Ransomware: Understanding What It Is and How to Protect Your Company Against Ransomware Attacks

Ransomware: Understanding What It Is and How to Protect Your Company Against Ransomware Attacks

What is ransomware? How are the ransomware attacks orchestrated? And why are the attacks rampant? These are among the pressing questions that individuals, organizations, businesses, and governments have concerning this global cybersecurity threat.

The most startling thing with ransomware attacks is that they can creep up on you when you least expect—you never know if you are the next victim or when the attack will occur. That said, in today’s digital-oriented world, putting in place measures to prevent ransomware attacks determines whether your business crumbles or not.

In this post, we will give you a comprehensive guide on what ransomware is, discuss the recent Kaseya ransomware attack, and give you pointers on how to protect your business from such attacks. Let’s dive in.

What Is Ransomware?

Ransomware is a type of malware that encrypts company data so that you can’t access it until you pay ransom to the attacker. In some instances, the attackers put encryption on the data, after which they extract it—a cyber analyst will have to determine which type of worm was used, given the wide range of worms used for such attacks.  Ransom demands by the cyber attacker to grant you access to your data usually ranges from hundreds to thousands of dollars, if not millions.

Recently, Kaseya, an IT solutions provider, was attacked by the Russia-linked syndicate REvil, who demanded that Kaseya pay 70 million dollars to access a master key to restore its data. The attackers carried out a supply chain ransomware attack on Kaseya by leveraging a vulnerability in its VSA software. According to Fred Voccola, the CEO of Kaseya, not more than 0.1% of the company’s customers were affected by the breach—but given that Kaseya’s customers include Managed Service Providers (MSPs), smaller businesses also fell victim to the attack.

Weeks after the attack, on 23rd July, Kaseya spokeswoman Dana Liedholm announced that they had obtained a universal key that would decrypt the data of more than 1000 businesses affected by the attack. How the universal key was obtained remains a mystery—multiple explanations have emerged, such as Kaseya paying the ransom, a government paying the ransom, Kremlin seizing the key from the attackers, and victims pooling funds to pay the ransom.

Why You Shouldn’t Pay Ransom Demands

Just like their name suggests, cybercriminals are criminals and can’t be trusted to keep their word. You may pay the ransom, and the attackers refuse to decrypt your data—a double tragedy—you’ll have lost your finances and data. Also, paying the ransom demands encourages the cybercriminals to carry out more attacks, thereby diminishing the efforts of President Biden’s Executive Order on cybersecurity aimed at thwarting cyber attacks.

How to Know if You Have Ransomware

You may not realize that you are a victim of a ransomware attack until your files have been breached. In a typical case, a ransomware victim will try to open their computers or file. Upon doing that, you will receive a strange pop-up message/alert that tells you that your system has been encrypted. The pop-up message/alert will also instruct you to pay a ransom to access a secret key to decrypt your data. More often than not, there is a countdown timer for making the payment failure to which the data may be sold or publicized.

How Attackers Orchestrate Ransomware Attacks

There are a myriad of ways ransomware can access your system and computer. Nonetheless, the most prominent delivery method is phishing spam, which involves harmful attachments being sent to a victim’s email. Upon clicking, downloading, or opening the file, the malware (ransomware) creates a backdoor which it uses to control your system and files.

The ransomware may also gain access to your computer and files by exploiting security loopholes to infect your files and computer without the need of tricking you into installing it. Once the ransomware is in your system, it can either encrypt all or some of your files and only give you access when you pay the ransom. Alternatively, the attacker may threaten to publicize or expose your data not unless you pay the ransom.

Who Is Targeted by Ransomware Attacks?

Over the years, several ransomware families, including REvil, Netwalker, NotPetya, Ryuk, and Wannacry, have cropped up. These ransomware families have been carrying a series of attacks on businesses (both small and big), governments, individuals, and public organizations. According to a recent study, ransomware attacks have increased by 62% since 2019, as cybercriminals strive to benefit from security vulnerabilities that have arisen due to the pandemic and remote work.

Many people believe that ransomware attacks primarily target multi-billion organizations. While there is some truth to this, given the big payday gained by successfully carrying out attacks on such companies, the foolproof cybersecurity measures put in place by such companies make them a hard target. As such, cyber attackers turn to smaller companies that have a less secure system. All in all, companies both small and big should put in place foolproof cybersecurity measures to avoid becoming victims of ransomware attacks.

How to Protect Your Organization/Business Against Ransomware Attacks

Below are some great cybersecurity plans that you can put in place to protect your business/organization from ransomware attacks:

• IT security education/training: Taking the initiative to train your staff on cybersecurity measures will go a long way in preventing your business from becoming a ransomware attack victim, given that cybercriminals target them most.
• Offsite backup: Ensure that you back up your folders, files, and applications on an offsite server or computer so that you can easily recover them in case of an attack. While this measure does not prevent the attacks, it will ensure that you won’t pay the ransom.
• Antivirus: Installing antivirus software will help you scan attachments and incoming emails and warn you about any malicious files. Antiviruses can also stop unauthorized applications from executing security procedures.
• Desktop as a service (DaaS): Suppose you want your business to gain more control over its users; you can install a cloud-based DaaS to provide centralized security and management.

Consult a Renowned IT Service Provider

Suppose you want to have peace of mind that your business is safe from ransomware attacks, you need to consult a renowned IT security service provider. Colorado Computer Support provides a wide range of IT security services including cybersecurity, email, and network security, cloud services, and data backups and planning. Contact us via (719) 355-2440 or visit our website and let us set you up for success by putting security layers in your system to protect your business/organization from ransomware attacks.