Blog

The number of cyberattacks in recent years has been continuously increasing. Its victims are individuals or organizations with a poor cybersecurity system. There is no area that cybercriminals have not affected: medicine and healthcare, government, finance, culture, manufacturing, insurance, etc. Any company anywhere in the world can become a victim.

The first place in the popularity of cyber-attacks is the ransomware attack. There were approximately 623 million incidents in 2021. A reliable information security system, as well as an understanding of such programs operation principles, can reduce the risks of infection and the consequences.

Ransomware is malware that aims to steal and encrypt files, sensitive data, or personally identifiable information. File recovery is possible with the help of a special decryption key. Cybercriminals use extortion tactics to force the victim to pay the ransom. The data is held by cybercriminals as collateral until the victim pays a set ransom for it. Poor security and unpatched vulnerabilities are bait for attackers. This gives them the ability to access the network and inject ransomware-laden malware onto the victim’s computer or mobile device. As a ransom, cybercriminals began to ask for cryptocurrency (for example, bitcoin) more often. Such a payment system is known for its ability to hide financial activities. Tracking ransom payments is difficult, but still possible. Ransomware is especially dangerous and destructive for those organizations that depend on encrypted data to carry out their day-to-day activities.

Types of ransomware:

• Crypto/Encryptors are the most common type of ransomware. They encrypt all target data, and after they require a decryption key to unlock;
• Lockers – the program completely blocks the device and prohibits its usage. Often, a ransom notice and conditions are displayed on the lock screen;
• Scareware – the program simulates a problem with a computer (detection of a virus, malware etc.) and directs the user to a special page to solve this problem, where personal information is stolen;
• Doxware/Leakware – the program threatens to publish confidential information on the Internet and tricks the victim into paying a ransom to prevent it.

How you can get infected with ransomware:

1. 1. Phishing emails are the main cause of infection. It occurs by opening or downloading malicious attachments (pdf, .exe applications, Word documents, .zip files, etc.), following infected links that lead to a malicious website (spyware, trojans, keyloggers). Also, the attack can be carried out using a series of SMS messages with an image or a link to a website where you need to enter confidential information.
2. Infected web pages are used to distribute malware. By clicking on a link or going to an unverified site, the user runs the risk of automatically starting the ransomware download process. Users should practice safe web surfing and also check the spelling of the URL. A decoy site can be identified by a misspelled address that mimics a legitimate site. If you’re not sure, don’t go.
3. Malicious advertising is malware that is disguised as false advertising in the legal space. Legitimate advertising spaces can contain malicious ads and look like a real banner. Such an ad causes ransomware to be downloaded when clicked. The user should be careful with ads about free offers, message notifications, videos, animations, adult images.
4. Attack on the Remote Desktop Protocol (RDP – a feature of Microsoft Windows that allows users to remotely connect to another network or server). An RDP attack is characterized by a hacker infiltrating a system, attempting to steal data or install malware.
5. Social engineering – attackers impersonate legitimate representatives (law enforcement, support services, etc.) to force the victim to «accidentally» reveal personal or confidential information. Such an attack can be carried out through emails, text messages, phone calls, online chat, and social networks. After obtaining the necessary information from the victim, the attackers use it to launch a larger cyberattack.

How to prevent ransomware attacks:

1. Creating a backup copy of data and storing it on an external hard drive or on a cloud server;
2. Updating systems and applications – outdated systems and applications with old security protocols can lead to ransomware infections;
3. Installation of anti-virus software and firewall;
4. Protection of all endpoints – one vulnerable endpoint can infect the entire network. Consider installing EPP or EDR;
5. Network segmentation – it is much more difficult for a cybercriminal to cover the entire network of a company if it consists of several small ones;
6. Expedient access management within the company;
7. Regular security testing;
8. Training of staff in cybersecurity.