Are You a Victim of a Ransomware Attack?

Have you ever experienced when you opened your computer to find it had been locked with a ransom note demanding cash immediately? In 2018 Ransomware attack grew by 350% reaching a total of 812 million infected devices. Leave a small country like Sri Lanka behind. Let's take a powerful country like the United States. The Emsisoft Q1 and Q2 2020 research shows that in 2019 Ransomware attacks against 966 U.S. government, healthcare and educational entities cost $7.5 billion. Scary, right...!? Does your business, institution ready to deal with this cyber threat? Let's begin our journey through Ransomware!!!

 

Before we start, let's know what a Ransomware is. A Ransomware is simply a type of malware (malicious software) designed to deny access to the files on the user’s device. If you are a user, your computer is attacked by encrypting these files which only the malware operator can decrypt them. Ransomware is categorized into two main types as crypto-ransomware and locker ransomware. Crypto ransomware encrypts valuable files on a computer to avoid the user accessing them. Most of the time Cyber thieves conduct crypto-ransomware attacks to make money by demanding that victims pay a ransom to get their files back. In Locker ransomware, it locks the victim out of their device, preventing them from using it without encrypting them. Cybercriminals carrying out locker ransomware attacks will demand a ransom to unlock the device once they are locked out. A wide range of ransomware is out there under these two main types, including Ryuk, Locky, Wanna Cry, Bad Rabbit, Troldesh, and a hundred of thousands of others.

 

How Does a Ransomware Attack work?


If you are curious about how these types of attacks work, let me create a simplistic view of a ransomware attack and how it infects the network of your organization.

 

The battle begins with an email sent by a threat actor with an attachment to a malicious link. This email bypasses the spam filter hitting the user’s inbox. Without thinking twice, the user opens the malicious email and clicks a link, or downloads an attachment. Then BOOM! Your poor antivirus fails to block the threat. The malware .exe is delivered and the payload is executed on to the user’s machine and files are encrypted by the malware. Now the victim has no escape! Stepping forward, a ransom note is sent asking for payment in untraceable bitcoin. The attackers spread the virus through the organization for maximum effectiveness of the attack.

 

Are You Vulnerable to a Ransomware Attack?

 

If you are the attacker, what is your target? It’s obvious to spread the threat as much as possible. So, the “Quality over Quantity” would be your preference. That’s why these cybercriminals target larger organizations and demands more substantial ransom payments from each target to make a profitable attack. Some of their common targets are City/ Local Governments, Hospitals, Industrial Sectors, Law Firms, HR departments, etc. Some organizations become targets as they seem more likely to pay a ransom quickly. For instance, government agencies and medical facilities often need immediate access to their files, and Law firms and other organizations with sensitive data may willing to pay to keep news of a compromise quiet that is uniquely sensitive to leakware attacks.

 

Never be a Victim of a Ransomware Attack

 

It is too late to save your system by the time the ransom message pops up on a machine. Yet, taking necessary actions can help to protect against and prevent a ransomware attack from occurring in the first place. Automated Backups that were taken recently will hold you on paying the ransom, Minimizing Attack Surface by keeping vulnerabilities patched, antivirus updated, and unnecessary services disabled reduces the attack surface, maintaining an Incident Response Plan to ensure that the IT/security team properly handles a potential incident, Endpoint Monitoring, and Protection to identifying ransomware infections early, Ransomware Insurance to minimize the cost of recovering from a ransomware attack could help reduce that vulnerability.

 

Cutting the Long Story Short

 

Ransomware is a security threat to any organization but preventable. If you take the necessary action as mentioned above to minimize the probability of infection and ensuring that clean backups are available for system restoration can dramatically decrease ransomware attacks.


Reference

Location: Sri Lanka

Comments

  1. Dulanga KithminiNovember 16, 2020 at 10:33 AM

    When it comes to ransomware attacks, prevention is always better than cure. Therefore the best thing is to be aware of these things. Nicely explained. Keep it up!

    ReplyDelete
    Replies
    1. Ruvy RathnayakeNovember 21, 2020 at 5:20 AM

      Of course, if you take the necessary actions, it is preventable and thank you for sharing your thoughts. I found this article and it would be helpful to know how to avoid these attacks as users. https://www.kaspersky.com/resource-center/threats/how-to-prevent-ransomware

      Delete
  2. Suranga WijayarathnaNovember 16, 2020 at 10:28 PM

    This article gave me a comprehensive knowledge about ransomeware.Nicely written.keep it up!! :)

    ReplyDelete
  3. KaviiNovember 17, 2020 at 1:32 AM

    Good read. Never thought ransomware was causing this much damage.

    ReplyDelete
  4. Pramodi HerathNovember 17, 2020 at 5:14 AM

    Definitely haven't been on the know about gravity of ransomware attacks. Very informative and the flow of the post is wonderful. Keep up the good work Ruvishka!

    ReplyDelete
    Replies
    1. Ruvy RathnayakeNovember 21, 2020 at 5:26 AM

      Thanks Pramodi. Here's some tips to avoid them as users. https://www.kaspersky.com/resource-center/threats/how-to-prevent-ransomware

      Delete
  5. Piumika RajasekaraNovember 17, 2020 at 6:20 AM

    Amazing write-up! Thanks for sharing this information with us. Looking forward to read more!

    ReplyDelete
  6. nuwandilshan2561November 17, 2020 at 6:40 AM

    Very well explained

    ReplyDelete
  7. Osura WeerasingheNovember 28, 2020 at 5:34 AM

    Very informative article. Its 2020 and we see Sri Lanka also in the list of countries affected by ransomware attacks.

    ReplyDelete
    Replies
    1. Ruvy RathnayakeNovember 28, 2020 at 9:36 PM

      Yeah Osura, in Q3 2020 Sri Lanka is listed under top 5 countries affected by ransomware attacks and it is increased by 436%. And you know what? Most of the time these attacks happened while playing Internet games or while trying to obtain cracks from various websites.

      Delete
  8. Santhoopa JayawardhanaDecember 5, 2020 at 10:38 PM

    With the increase in ransomware attacks around the world, it is important to have an idea about these types of attacks to protect against them. A very good article on ransomware.

    ReplyDelete
  9. Rajitha GamageDecember 9, 2020 at 10:49 PM

    we are at a data world. It is essential to know about these kind of attacks. Thank you for making us aware about those.

    ReplyDelete

Post a Comment

Popular posts from this blog

Why an Effective Security Operations Center (SOC) is Essential for Your Organization?

Image
I n this technology-driven world, every business, despite the size, make committed efforts to protect their sensitive data from sophisticated and targeted cyberattacks. The probability of a breach has increased, so does the cost to mitigate them. Organizations are ceaselessly working on finding reliable defensive strategies against cyberattacks. This is the point where a Security Operations Center (SOC) comes to the stage. A Security Operation Center (SOC) is a centralized function within an organization engaging people, processes, and technology to continuously monitor and enhance an organization's security posture while preventing, detecting, analyzing, and responding to anomalous cybersecurity activities. It acts like the hub or central command post, taking in telemetry from across an organization's IT infrastructure such as networks, devices, appliances, and information stores etc. How a SOC Works? A SOC is an example for the software as a service (SaaS) software model whic
Read more

Let’s Mitigate the Cyber Treats in Video Surveillance

Image
2016 will be remembered as a year in which the physical security industry’s got backfired with their apathy towards cybersecurity with a massive distributed denial of service (DDoS) attack caused outages of influential websites like Amazon and Twitter. If you are familiar with the “Mirai Virus”, you may have a clue on what I am talking about. Mirai is a self-propagating botnet virus, which enters a camera by logging in using one of 61 default or common weak passwords that are capable of flooding any site on the web while still acting like a normal camera. It is estimated as 100,000 devices were hijacked by hackers, including network security cameras in this very incident. Got your attention now? Welcome to today’s focus, “Video Surveillance Cybersecurity”. What are the Potential Vulnerabilities of Your Video Surveillance System? A collection of equipment and software that provides security and safety can simply mention as a physical security system. CCTV (Closed-circuit television)
Read more