Ransomware Protection

With most of the world now connected to the Internet, malware has spread to more computers across the globe. One of the most troubling and costly trends in recent years has been the rise and spread of ransomware, which is a type of malware that renders a user’s files unreadable until they pay a ransom.

Ransomware attacks have increased in the last year, affecting 621 entities between January and September of 2019. Ransomware attacks can occur when a company doesn’t have adequate security measures in place. In some cases, an attack will start from one compromised computer and spread to other computers on the company’s network. During an attack, a company’s files and data can suddenly become locked down. The individuals or organizations behind the attack often demand a ransom before it will free the company’s data.

As attacks of this nature increase, companies across the business, government and medical sectors are wondering how to prevent ransomware from taking root on computers and spreading across networks.

Protecting Your Business from Ransomware

During the second quarter of 2018, the typical ransomware payout was $36,295. Due to the high-cost nature of recent ransomware attacks, businesses have grown concerned about their online security. Each time you update a set of security programs and install the latest patches, a new round of viruses are being written to bypass security. Many of the recent cases of ransomware attacks have started with one machine and moved to connected computers on the same network. Ransomware often goes undetected, at least initially, even by some of the savviest computer users.

Knowing how to detect ransomware is crucial for all companies that hope to stay competitive in the increasing online economy. In most industries, system problems that last just a few hours can cost a company thousands of dollars. When ransomware spreads across a company’s computer system, it becomes difficult for IT techs to contain and remedy.

What is Ransomware?

Ransomware is a type of malware that encrypts a user’s hard drive and makes all files unreadable until a ransom amount is paid to the entity behind the attack. A ransomware virus will generally infect a computer in one of two ways: through a drive-by download or from a phishing email.

In a drive-by download scenario, a person might visit a website that appears legitimate, only to have the browser overtaken by a prompt that offers a false dilemma, such as asking the user to confirm the download. If the user presses “no” or “deny,” the threat actor uploads the ransomware to the user’s computer anyway.

With phishing email, a user receives a message that appears to be from someone they know or a company they work with. The email might ask the user to visit a website to provide more information. If the recipient clicks on the link, a similar situation to the drive-by download can occur, where a popup appears and takes over the computer, locking out the user.

How Does Ransomware Work?

Once a ransomware virus downloads itself onto a computer, the virus makes files on the machine un-viewable. The virus can also spread to peripheral drives and other computers on the same network. When a ransomware virus infects one computer on a company network, the whole entire company could effectively have its system breached, pending the isolation and removal of the virus in question.

Ransomware is accompanied by messages that inform the victim that computer files and data will not be readable until a ransom amount has been paid. The virus keeps the files in an unreadable state by encrypting different file types with strange extensions, such as .xyz, .locky, .vault, .zzz, .petya, .ttt, and .aaa. Even if the ransom amount is paid, the files might remain unreadable. Often times, the ransom goes up to a higher amount.

U.S. law enforcement agencies advise against paying ransom to the threat actors behind these attacks because doing so can encourage further ransomware hits. Instead, victims can try decryption software, which can sometimes unlock affected files, making them viewable again. Scan the affected computer for malignant attachments and return the system to an earlier state, if possible. Backing up an operating system when it’s virus-free makes it easier to restore the machine in the future, if necessary.

Ransomware Targeting Businesses

In its August 2019 report on ransomware attacks, antivirus firm Malwarebytes tracked a 363 percent increase in incidents over the prior year. The rise in recent ransomware attacks on businesses has spurred a 34% increase in cyber insurance since 2017. The fact that threat actors have cost businesses thousands of dollars in the span of months is an indicator of the growing sophistication of the viruses in question. As such, IT techs must be knowledgeable about how ransomware targets businesses in today’s online environment.

Individuals were once seen as soft targets by the entities behind ransomware-type viruses. In recent times, however, threat actors have stepped up their efforts to target companies and large corporations. The idea here is to infect the machines of one or several staff members at a target company and spread the virus onto other machines in the company’s network.

How Does Ransomware Spread Across a Network?

When ransomware is initially encountered on a network computer, the virus targets the company’s domain controller to spread itself across the network. This is done with a self-enacting PowerShell script, which decodes and opens a reverse shell that allows the threat actor to penetrate the first in a sequence of network computers. The domain controller then duplicates the virus onto other machines in the network. Such viruses will typically enact a number of tasks, such as the suspension of system files and the execution of pre-installed infections.

Some of the worst cases of network attacks have started on the machine of an unsuspecting company employee who opens an email or clicks on a link that immediately overtakes the machine. Often times, the individual will initially try to end the program and only report the matter after it becomes obvious that files cannot be opened or that an unknown extension file cannot be ended in Task Manager. By the time the matter is reported to IT staff, the ransomware will have spread to numerous other computers on the company’s network.

Company networks tend to be more vulnerable when certain computers within the network are older and lack the capacity for today’s more advanced security patches. A ransomware virus might download on to one of these machines and then spread to other computers on the same network. Ransomware can also spread across a network when infected files are shared between colleagues on a company cloud server.

Recent Ransomware Attacks

During the first quarter of 2019, ransomware attacks saw a 195-percent spike over the prior quarter. During that same period, ransomware attacks on individuals dropped by 33 percent. The shift has marked a change in tactics among threat actors, who have recently grown more emboldened to target larger businesses.

In 2018, the FBI received 1,394 complaints about ransomware attacks, which were estimated to be responsible for $3.6 million in losses for the parties affected. However, such figures have not taken into account the number of computer users that have not reported such attacks to the authorities. The true number of ransomware victims, both knowing and unsuspecting, is expected to be far higher.

The healthcare industry has been a frequent target of ransomware attacks. In its 2018 report on Internet crime, the FBI noted 337 cases involving hospitals, companies and people in the public and private healthcare sectors. The attacks resulted in $4.7 million in losses.

Between June 2018 and June 2019, companies within the U.S. were the target of 53 percent of the world’s ransomware attacks. Canada came in second at 10 percent, followed by the U.K. at nine percent with Brazil and Italy each with seven percent of global ransomware incidents.

How to Prevent & Detect Ransomware

There are things companies can do to help prevent a ransomware attack. Remind employees to be cautious with any emails they receive. If they can’t verify that an email is from a particular organization or individual, encourage them to report it. It’s also a good idea to be careful when visiting websites and to ask employees to double-check the URL before they click “enter.”

One way for employees to verify that a website is the real deal before they visit it is to have them search for the site on Google, rather than click through an email or type in a link.

It’s also important for a business to back up files and data regularly. Duplicate all of your company’s data on external drives. Once copied, disconnect the external drive from your computer. Perform this step every day, if necessary, to avoid the loss of any critical data.

If you think that ransomware has downloaded onto a network computer, turn off the machine and report the incident to your company’s IT department. Check other company computers to see if the virus has spread.

To stop the virus, IT techs will quarantine the first computer and run diagnostic tests. The computer should not be reconnected to the network until it’s either virus-free or restored to an earlier back-up version. In some instances, IT might need to wipe the computer and reinstall everything.

To keep your company safe from ransomware attacks in the future, hold training sessions frequently. During these sessions, have IT techs cover all the basics of ransomware prevention with your team members. The topics covered in these sessions should go into detail about the warning signs, such as seemingly innocuous or friendly emails and the links contained within such messages.

Have your workforce undergo testing to ensure that they know how to identify potential threats. Your IT team might design a fake phishing email and send it across the network to see whether all of your company’s rank and file and informed enough about ransomware to pass the test.

Contact PCS to Protect Your Company’s Data Today

The rise of ransomware has followed the general pattern of malware viruses. As security systems grow tighter, threat actors work harder to bypass security patches and system firewalls. Every time that a new patch is devised to protect computers from existing threats, cyber thieves and hackers are working on their next round of attacks. Consequently, ransomware could make its way onto your company’s computer system. if the people on your workforce do not how to prevent ransomware from taking root on the company network.

Of course, not all companies know how to deal with the spread of ransomware. Regardless of the markets you serve, your team should ultimately be able to focus on its own areas of expertise while working and interacting online and via cloud servers without fear of viruses, hijacked files and ransom messages.

At PCS, we provide data backup and protection services for small businesses, schools, hospitals, insurance agencies, accounting firms, and various other companies. Contact us today to learn more about how our services can protect your company from ransomware attacks.