attacked. The ransomware called NotPetya does not have a known vector. It hijacks a software, and releases a false update patch which gets distributed to all servers which store that software ― in its most notorious instance, an accounting software called MeDoc was infected. If you deal in cryptocurrencies, then you have much to worry about.

Need for Holistic Approach to Cyber Security

Image by Pete Linforth from Pixabay

It would be problematic if organizations and individuals continue to be reactive rather than proactive towards cyber security. Managed IT service providers (MSPs) can be hired to remotely monitor and manage (RMM) individual computers, networks, and endpoints of an organization to standardize where information is stored, and the policies and settings used across its database. This will ensure a multi-layered cyber security system which does more than provide antivirus, email security, carry out regular vulnerability assessments, and manage how and when patches are applied. If yours is a small or medium sized business, then hiring a third-party to carry out these functions makes more sense, rather than having a complex IT department on your payroll makes more sense.

Need Guidance or Immediate Assistance?

We are determined to work with and for you and make your organization one of the safest business organizations to engage with for your current customers and all prospective clients.