Ransomware: What is it and how can you protect yourself?
Ransomware is constantly evolving. To guard against this, it is essential for organizations to protect themselves effectively by implementing a security policy for their information systems. It must be constantly monitored and updated in line with the latest trends, so that protection techniques and procedures are adapted to the evolution of attacks...
Ransomware activity in numbers
Ransomware is a malicious program, also known as malware, that uses encryption to block access to infected files or computers, rendering them unusable for the victim. This malware is mostly deployed by organized cyber criminal gangs. While some cyber criminal gangs, such as CONTI and the former REvil, are disappearing, others such as LockBit, BlackCat, Hive and Karakurt are growing exponentially, and the number of their victims continues to rise. We are also witnessing the emergence of new gangs, such as BianLian or Black Basta, who are demonstrating a level of impact that rivals or even surpasses that of more established groups.
1,287 cyberattacks are detected every second in the world, representing an increase of 125% in one year. Ransomware remains an increasingly difficult threat to contain. In fact, when 72 minutes is all it takes for hackers to infiltrate a network, it will take 287 days on average for an organization to recover from a destructive attack.
Delivered by efficient hackers, malware can run stealthily and automatically, disguising itself as a non-malicious file in the event of a regular security check. On average it will take 7 months for an organization to detect a data breach, according to a La Dépêche article on digital security.
According to the latest S21sec Threat Landscape Report, an attacker remains 3 to 6 months inside a network. The length of time varies according to its purpose, as it could remain in a network for years. In the last half of 2022, there were 44 active ransomware groups, conducting 1,487 attacks focused on the USA and Europe. Ukraine also saw a 3-fold increase in attacks during this period, particularly on critical infrastructures such as energy, communications, logistics, and military and government databases. Globally, manufacturing, retail and healthcare are the most targeted industries. This is because organizations in these industries possess valuable resources and a larger customer base, which are considered more attractive targets for hackers. It is inherently more difficult for organizations with a large number of employees and contractors working in separate locations to secure all access points. For example, a year ago, Vasu Jakkal, General Manager of Compliance and Identity Security at Microsoft, explained that every second, 571 attacks result in digital identity breaches, mostly attempts to decrypt passwords.
What are the main types of ransomware?
Some types of ransomware can infiltrate devices without any user intervention. Other ransomware attacks rely on traditional malware infection methods. Here is an overview of how different types of ransomware operate:
- Exploit kits: Malicious developers create exploit kits that take advantage of vulnerabilities in specific applications, networks or devices. This type of ransomware can infect any network-connected device running out-of-date software.
- Phishing: In a phishing attack, cyber criminals impersonate trusted contacts or organizations, and send e-mails with what look like legitimate attachments or links. This type of attack often involves forged purchase orders, receipts or invoices, which can be used to access information.
Malicious ads: Hackers can embed and spread malware in fake ads. Malicious ads can install ransomware on a device only if a person clicks on them, while others download ransomware as soon as they load on web pages without the need for user intervention.
Drive-by download: A cyber criminal can place malware on a website so that, when you visit, the website automatically and secretly downloads the malware to your device. Older browsers and applications are particularly vulnerable to this technique.
Regardless of the method used, the objective remains the same: to gain access to your network, your infrastructure and your data, take them hostage and demand a ransom in exchange. But paying the ransom demanded by cyber criminals never guarantees regaining access to the data, and you risk falling victim to further extortion by the same attackers.
Solutions to protect yourself
To avoid ransomware and infecting your devices, we shared in our last article 12 simple and practical habits for securing your data on a daily basis based on the ANSSI guide.
Incibe recommends isolating computers infected with ransomware and cloning the hard drives of infected computers. Report the incident and change all network passwords and online accounts. You can backup computers and recover encrypted files, and also restore computers to continue operating.
Prevention is the most effective way to limit attacks. You can limit risks by monitoring daily, auditing vulnerabilities continuously, training users about best practices and making backup copies of all business-critical information. In other words, it is essential to reinforce cyber security training for all employees, including third parties, and alert them about the risks and solutions to cyber attacks.
Three things to keep in mind: Ransomware attacks are constantly evolving. Various tools and techniques can be applied to protect against them, but above all, prevention remains the key to reducing risks.
