Blog

Ransomware: The Ransom Virus

Ransomware, a virus (or, even better, malware) which locks computers for extortion purposes, is one of the biggest cyber threats that organizations all over the world have to face today. 

The number of global attacks has soared since the beginning of the pandemic. According to Postal Police statistical surveys, attacks against critical infrastructures (damage, service interruption, data theft for extortion purposes) in Italy increased by 246% in 2020. 

Globally, 25% of ransomware attacks mainly targeted manufacturing companies, followed by professional services at 17% and government organizations at 13%. Schools and universities have also been hit hard as criminals take advantage of the fears and the sense of isolation caused by COVID and the rapid shift towards an ever increasing use of digital technologies. 

The effects of the pandemic have, indeed, created the perfect environment for this type of attack to thrive. Cybercriminals have been very quick to exploit any security gaps found and carry out an astonishing number of COVID-19-themed phishing attacks. 

Many organizations have thus suddenly found themselves faced with ransomware attacks and the resulting ransom demands. 

The ways in which an attack occurs are not always the same. In many cases, the attack begins with the purchase of previously stolen sensitive information, such as passwords or user profiles, on the dark web. This fundamental information is useful to both large and small criminal organizations to trigger an attack on a specific organization and demand a ransom. According to the specialized company Coveware, this ransom increased by an average of 47% between the first and second half of 2020. 

What Is Ransomware? 

Ransomware is a type of malware that prevents users from accessing computer systems by encrypting files. A ransom must be paid in order to unlock the systems. Payment of the ransom is usually requested in Bitcoin or other hard-to-trace cryptocurrencies. Cybercriminals typically set a deadline for ransom payments. After that date, the ransom payment will be doubled or the files will be locked permanently. 

In 2020, Sodinokibi (also known as REvil) was the most active type of ransomware. What differentiates this ransomware is its business model: Ransomware-as-a-Service (RaaS). 

In practice, the REvil Group makes the infrastructures, tools, ransomware and related code available to criminal third parties, receiving a percentage (between 20% and 30%) of the ransoms extorted from victims in exchange. 

How Can Ransomware Infect a Computer? 

There are several ways in which ransomware can infect a computer. 

The most common is through phishing emails containing malicious links or attachments. When you click on the link or open the attachment, the malware installs itself on your system and begins to encrypt your files. 

Ransomware can also be distributed via malicious websites, infected removable multimedia devices, messaging apps, social networks and by exploiting the vulnerability of devices with outdated systems and software. 

Can You Protect Yourself from a Ransomware Attack? 

It is useful to follow some good rules to protect yourself: 

  • Make backups regularly: You should make backups regularly to minimize data loss in the event of a ransomware attack. The most known backup best practice recommends the 3-2-1 rule: 3 copies of your data in 2 different storage formats, and at least 1 copy at another location. In the event of an attack, data can be recovered quickly without paying a ransom. 
  • Recognize a phishing attack: Ransomware attacks largely depend on a user opening a phishing message. To protect themselves from these threats, it is therefore essential for organizations to involve the entire workforce in effective Cyber Security Awareness training courses. These courses must include automated and adaptive anti-phishing simulation training to raise awareness and train staff to recognize and avoid phishing. 
  • Do not expose your sensitive data: Cyber criminals often use stolen employee credentials to gain access to systems and distribute ransomware. Credentials are often the result of previous phishing attacks or data breaches. It is important to remember that providing your sensitive data online can be very risky, especially if you are not absolutely certain of the legitimacy of the request. Enabling multi-factor authentication may prevent a hacker from logging into a system, even if they have a user’s credentials. Changing passwords regularly and avoiding using the same password for several accounts are two other virtuous practices that put a spanner in the works of criminal organizations. 
  • Always keep software and operating systems up to date: Hackers frequently exploit operating system and application vulnerabilities when distributing ransomware. It is, therefore, crucial to install updates as soon as they are released to keep systems and apps up-to-date, stable and safe from malware and other threats.

For more info…