Malware, short for malicious software, is a generic term used to describe viruses, ransomware, worms, trojans and other harmful computer programs cybercriminals deploy to wreak destruction, gain access to sensitive information, encrypt and steal data, and extort money from their victims. According to Microsoft, “[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network.” Software is categorized as malware based on its intended use, rather than a particular technique or technology used to build it.
One way to differentiate the different types of malware is by how the malicious software spreads. As an example, a worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer. A virus is a piece of computer code that inserts itself within the code of another standalone program, then forces that program to take malicious action and spread itself. A trojan is a program that cannot reproduce itself but masquerades as something the user wants and tricks them into activating it so it can do its damage and spread. While there are many other variants of malware, this article focuses on ransomware, but the defensive and mitigation strategies discussed below are applicable to all forms of malware.
WHAT IS RANSOMWARE?
According to Barracuda, ransomware is often the largest security challenge faced by businesses in the modern world, especially for small and medium sized businesses who lack the resources to effectively combat the malware.
Once ransomware infects your system, the malware locks or encrypts your most important data, or restricts end-users from accessing any of the computer’s main features allowing the hackers to demand a ransom. The cybercriminals will offer to provide a decryption key only if you pay a certain amount of money within a short time, usually in untraceable cryptocurrency like Bitcoin. Of course there is no guarantee that the hackers will provide a decryption key or that the decryption key will work, even if the ransom is paid. A new twist to ransomware schemes is that hackers are now also threatening to post the victim’s sensitive data online, upping the ante for third party claims against and damage to the reputation of the hacked enterprise.
Ransomware typically finds its way into a system through a malicious email attachment or through a malicious website that will begin downloading infected software onto the system. Phishing or Spear-phishing scams are commonly used to trick the victim into opening attachments by masquerading as or impersonating another person or organization that the victim already trusts.
Illustratively, the World Health Organization (WHO) has warned of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware
Ransomware Attacks Surge Amid COVID-19
The old adage that “there is no honor among thieves” is particularly applicable to hackers that exploit a global health crisis for their criminal purposes. According to the FBI, the bureau has seen a spike in cybercrime reports since the onset of the coronavirus (COVID-19) pandemic. Speaking in an online panel hosted by the Aspen Institute, FBI Deputy Assistant Director Tonya Ugoretz said the number of reports has quadrupled compared to months before the pandemic. “The FBI has an Internet Crime Complaint Center, the IC3, which is our main ingest point. Sadly the IC3 has been incredibly busy over the past few months,” Ugoretz said. “Whereas they might typically receive 1,000 complaints a day through their internet portal, they’re now receiving something like 3,000- 4,000 complaints a day not all of those are COVIDrelated, but a good number of those are.
The latest high profile ransomeware attack targeted sport and fitness tech giant Garmin which confirmed its recent five-day outage was caused by a ransomware attack. In a brief statement on Monday, the company said it was hit by a cyberattack on July 23 that “encrypted some of our systems…
As a result, many of our online services were interrupted including website functions, customer support, customer facing applications and company communications,” the statement read
But even before the Covid-19 pandemic, the pervasiveness and ease of ransomware attacks was alarming and the economic and business disruption impact on victims substantial. The statistics speak for themselves:
- A new organization will fall victim to ransomware every 14 seconds in 2019,
- 1.5 million new phishing sites are created every month. (Source: webroot.com)
- Ransomware attacks have increased over 97 percent in the past two years. (Source: Phishme)
- 34% of businesses hit with malware took a week or more to regain access to their data. (Source: Kaspersky)
- In 2019 ransomware from phishing emails increased 109 percent over 2017. (Source: PhishMe)
- A survey of 1,100 IT professionals revealed that over 90 percent had clients that suffered ransomware attacks in the past year. Forty percent had clients that were subject to at least six ransomware attacks. (Source: Datto)
- Ransomware development is so advanced that it is now even offered as “Ransomware as a Service” on the dark web with dedicated customer support. This means that executing a ransomware attack requires no technical knowledge. (Source: Barracuda)
- More than 6,000 online criminal marketplaces sell ransomware products and services. (Source: McAfee)
- An IBM Security survey found that only 29 percent of small businesses had experience with ransomware, making these businesses more likely to be unprepared for the threat. (Source: IBM)
- BakerHostetler’s sixth annual Data Security Incident Response Report shows an uptick in both demands and payments, stating the average ransom paid increased by a factor of 10 to $302,539; the highest ransom demand the law firm saw last year was $18.8 million.
- Global ransomware damage is predicted to reach $11.5 billion by year-end 2019 and $20 billion USD by 2021. (Cybersecurity Ventures Ransomware Damage Report).
HOW CAN COMPANY’S PREPARE FOR AND DEFEND THEMSELVES AGAINST RANSOMWARE ATTACKS?
While the explosion of the ransomware industry is cause for concern, there are a number of practices which companies can and should implement immediately to defend against and mitigate the impacts of ransomware attacks. The Cybersecurity and Infrastructure Security Agency (CISA), has recommended the following preventive measures to protect computer networks from falling victim to a ransomware infection:
- Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
- Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
- Set anti-virus and anti-malware programs to conduct regular scans automatically.
- Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary.
- Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If a user only needs to read specific files, the user should not have write access to those files, directories, or shares.
- Disable macro scripts from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
- Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
- Consider disabling Remote Desktop protocol (RDP) if it is not being used.
- Use application whitelisting, which only allows systems to execute programs known and permitted by security policy.
- Execute operating system environments or specific programs in a virtualized environment.
- Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.
Business Continuity Considerations
- Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working.
- Conduct an annual penetration test and vulnerability assessment.
- Secure your backups. Ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.
Related Article: Cloud Technology Makes Disaster Recovery Possible for All Businesses
HOW CAN OUTER EDGE HELP?
For over a decade, the IT pros at OET Advisors™, a division of Outer Edge Technology, LLC (“OET”), have specialized in designing, optimizing and managing cloud-based business solutions which deliver cost-effective, highly available, secure solutions. OET utilizes a collaborative approach with customers to implement strategies which reduce capital expenditures and drive operational efficiencies all while complying with applicable regulatory requirements and in-line with the customer’s business requirements.
We offer many security solutions which implement best practices to mitigate the threat of ransomware, including: Disaster Recovery as a Solution (“DraaS”), the design, installation and management of intrusion prevention solutions to make email and networks more secure, We offer many security solutions which implement best practices to mitigate the threat of ransomware, including: Disaster Recovery as a Solution (“DraaS”), the design, installation and management of intrusion prevention solutions to make email and networks more secure, the design, installation and management of advanced firewall and threat detection solutions and Managed Active Directory solutions to name just a few of our professional services offerings. We also design, install and manage highly secure, costeffective remote working solutions.
Related Article: Pandemic Survival GuideIT for Businesses Continuity and Remote Working