The unprecedented digitalization accelerated by the COVID-19 pandemic triggered a significant increase in cybercriminal activity, specifically ransomware attacks. It has attached organizations in nearly every vertical. A research on cyber threats states that ransomware attacks affected more than half of all Asia Pacific companies in 2020. Across the world, India was one of the most impacted countries followed by Sri Lanka, then Russia and Turkey. The most attacked country by ransomware threats is the USA. The cyber actors have grown creative over the years and adopted stealthy strategies.
A Typical Ransomware Activity
When a system is infected, the ransomware may generate network traffic. However, network traffic is not necessary to encrypt the existing data. The malware uses a public key for encryption and uses it locally without a remote server. Most ransomware terminates the list of hardcoded processes and services that may interfere with the encryption. Some of the processes and services are databases, security applications, and backup services. Some ransomware attempts to uninstall antivirus programs or other security applications.
Some malware prevents and disables system restore features in the operating system. Many variants run commands to do tasks such as volume shadow copies deletion, free space wiping, event logs deletion or disable system restoration.
Common File categories targeted by Ransomware
- Microsoft Office files
- Open office files
- Adobe PDF
- Image Files
- Ext files
- Database files
- Compressed files
- Mail backups
- Key files
Factors that make an organization vulnerable to ransomware
The factors that might make your organization the target of a ransomware attack are
- Outdated systems
- Systems with outdated software
- Operating systems without a security patch
- No proper disaster recovery strategy
- No robust cybersecurity solution
[Case Study] Proactive Security Event Monitoring System - SOC
How to keep your data safe from ransomware attacks?
Avoid opening suspicious email attachments
Emails are the most targeted medium for ransomware attacks. It can find its way through email attachments. Avoid opening dubious-looking attachments can save money and time for the organization. Pay close attention to the sender. Assessing the trustworthiness of the email address is the first to identify a genuine sender. Some attachments can execute macros. It is safe not to open such attachments.
Avoid malicious links
Cyber actors lure their targets to click malicious links. The links can be portrayed as offers, discounts, or drive urgency. It is not recommended to click on links in spam messages or on unknown websites. Some malicious links may trigger an automatic download that leads to your IT systems being infected.
Get rid of unknown USB storage devices
If the whereabouts of a removable storage media is unknown, it is better to avoid it. Cyber actors may have infected the device and placed it in an easily reachable place to entice people into using it. Use only trusted devices.
Keep out of public Wi-Fi Networks
Systems connected to a public Wi-Fi network are more vulnerable to cyber threats, especially, ransomware attacks. Avoiding public Wi-Fi can help to stay protected. In case of emergency, it is suggested to connect with a secured Virtual Private Network (VPN).
Avoid sceptical download sources
Avoiding unknown sites to download software and media files can minimize the risk of ransomware infections. A trusted website can be recognized by the trust seals and the use of “HTTPS”. If the site is secured, it can be identified with a shield or lock symbol in the address bar.
Updated & Patched Operating Systems and Software
Organizations should keep their operating systems updated and regularly patched to protect themselves from emerging cyber-attacks. This practice makes it harder for cyber actors to exploit vulnerabilities and plan for a zero-day attack.
Anti-Ransomware Prevention
A modern antivirus utility can eliminate ransomware on sight. However, today, ransomware designers are tricky. So, to prevent enterprise data from threats, a tool that is more than just antivirus is the need of the hour. Organizations should embrace a ransomware prevention solution that provides compatibility with their existing cyber security solutions. Anti-Ransomware tools are bolstered with behavioural detection, cloud analysis, machine learning, expert analysis, and automatic analysis.
Download 10 key questions to re-evaluate your security posture against Ransomware