Protecting your business against Ransomware in 2023
What is a Ransomware attack?
A ransomware attack is a type of malware that blocks access or encrypts your data and displays a message demanding a fee to be paid. This type of attack is mainly aimed at businesses of all sizes. Recently it has become more common and dangerous as hackers have developed and perfected their technique.
A brief history
Let’s look at Ransomware attacks when it was at its height back in 2017, and then it seemed to take a bit of a turn as the AV vendors caught up a little and started to better detect Ransomware malware behaviour and recognise some of the signatures.
The Ransomware issue, together with user education, was on the wane but staying in the background.
What are the Various Stages of a Ransomware Attack?
Where it all started
The first Ransomware detected was a documented case back in 1989, where a Belgian company selling medical insurance received a floppy disk labelled AIDS Version 2.0.
Seeing as they were in the business of Medical and Insurance, it piqued their interest in statistics and it may be lucrative to their organisation. After running the application and filling out forms, the machine put up a strange message saying to pay £189 to a PO Box in Panama otherwise he would not be able to use the computer anymore.
They saw they had fewer files on their computer, and what was left had the filenames changed to some odd extension and they thought initially it was encryption. And although at the time it was hard to recover from that, by today’s standards it would have been time-consuming.
There is an interesting Virus Bulletin about it the following year saying that the concept was ingenious.
Up until the release of Bitcoin, Ransomware was a bit of a novelty. Yes, it’s tough if you didn’t have the backups to restore from, but it’s more of an annoyance and a disruption to the business.
The Ransomware attack we all know
This is where we start to see Ransomware doing its thing encrypting customer files, and then once encrypted, offering a key to recover and release your files once you make payment. With Bitcoin untraceable, it’s the ideal criminal method to obtain funds.
Everyone knows that Ransom shouldn’t be paid as it funds the criminal activity, but in the stark realisation that with no backups or hope of recovery, you can either not pay the ransom and have zero chance of recovery, or pay the Ransom and have a chance of recovery. But then you have the worrying chance, if you haven’t managed to secure the entry point, of it happening again if you haven’t eradicated it from your organisation.
Ransomware in 2023
Step forward to today. The tables have turned in the favour of the criminals again. Targeted attacks against some large corporate institutions such as Garmin, CWT, and others where the attackers have access to the systems weeks in advance. They perform the reconnaissance of the estate, identify the critical information of the business, extricate that data and then encrypt.
The message goes out that your data has been encrypted, and if you don’t pay the ransom, then you cant get your data back. However, now most of the world has wised up and invested in backups and recovery, the criminal’s next threat is they will release the data.
If payment is withheld, the attackers will release a subset of the data to strengthen that threat.
Businesses affected will of course, as soon as they can, inform the affected customers and users whose data has been taken, and report it to the authorities as well as the ICO, do all that’s necessary and legally required.
Businesses suffer the embarrassment of the leaked data. But now considering criminals release the data, and even if you do pay the ransom, you have no guarantee that they won’t Businesses need to consider the wider impact of them releasing it into the wild, or for sale on Dark Web internet rooms and boards. Customers could be hacked, money stolen, Identities cloned, the possibilities for that data are endless.
So we see Businesses pay the ransom, to prevent that stolen data from being released.
There is no phone number, there is no email address, there is no customer service Centre. Businesses negotiate in a public forum with the criminals, open for all to see, to bring to the conclusion these matters and pay the ransom if they have to, to protect, as well as they can, their customers.
Steps a Business can take to protect itself and its data against Ransomware attacks in 2023
How to prevent this? You might think you are too small for these types of attacks, but it does happen, even a simple automated on can cause havoc.
- User Education – it’s critical in any business that you keep yourself and your staff abreast of the latest threats and information. Educate your staff around these issues, never click on any links that you aren’t expecting to see, or receive. Watch out for third party links and messages from places such as LinkedIn.
- Invest in a fantastic Anti Malware solution. Just make sure the one you select is tested, it performs well in Antivirus tests and it tests for behaviour as well as works with a list of patterns it has in its database
- Backup, Backup, Backup. Although this is third on the list, we consider all of these to be critical to any business. Having your files in the cloud, for example, Dropbox or OneDrive, is more replication and if your files are impacted by Ransomware, then they will be replicated online.
- Test your backups, make sure they are working properly and you can easily recover from any outage.
