Threat Alert: Ransomware Attacks Cause More Turmoil

Editor’s Note: ERMProtect, a leading cybersecurity company, is seeing an increase in the number of ransomware attacks in Florida. This article will help your organization understand how these attacks occur and provide guidance on countermeasures.

You’re surfing the Internet when, all of a sudden, a pop-up shows up saying that your computer and data are locked until you pay a ransom. This is what most people know about Ransomware. In reality, criminal coders are finding new and inventive ways to extort organizations. Currently, there are two major kinds of ransomware – one that encrypts your data and the other that locks you out of the operating system, so you can’t access your system and the files on it.

Breeds of Ransomware

There are various kinds of ransomware, each with its own devious intentions. Here are some that you should be aware of:

• WannaCry: WannaCry put the ransomware threat on the world stage when it hit more than 125,000 organizations in about 150 countries. It spread through malicious spam emails and infected PCs by actively scanning for and leveraging a bug in Microsoft's Windows operating system.
• SamSam: This attack primarily targets healthcare and government organizations probably because they have nearly zero tolerance for downtime. SamSam uses tools and stolen credentials and is well-versed in evading cybersecurity software. The City of Atlanta was the latest victim of SamSam and spent more than $2.6 million on emergency efforts to recover from a ransomware attacker that demanded $52,000.
• Ranscam: This completely deletes your files regardless of whether you pay or not. It displays a button – “I made payment, please verify.” When a user clicks, the message on the button changes to “Payment Not Verified’’ and threatens to delete one file every time the user clicks without paying. The button actually does nothing, and hackers are trying to trick victims into paying more than once for data that has long been deleted.
• GandCrab: Gandcrab as its authors have already released at least five versions of it during its short life span since January 2018. This ransomware has been found quietly sitting on compromised, legitimate websites. It also spreads through spam emails or via exploit kits. This is one of the most widely distributed ransomware variants today.
• NotPetya: This is one of the nastiest pieces of ransomware of 2017. It started as a fake Ukrainian tax software update and went on to infect hundreds of thousands of computers in more than 100 countries, in just a few days. It works by encrypting the master file table, which is a table where all the information about files and directories is stored. This prevents computers from starting up. Shipping giant Maersk had to reinstall its entire infrastructure due to NotPetya at a cost of more than $250 Million. In a similar NotPetya attack, a South Korean hosting firm paid $1 million in ransom.

Countermeasures

Here are some ways to protect your organization from ransomware:

• Patch your systems and software promptly and use reputable security software and firewall solutions.
• Backups are your silver bullet, so make sure you make comprehensive backups frequently. Remember that there are strains of ransomware that target your online backups, too. So, be sure to make at least two offline backups, using different media formats. Move at least one to a different secure location.
• Anti-Virus: Install and properly configure a sound and up to date anti-virus software.
• Network Segmentation is extremely important as it can prevent an outbreak from spreading to other systems and networks.
• Logging and Monitoring: Activate key logs and use reputable automated tools to log, monitor, and review system and user activities on a daily basis. Look for unusual patterns of behavior on a regular basis.
• Pop-up blockers are helpful when browsing the web. So, enable them on your browsers and applications.
• Avoid clicking on suspicious links or attachments in emails or giving out any personal information on unsolicited phone calls or text messages.
• Law Enforcement. Contact your local FBI representatives and inform them of the incident.
• Remember that if you pay the ransom, there is no guarantee that you will be able to regain access to your files from unscrupulous individuals. Security companies and law enforcement discourage organizations from paying up. But they also acknowledge that sometimes the decision is not clear cut, as the organization balances operational issues vs. ethics.

Don’t Get Beaten Down

Organizations need to understand that ransomware attacks no longer target victims randomly. They have evolved into highly targeted attacks that bring businesses to a standstill. Be sure your organization develops a smart ransomware strategy that’s smarter than the people who write ransomware.