Ransomware – an ever-evolving threat for businesses

Ransomware is a form of malware that encrypts business/individual files, databases or applications limiting their access, cybercriminals then demand a ransom from the target to restore access upon payment. The fees for access to decryption keys can range from few hundreds to millions, payable to cybercriminals in the form of cyrptocurrencies which cannot be traced back.

The recent ransomware attack on American IT firm Kaseya by REvil is reportedly one of the biggest on record creating a ripple effect on financial services, retail, travel and leisure sectors. With ever evolving disruptive technologies, ransomware is rapidly evolving to avoid being detected by typical anti-virus programs despite having up to date end point security. Ransomware has become a big business for cybercriminals as there is a lot of money involved, resulting in loss of billions of dollars to businesses.

One of the most pervasive form for delivery systems of ransomware is phishing, where cybercriminals persuade targets to click or download an attachment to install malware on the devices. Once downloaded or opened, the malware gains control of the targets computer making them unusable. Sophisticated social engineering tools to gain administrative access along with exploiting security holes to impact computers is also being leveraged by cybercriminals.

Doxware /leakware attacks are the variations of ransomware in which cybercriminals, threaten to expose Personally Identifiable Information (PII) from their data storage devices unless a ransom is paid. Additionally, some cybercriminals pretend to be law enforcement agencies and shut down the target’s device claiming to have unsolicited material and making them pay hefty fines, such kind of attacks are directly at induvial users and small businesses as these targets are less likely to report the attacks.

However, paying the ransom does not guarantee data retrieval, many victims of the malware attacks do not receive the decryption keys. Apart from the monetary loss to the business, ransomware attacks also include:

• Loss of sensitive customer and PII data
• Disruption of operations and services
• Loss of reputation and relations with customers
• Businesses can leverage a number of proactive steps to detect and prevent ransomware attacks. Cybercriminals often attack small and medium sized businesses which have a tendency to cut corners while following the good security practices. Some of the steps to improve defenses from attacks include:
• Creating awareness amongst employees against ransomware, where employees review emails, attachments, and other suspicious links.
• Regularly monitoring networks and run vulnerability assessments to check for systems weaknesses.
• Deploy Multi-factor Authentication (MFA), Micro-segmentation for secure Privileged Access Management to include segmentation of weak access points to prevent access to business-critical data.
• Keeping end points and operating system patched and up to date; updating patches only from known secure sources. Also implement a secure mechanism to authenticate updates or new patches.
• Early identification, monitoring, protection, and analysis of vulnerable assets from third party providers, including activities and intelligence.
• Leverage vulnerability management programs and third-party risk management solutions.
• Strengthen cyber resiliency plan: Infrastructure, data and critical assets.
• Restricting administrative privileges and software downloads; Implementing strict IT rules and policies.
• Back up files regularly to mitigate the data loss.

Ransomware possesses an immense security threat to both business and individuals making it imperative to detect and monitor threats. A proactive approach for stopping ransomware is the best way to keep business safe. Learn how CyberSophy’s dedicated security solutions allow organizations, regardless of size, to step up their security against ever-evolving threats, to know more contact our team at info@cybersophy.net