October 7, 2022 - Shania Nadine K.
What is Ransomware and How to Deal with It
Have you ever received a suspicious e-mail or message that asked for your password or personal details? Those kinds of messages are also known as phishing messages that use social engineering techniques.
Clicking on those links, downloading those files, and entering your details on those suspicious sites can result in not just your personal data being stolen, but sensitive data from your company can also be affected.
How is that possible? Because cybercriminals use those phishing messages to trick their targets into installing ransomware on their personal or company devices.
What is Ransomware?
Ransomware is a type of malware (malicious software) that is designed to lock systems, files, or applications, preventing its user from accessing them. To regain access and prevent sensitive data from being leaked to the internet, users will have to pay a specific amount of ‘ransom’. Cybercriminals who use ransomware to attack their targets usually accept payments through wire transfers, credit card payments, or cryptocurrency.
However, even though ransomware itself has been around since 1989, the shift in working patterns ever since the COVID-19 pandemic has contributed to why ransomware attacks have been on the rise since 2020, as the Working From Home (WFH) policy has made it harder for companies to keep track of their corporate and employee devices, networks, and systems. This also explains why we have been getting lots of phishing messages lately.
Research also found that 3.4 billion phishing e-mails are sent daily. Data from Statista also revealed that 2 out of 3 ransomware attacks are being carried out through phishing e-mails, and other sources of ransomware attacks include malicious file downloads and/or online advertising that tricks people into getting infected by malware, or malvertising.
Nowadays, even people who don’t have the specific skills or resources needed to launch a ransomware attack can easily attack with the availability of Ransomware as a Service (RaaS) on the dark web. With RaaS, ransomware developers can sell ransomware variants to all kinds of buyers, making ransomware an even more urgent problem in society.
Ransomware Statistics and Trends
In 2020, the US FBI’s Internet Crime Complaint Center (IC3) reported that based on the cases reported to them, approximately $30 billion is the total amount of combined losses due to ransomware attacks. The 2022 Data Protection Trends Report by Veeam also found that out of the surveyed individuals and businesses, only 24% were not attacked by ransomware — or they were unaware of an attack, and only 16% were attacked once in 2021, while 60% were attacked twice or more.
Another factor that contributes to the rise of ransomware, in addition to the shifting working patterns, is the lack of proper cyber security training that companies give to their employees. Research by Statista has found that in 33% of ransomware infection cases, the factor that contributed to the attack was the lack of training that the employees receive.
Recent Ransomware Cases
Over the past 2 years, there have been a lot of cases where giant companies get infected by ransomware. These are some of the notable cases:
Nvidia, a manufacturer of Graphics Processing Units (GPUs), recently got their data stolen by ransomware group Lapsus$ on February 2022. The group claimed that they had stolen around 1TB of Nvidia’s sensitive data. Nvidia has also confirmed that it has been hacked and that the hacker has leaked employee credentials and other information on the internet. Have I Been Pwned (HIBP), a data leak monitoring website reported that 71,000 Nvidia employees’ credentials and passwords of their windows accounts have been stolen and shared on hacking forums.
University of California, San Fransisco
The University of California, San Fransisco’s School of Medicine’s IT environment got attacked by The Netwalker Ransomware operators in June 2020. The attackers obtained some of the university’s data and also made some of the School of Medicine servers inaccessible through malware that they launched. The university has confirmed that it paid approximately $1.14 million, to the attackers to unlock the encrypted data and get their data back.
Colonial Pipeline, a pipeline operator in the US, experienced an attack on May 2021. The ransomware program that attacked the company was created by DarkSide. The hackers gained access to the company’s shared internal drive, and the company has confirmed that it had paid the $5 million ransom to get the pipeline back up and running. The attack was caused by a breached employee password found on the dark web that was not protected by a Multi-Factor Authentication and not caused by a direct attack on the company’s systems.
Quanta, Macbook’s supplier, was attacked on April 2021 by ransomware group REvil. The attacker claimed to have stolen the blueprints for Apple’s latest products at that time. REvil demanded $50 million ransom fee from both Quanta and Apple.
Accenture, a global consulting firm, also became a victim of an attack carried out by ransomware group LockBit in August 2021. The group demanded $50 million for 6 TB of data from the company. According to VX Underground, which has a collection of malware source codes on the internet, stated that the attacker has released more than 2,000 files from Accenture to the dark web for some time. The files include case studies and presentations.
How You Can Protect Yourself from Ransomware?
There are several things you can do to protect yourself from ransomware, these are some of them:
We learned that ransomware attacks cause companies to lose access to their systems and data, so regularly backing up your data can help you ensure business continuity as you can always still restore your data. We recommend you invest in reliable backup software instead of relying on manual backups. Veeam is a backup software that can help you by providing 100% ransomware-proof backups, and we can help to deploy Veeam for your enterprise.
It’s important to only give users access to the data that they need for their work so that monitoring can be done easier. We also recommend you always require Multi-Factor Authentication for users who want to access the company’s systems or data, to prevent unwanted parties from gaining access.
We have learned from Colonial Pipeline’s case that ransomware attacks can be carried out as a result of an employee’s mistake or lack of security awareness. Companies can prevent this by regularly providing security training for their employees, and why is it important to always connect to the company’s VPN, regularly check for software updates, use Multi-Factor Authentication, and beware of phishing messages.
Endpoint protection and monitoring
Protecting and monitoring all your organization’s endpoints is very important in preventing ransomware, but relying on manpower or having traditional Antivirus software may not be enough for this. We recommend you invest in endpoint protection software that can automatically detect and respond to threats before they infiltrate your corporate systems and networks. SentinelOne is an autonomous endpoint protection software that we offer and utilize here in Wowrack, and we can help you deploy it for your enterprise as well.
Read More: 3 IT Strategies to Combat Ransomware
How Wowrack Can Help
Ransomware is a very urgent and crucial issue these days. Cybercriminals don’t only target big corporations for their next ransomware attack. They can also attack end-users and/or small and medium-sized companies.
However, protecting yourself and your company against ransomware doesn’t have to be a complicated process. Your data security matters and we want to help prepare you so your business can continue to move forward in this era where cybersecurity is a top priority for everyone.
Wowrack Security Operation can help you prevent data loss and data breaches from ransomware by regularly monitoring your systems and networks for any compromised user. Wowrack Managed Services can also help you deploy Veeam, a reliable backup software that can help you to recover all data quickly.
As mentioned previously, we also believe that protecting all your endpoints is important, and we can help you deploy SentinelOne for that. Moreover, with the growth of fake websites, we also think it is important for you and your employees to have a tool that can prevent you from clicking on suspicious links, and we can help you deploy Cisco Umbrella for that.
Ready to protect your business from Ransomware? Schedule a consultation with us now and let us know how we can help you.