Everything to know about Ransomware
If there is one concept that has gained popularity in recent years in the business world, it’s As a Service, or XaaS if you’re an acronym fan geek. The simple concept has forged the way for many services, including cyber security services, to be designed and marketed as XaaS.
But humanity always finds a way to surprise us, and after we thought we’ve seen everything, it seems that hacking systems are also being sold in the XaaS model, specifically ransomware as a service.
© Commonwealth of Australia 2020.
What Is a Ransomware Attack Anyway?
Popular among hackers and involved in 22% of all cyberattacks, a ransomware attack begins with the installation of malicious software. This malware is designed to lock our data and hold it “captive” until the hacker’s demands are fulfilled. The malware can encrypt the information or lock our device, thus preventing us access.
After the requirements are met, usually in the form of cryptocurrency payment, the victim only has the attacker’s promise to rely on.
There are several types of ransomware:
This type of malware locates files that seem important to the user – texts, documents, images, PDF and more. It encrypts the information, thus preventing access to it. When the victim is an individual, the ransom usually amounts to several hundred dollars, and the requirement includes a transfer of the payment up to 72 hours, otherwise, the data is permanently deleted.
When the user is locked out of the device, and the ransom message appears on the screen.
Perhaps the most cynical of them all, this attack mimics software that scans for security issues, such as antiviruses, and alerts us of critical findings. The error messages that appear to detect faults mimic legitimate antivirus software, and give a sense of reliable source by providing the IP address and geographic location information, or using the names of reputable and trusted companies. Afterward, access is denied until the victim allows the malware to repair these issues, for an additional fee.
Ransomware that threatens to leak victim’s data to sites on the Dark Web. the attacker might sell this information or leak it to sites for free.
How Does Ransomware Infect Devices?
Victims of ransomware can be individuals or corporations with vulnerabilities in their defense systems, such as hospitals. This malware usually reaches our devices in one of three ways:
Tail as old as time, attack as successful as ever, this method has proven itself time after time. Emails and SMSs appear to have been sent from a legitimate source, and their purpose is to get users to open links and download infected files.
For further reading on how to identify a phishing attack and defend yourself, continue to our full phishing article.
Source ProvenData HotSpot Shield
Incorrect configuration of the RDP
The remote desktop protocol, or RDP for short, might be the favorite feature for those of us who still use the “turn off, turn on” method. However, this protocol can be a major vulnerability and an opportunity for hackers to install ransomware if the settings are not properly configured. This usually happens when:
- A company is setting up its network for the first time
- The IT team is inexperienced and hasn’t closed the ports properly
- Outsourced IT team leaves ports open for remote monitoring.
- Lack of two-stage identification
- Weak/old passwords
What criminal doesn’t need his toolkit, and hackers are no different. These kits include a collection of malware and codes, which scan for known vulnerabilities in the victim’s device defense systems. These kits make initial contact with the victim’s device through Malvertising- websites or advertisements that contain malicious codes and collect data regarding the user identity. The kit then scans for known vulnerabilities in the site, network, and browser protection protocols. Following the installation into the device, the ransomware can spread to the corporate network and lock access to work documents.
Ransomware As a Service
After SaaS, IaaS and Paas, it’s time for Ransomware as a Service to make headlines. This model allows users who have purchased a subscription to take advantage of ransomware tools for their use. The RaaS developers receive a percentage of every ransom paid, and that’s how the operation keeps running.
Like SaaS users, RaaS users do not need to have knowledge or experience to take advantage of the capabilities of this tool.
As with any successful business model, RaaS starts with talented people trying to raise funds. Ransomware developers need to have a professional reputation in the hacking world to attract investors who are interested in software with a high chance of success in penetrating devices and networks. Once the software is developed, it is adapted to fit the service model and is sold as a monthly subscription or for single use.
Surprisingly or not so, this business model does work, with a 33% increase in the average ransom payment since the first quarter of 2020, bringing the numbers to more than $ 100,000 on average for just one payment.
The increase in profit is also related to the victims- From private individuals and small businesses, now the main targets are medium-sized companies who are willing to pay a hefty fee for their locked information.
How To Protect Against Ransomware?
In order not to fall victim to this brutal attack, we must adopt security procedures that prevent the download of a ransomware virus into our device and incorporate advanced protection systems which detect these attacks. In the case of an organization or business, those responsible for the organization’s information security, such as the CISO, must ensure the implementation of these procedures and the integration of security systems such as:
- You have purchased a reliable antivirus
- Choose passwords – Choose strong passwords with uppercase and lowercase letters, numbers, and characters. And perhaps most importantly, do not recycle the same password for all your accounts.
- Restrict user access and deny login