Ransomware attacks have increased in recent years, and these breaches can force organizations to pay millions of dollars in ransom or have their highly sensitive information exploited.
In this article, we bring you some tactics on ransomware; the history, types, and ways to protect against attacks.
Everything you need to know about ransomware:
- What is Ransomware?
- When was the First Ransomware Attack?
- What Are The Different Types of Ransomware?
- How to Prevent Ransomware Attacks: 8 Tips
- Protecting Your Organization From Ransomware
What is Ransomware?
Ransomware is a type of malware from cryptovirology (a particular discipline that hackers use to design robust, malicious software) that threatens to publish sensitive personal information and data, or block access unless a ransom is paid.
Despite increases in security, hackers have also evolved their cyberattack tactics and can breach much more complicated systems.
In particular, the healthcare industry has seen a rise in these attacks with substantial data breaches and ransoms. The healthcare industry not only faces more ransomware attacks today than any other critical infrastructure, but is also the most likely sector to pay ransom.
Regardless of your industry, it’s essential to educate your team and learn how you can take proactive measures to protect your organization’s highly sensitive information.
When was the First Ransomware Attack?
The first known ransomware attack, known as the AIDS Trojan, targeted the healthcare industry in 1989. This attack was carried out by Dr. Joseph Popp, an AIDS researcher, who distributed 20,000 floppy disks to AIDS researchers across the globe. He claimed the disks contained a program that analyzed an individual’s risk of acquiring AIDS. However, the disk also contained a malware program that was activated after an infected computer was powered on 90 times. At this point, the malware displayed a message demanding payment to unlock the user’s computer.
What Are The Different Types of Ransomware?
There are several types of ransomware with the most common being scareware, screen lockers and encryption ransomware.
If you’ve ever streamed a video on a less-than-reputable website, you’ve likely run into the scenario of a popup coming onto your screen saying, “Warning: malware has been detected.”
These are fairly common but relatively low impact and easy to limit your exposure to. As the name implies, it’s primarily a scare tactic.
Screen Locker Ransomware:
This type of ransomware can often be found while browsing websites. Shortly after entering a website, your screen will become completely frozen.
Along with a frozen screen, creators of this ransomware will accompany your locked screen with an official-looking organization seal, such as the FBI or Department of Justice, mentioning they’ve detected illegal activity.
While coming into contact with an official-looking seal and a locked screen can be intimidating, the simplest way to remedy your situation is via control+alt+delete (command+option+escape on a mac) to force quit the program. If that doesn’t work, restarting your computer will suffice.
Encryption ransomware is the most common form of ransomware we see today. Imagine a hacker captures your information and encrypted it, and it is now impossible to get back.
The only way to get your information back is with an encryption key provided by the hacker, who demands payment via cryptocurrency (Bitcoin). This type of Ransomware can happen to anyone, from individuals up to enterprise organizations.
However, recent research has revealed that out of the 32% of organizations that are encryption victims and pay ransom fees, only 8% of them get all of their data back. Nearly a third of the victims couldn’t recover even half of their encrypted data.
How to Prevent Ransomware Attacks: 8 Tips
The list of things your organization can do to prevent a ransomware attack is nearly endless, but here are eight things you can do to limit your exposure:
- Have a ransomware remediation plan
- Educate personnel
- Increase password complexity
- Consider migrating to the cloud
- Keep systems updated
- Install an anti-virus software
- Leverage anti-phishing software
- Add external email warnings to your inbox
We can break these down into an offensive approach and a defensive approach. While it may appear that an offensive approach suggests an outward attack on hackers, it simply means your organization deploys a proactive approach to protecting your assets.
Below, we compile a sample of items you can leverage to protect your organization from a potential ransomware attack.
1. Have a ransomware remediation plan
Similar to a disaster relief plan, preparation is vital. Without a plan, your team will be shooting from the hip should your company ever succumb to a ransomware attack.
As you build out your plan, be sure to format it as an IT playbook that you can reference with a collection of actions to address in the unfortunate event of a ransomware attack. This playbook should include set roles and communications that must be shared following an attack.
In addition to creating a playbook, ensure you have backups in place and build security policies to ensure you’re prepared. With a protocol set in place, your team will be more relaxed and confident in your ability to address an attack.
2. Educate personnel
Educating employees on common tricks, what to look out for, and how to identify suspicious activity is a great way to minimize the number of ransomware attacks in your organization.
There are also some handy tools out there that can simulate phishing programs that better prepare your team to recognize the signs of potential threats and inform you on how your organization compares with the industry.
3. Increase password complexity
Weak passwords are a driving force behind the success of ransomware attacks. It goes without saying that “1234” won’t suffice as a robust password. Be sure to put in place best practices to increase your password complexity for your organization.
Providing password managers to your employees can help prevent them from using “favorite” passwords across multiple accounts.
From multi-factor authentication to password generators to mandatory lengths and character types, take action to increase the complexity of your passwords to help prevent a ransomware attack.
4. Consider migrating to the cloud
Cloud-based architectures are more challenging for hackers to exploit than on-premise systems.
Furthermore, cloud storage enables you to restore older versions of your files – so if your files do get encrypted by ransomware, you’ll likely be able to use cloud storage to revert to an unencrypted version.
Note: some storage requires the user to enable versioning because it defaults to disabled.
As you move forward with your offensive approach, it’s essential to leverage defense as part of your strategy to prevent ransomware attacks. While no defense is entirely indestructible, it’s valuable to help prevent ransomware attacks.
At AIM Consulting, we tend to think of the defensive approach similarly to locking your car; if a thief walks by and your door is open, they’re very likely to take whatever is inside. On the contrary, if your door is locked, a thief is much less likely to break your window.
A similar concept can be applied to the below defensive measures you can take.
5. Keep systems updated
Applying the latest updates to your organization’s systems, software, and applications can help to close the very security gaps attackers are seeking to exploit.
If possible, turn on automatic updates so you don’t need to consciously think about applying the newest security patches.
6. Install an anti-virus software
Most of us have heard of this, and you likely already use this on your computer. Use an anti-virus that is capable of detecting and cleaning up Ransomware when it occurs.
A great example is Bitdefender, which can detect Ransomware on your system and stop the attack before your hard drives are encrypted.
7. Leverage anti-phishing software
Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites, emails, or other forms used to access data and block the content, usually with a warning to the user.
Anti-phishing software does a great job of scanning information to see if it’s been tampered with or not.
8. Add external email warnings to your inbox
Email is still, to this day, an essential communication tool used across the world. As such, it’s also a great way for hackers to leverage phishing techniques that are difficult to track.
Email spoofing is a common tactic (a sender pretending to be a director within the company), but you can prevent it by adding external email warning messages to your inbox. If you use Office/Microsoft 365, you can learn how to avoid email spoofing here.
Adding these features (or something similar based on your inbox) is an excellent way for your system to begin to recognize external emails and flag them before you ever open them, reducing your risk.
Protecting Your Organization From Ransomware
Ransomware is a very real threat to your organization and is not something to be taken lightly. The above offensive and defensive tactics are not an all-encompassing checklist to prevent a ransomware attack, but they can help when implemented with a proper strategy.
As you take both an offensive and defensive approach to ensuring your organization’s security, remember that cyberattack tactics will become more creative and sophisticated as time goes on, so be sure to check in on systems to confirm they’re up to date.
How AIM Consulting Can Help
AIM Consulting helps companies maximize their security and increase their resilience to ransomware attacks. If you’re considering investing in your cybersecurity technology, start the conversation with AIM Consulting and learn what your options are to build a fortress against cyberattacks.
Need Help Protecting Your Organization From Ransomware?
We are technology consulting experts & subject-matter thought leaders who have come together to form a consulting community that delivers unparalleled value to our client partners.