Ransomware is a relatively newfound constituent of overall malware (malicious software) or virus that bog down computer networks around the globe. Its modus operandi is as such – it disables access of users from devices, portals, applications, files etc. and demands a ransom in order to restore the access.
Ransomware usually encrypts files, applications, portals and requires victims to pay ransom, commonly in the cryptocurrency form (read Bitcoin). So, the users or organizations are expected to pay attackers a ransom in order to decrypt the encrypted files to have their access restored.
Like any other malware, Ransomware too, is plainly technology in bad hands – a mistake, too pricey at that usually.
Types of Ransomware
Over time, Cybersecurity experts have categorized ransomware essentially into two types:
Crypto Ransomware
This type of ransomware encrypts key files/folders/applications on a user’s/organization’s computer/network and the hackers demand a ransom to decrypt the encryption so that users regain access to the files/folders/application.
Locker Ransomware
Locker Ransomware is the second kind which completely locks a user out of his/her device, thereby completely barring him/her from access. Then the usual ransom demand ensues.
We are listing downstairs the most dominant types of ransomware that have been identified so far:
- Locky – traced for the first time in 2016, with an ability to encrypt more than 150 file types via malicious/fishy email attachments sent to targeted users/user groups
- WannaCry – the most infamous ransomware that ran its course first in 2017 by exploiting an MS Windows bug/vulnerability and made its effects felt in more than 150 countries; came with a ransom demand of $120m dollars and created a damage of $4b in total
- Bad Rabbit – a sly maneuver of the hackers by guising malware as legit browser requests/prompts known as ‘malware droppers.’ This one saw light in 2017
- Ryuk – Targeted the victims by disabling the Windows System Restore feature in August 2018 before expanding the encryption to network drives as well. Many organizations suffered from Ryuk and the ransom ran into the plus side of $600k
- Troldesh – Hackers behind Troldesh took it a step further by negotiating with victims on the ransom amounts by directly communicating with them via emails
- Jigsaw – Impatient cybercriminals behind Jigsaw in 2016 went on deleting increasing number of files every hour that the demanded ransom wasn’t paid
- CryptoLocker – Did a massive damage of crippling more than 500,000 computers in 2007; first of its kind. However, this marked the inception of a portal backed by govt. officials in the U.S. where victims could find keys to decrypt the encrypted files without paying the ransoms
- Petya – So (in)famous that the MS Word recognized the word as we typed it in for the first time! Known to encrypt the entire hard drives of victims by exploiting the Master File Table (MFT) component (Petya came back for the second time in 2017 under the name – GoldenEye)
- GandCrab – By threatening to make victims’ porn-watching preferences public, GandCrab found a way into victims’ webcams, only to demand ransoms individually from victims citing public humiliation as collateral
Recent Ransomware Attacks
The State of Texas deserves a special reckoning with regards to recent ransomware attacks. Many local govt. organizations running under the umbrella of the State of Texas were recently hit by ransomware attacks – of various types, ransom amounts of wide range and damages – menacing.
As many as 23 organizations were under the malware attacks and officials have remarked that these attacks were well planned and well timed – to have happened over the 2nd weekend of August ’19.
Apart from Texas, the states of New York, Maryland and Florida have also had government-run organizations that fell prey to ransomware attacks in the recent past.
Let’s take a look at recent noteworthy ransomware attacks and the compromises they have induced into the organizations’ networks:
Baltimore: In May 2019, Baltimore’s state-run organizations were hit by a debilitating ransomware attack that handicapped computers of numbers running into 5 digits. Specifically, email accounts and online payments were compromised largely, barring access and processing for weeks on end.
Officials refused to honor the ransom demand and instead went down the tedious path of manual processing of all transactions. To deny the cybercriminals the last laugh of triumph, Baltimore chose to endure a painful loss of $18m against the ransom demand of $100,000 worth of Bitcoins.
Riviera Beach: Riviera Beach City in Florida had voted to pay a ransom worth $600,000 Bitcoins to hackers in June ’19 to have their city’s entire computer network released from their paralyzing clutches.
Lake City: Following Riviera Beach City’s incident, officials of Lake City in Florida paid a ransom worth $500,000 Bitcoins to hackers to see themselves freed from a compromised computer network.
How to Prevent a Ransomware Attack?
Cybercriminals with expertise in deploying ransomware attacks keenly follow large organizations, for their volume of data is bigger – which means it’s relatively easier to target large volumes of key data in one shot. Also, the financial muscle of large organizations implies a bigger possibility of extracting large amounts of money as ransom. However, this is only one line of thought. There’s no certain way to point out the organizations that cybercriminals may target.
So, it is imperative that organizations, big and small, take adequate measures to prevent themselves from falling prey to ransomware attacks. We list here appropriate measures identified across the industry that help prevent ransomware attacks.
- Imparting appropriate, relevant education pertinent to data and device security in users across an organization
- Ensuring antivirus/anti-malware applications are updated and running round the clock on a firm’s network (all devices)
- Educating employees on all sorts of phishing possibilities so that they stay abreast of all contemporary phishing traps hackers cast
- Keeping the Operating System and other OS-related software up to date
- Enabling file history mechanism for Windows 8.1 and 10; System Protection feature for Windows Vista and 7
- Enabling advanced threat protection solutions
- Enabling SharePoint Online and One Drive for Business to facilitate file restoration as a protection mechanism against ransomware
- Putting in place an SLA for comprehensive, automatic system and server scans to ensure full protection
- Performing timely scans and health checks of the file system
- Configuring file scanning on a real-time basis as and when they are downloaded/opened/executed
- Defining/identifying signature updates from antivirus/anti-malware protection solution provider and enabling automatic updating
Now that we’ve seen preventive measures for a ransomware attack, let us tell you another quick tip on the same lines: Always set up a complex password for your devices so that you can prevent a DDOS attack.
Fyrsoft Aids Your Cybersecurity Measures to Battle Ransomware Attacks
Being experts on Microsoft security practices and products like Intelligent Security Graph, Fyrsoft performs a 3600 assessment of your organization’s current cybersecurity posture to help tighten your network’s security measures in the wake of spreading ransomware attacks.
Reach out to us info@fyrsoft.com know more on how Fyrsoft can help you position yourself in the fight against ransomware.
About Author:
Jonathan Cowan (also known as JC) is a Senior Security Engineer for FyrSoft LLC. JC is passionate about many technologies, however his primary focus is within Hybrid Cloud Solutions. He is an Industry Proven Technologist with a demonstrated history of experience in the Information Technology and Services industry. JC is a specialized professional in Cybersecurity Threat Response, Modern Workplace, Intelligent Cloud Hybridization, and Digital Transformation.
With over 20 years of computing experience, JC is frequently selected to share his knowledge various technologies as well as the underlying platforms through blogging and speaking at various industry events, webinars and conferences.
You can connect with him on LinkedIn.