Insurance Business Australia has put together the key points on Ransomware to help understand what it is and how it can affect you and your business.
Ransomware is a piece of red-hot cyber jargon. Perhaps you heard about it when doing your office cybersecurity training, or maybe you read about it in the news. Perhaps you deal with it every day in your role as a cyber risk expert or, worst-case scenario, you’re one of the unlucky victims to have a dreaded pop-up burst on to your computer screen saying: ‘You’re infected. Pay now!’ Regardless of how you came to hear about one of the fastest growing beasts in the cyber sphere, it’s high time everyone understood the sharpness of its claws.
What is ransomware?
Ransomware is a type of malicious software that locks and encrypts a victim’s computer data and demands ransom payment in order to regain access. Bad actors usually give the victims a set amount of time to pay the ransom, after which they say they will provide a decryption key (although there’s no guarantee of this given the criminal nature of the transaction). Cyber criminals usually ask for payment in virtual currency, such as Bitcoin.
How does ransomware spread?
There are multiple ways through which a computer can become infected with ransomware. One of the most common methods today is phishing spam, where attackers try to trick victims into opening infected attachments and links via email. The phishing technique uses emails that often appear to originate from a trusted source or familiar brand, and at first glance the email appears authentic, resulting in a temptation for the recipient to be tricked into entering valid credentials on a counterfeit website or downloading an infected file. Once the victim falls prey to the scam, the hacker has access to their computer, where they can encrypt away.
Another popular infection method is drive-by downloading or malvertising. This is the use of online advertising to distribute malware with little to no user interaction required. As Malwarebytes explains: “While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations, and then select the malware best suited to deliver. Often, that malware is ransomware.”
Then we have the more aggressive variants of ransomware. You’ve likely heard of WannaCry and NotPetya. These variants can exploit security holes to infect computers without hackers needing to use social engineering tools to trick their victims.
What are the different types of ransomware attacks?
This is a beast that comes in all shapes and sizes. Some variants are more harmful than others, but they all have one thing at their core – the ransom demand. Here are a few common types:
– Locker ransomware – These attacks lock users’ computers by stopping them from logging in. They make it impossible for victims to access any files or applications.
– Crypto ransomware – This type of ransomware typically causes the most damage. It encrypts files with randomly generated symmetric keys which require (paid for) asymmetric keys for decryption. The WannaCry ransomware attack in 2017 is the most famous example of crypto ransomware. It targeted hundreds of thousands of computers around the world and spread within corporate networks globally.
– Doxware / Leakware – A hacker using the doxware tactic will threaten to publish stolen, often personally sensitive data if the victim doesn’t pay the ransom.
– Scareware – This fake software poses as a system cleaner or antivirus tool. It will trick victims into paying a ransom to clean up their system.
Can you remove ransomware?
Ransomware can be removed from your system. For the most simple, low-key attacks a free, anti-ransomware removal tool could do the trick. These tools can remove ransomware viruses from computers and decrypt any files that have been compromised in the attack. For the more serious instances – perhaps a corporate breach involving crypto ransomware – it’s essential to engage with professional data recovery teams and cyber risk experts who can decrypt files and, if necessary, negotiate ransom demands with the cyber criminals.
How do you prevent ransomware?
Cybersecurity best practices, such as: strong password hygiene, securing back-ups, employee phishing training, conducting regular systems and software updates, and turning on multiple-factor authentication, are key in preventing ransomware attacks. As the ransomware beast continues to evolve, these measures cannot completely destroy the threat, but they can significantly mitigate it. Really, the most important weapon against ransomware is education. Especially in a corporate environment, the more employees understand the risk and how to mitigate it, the better chance they’ll have of avoiding an attack.
To read the full article CLICK HERE
by Bethan Moorcraft20 Aug 2019