Friday, April 12, 2024
spot_img
spot_img

Everything about Ransomware you would want to know, an insight for SME

spot_img
spot_img
- Advertisement -

                                        By Mr. Kaushik Pandya

Today’s digital world is very much prone to cyber-attacks, and, Ransomware accounted for 20% of the cyber breaches in 2022. Every type and size of business will suffer from this phenomenon, but the focus will be more on small businesses due to their unprepared environment for the threat.

Let’s look at some statistics of Ransomware attacks:

Ransomware statistics

• In the first half of 2022, there were around 236.1 million ransomware attacks globally.

• During 2021, at least 15.45% of internet users worldwide experienced at least 1 malware-class attack, which includes ransomware.

• Ransomware accounted for around 20% of cyber breaches in 2022. For comparison, using stolen credentials (hacking) accounted for 40% of breaches in 2022, and phishing accounts for around 20%.

• Just 13% of organizations reported suffering a ransomware attack and not paying the ransom in 2022.

• At least 130 different ransomware families have been uncovered. Gandcrab is the most active family, with 78.5% of reported attacks attributed to it.

• The top 10 countries most affected by ransomware attacks are: o Israel o South Korea o Vietnam o China o Singapore o India o Kazakhstan o Philippines o Iran o UK

• 93.28% of detected ransomware files are Windows-based executables. The next most common file type is Android, at 2.09%.

• Ransomware attacks increased by 51% in 2022 in comparison to the previous year.

• In India, the majority of the attacks are observed in Datacentres/IT/ITeS sector followed by the Manufacturing and Finance sectors.

• Ransomware groups have also targeted critical infrastructure in H1 2022 including Oil& Gas, Transport, Power

• The most common entry point for ransomware attacks is through phishing, with 41%.

• 90% of ransomware attacks either fail or result in zero losses for the victim.

• It’s estimated that, by 2031, a ransomware attack will occur every 2 seconds.

• Ransomware attacks are evolving with increased use of legitimate tools like “Anydesk” for remote administration, which ensures continued command and control by the attacker.

• By executing the scripts to reboot victim machines in safe mode, threat actors are able to evade security solutions and carry out further activities.

• Development of customized payloads along with cross-platform functionality to target multiple platforms

o Linux based Systems    

o Virtualised environment

o Backup storages

o Cloud environments

• For cloud-based systems, ransomware groups are wiping the data instead of encrypting, after data exfiltration.

What is Ransomware?

In Bollywood or Hollywood films an individual is taken into custody to get some money from his/her first-hand family, and, such cases also happen in real life. Similarly, in this digital world, if your computer gets hacked with the help of malware, encrypting your data in a non-readable format and returning it to the original state by decrypting the same, you are asked to pay a handsome amount. This version of virus or malware is known as “Ransomware”.

The first demand for Ransomware was detected in 1989 for $ 189, which has now grown to many folds and most of the time the money demanded is in the form of digital currency like Bitcoin. Many cases are known to the world where the victim has paid millions of dollars to get the data decrypted. Many times it is also observed that Ransomware is used to disrupt the Government or business operations of one or more countries and cause a panic situation.

Let’s understand how Ransomware works and how we need to defend ourselves.

How does Ransomware work?

Ransomware normally enters your computer system through an email or as a malware through browser. The email variant, which is a phishing mail, contains a malicious link or an attachment to download. Once opened this link will install malware in your computer and immediately start encrypting all the files inside your computer systems. If your computer is connected to a network, it will spread like a human infection to other computers and encrypt the data in those computers also. All the extensions of the files will be changed to some weird extension and while trying to open the file a message appears contacting some group or individual to get the decryption code to get your data back!!!

Affected parties normally have two choices, first, if they have data back-ups, they can restore it and start operations with extended security. Secondly, if you do not have data back-ups and your data is very important and sensitive that you cannot afford to lose them, therefore, end up paying them the ransom amount demanded by the cybercriminals and get the data back. But, in many cases, it also happens that even after paying the ransom, the decryption keys or programs are not given to the suffering parties just for the sake of sadistic pleasure.

Understanding our mistakes, will defend!

Cybercriminals generally exploit the lack of awareness of employees. Phishing attacks are randomly done to many organizations and most of them make common mistakes leading them to Ransomware attacks. It is observed that most organizations do not put enough effort into training their employees about likely cyber attacks. Following are the few important points to be observed.

1. Beware of links: Due to a lack of training and awareness, employees click on links or attachments that initiate the Ransomware attack.

2. Antivirus: Many times Antivirus software used is in free versions which are not capable of defending, not capable of providing an upgraded defense mechanism.

3. Illegal Operating Systems: Illegal operating systems installed on computer systems do not provide essential patch updates which provide a defense mechanism against the latest vulnerabilities.

4. Lack of Cybersecurity planning: Most Small and Medium organizations do not take Cybersecurity as a serious matter to be considered, therefore, not having any Cybersecurity planning and proactive actions. They fall prey faster to Cybercriminals.

5. Do data back-ups: Having multiple copies of data back-ups on different devices can save you from Ransomware attack after effects.

Can you avoid a Ransomware attack?

Yes, proactive and planned actions can save you from a Ransomware attack. Adopting these simple five steps will defend your fort to a large extent against a Ransomware attack.

1. Use legal operating systems, and avoid pirated or counterfeit copies.

2. Do not install unknown software from an email link.

3. Use a good reputed antivirus and keep it always updated.

4. Keep backups of your data, multiple copies on different devices.

5. Train your employees to identify spoofs and phishing.

Here are 5 common misconceptions about ransomware that I hear all the time:

#1. “If I just pay the ransom, I’m guaranteed to get my files back.” That is false, as there is no guarantee. I have seen cases where people pay the ransom, and they don’t get their files back or they only get some of their files back. Keep multiple copies of your data on different devices.

#2. “If I don’t surf the Internet at work, I won’t get ransomware.” This is also false. Victims usually get ransomware through a link in an email. Of course, third-party websites do pose a risk but you can also get ransomware from legitimate websites, even from third-party advertisements and links on a site you visit all of the time. Train yourself and your employees to identify spoofs and phishing.

3. “We’re just a small business, we’re not a target for ransomware.” Not true. When ransomware is distributed, it may not target a specific industry or place; it usually just spreads like a plague. For instance, when the WannaCry virus was released, many people thought it was just attacking healthcare companies overseas, but that wasn’t the case. The hackers were using a Windows SMB exploit on computers that weren’t up to date with their operating systems in over 150 countries worldwide. It doesn’t matter if you’re a big company or a small company or even just at your home computer. Ransomware goes out to everyone and whoever clicks on the download link can be infected.

#4. “Ransomware attacks will go away.” Someone recently told me that ransomware will be gone in the next few years. No, it won’t! Ransomware viruses may change or evolve, but they won’t disappear. The variants we see now are a lot different than the ones we saw just a few years ago. Old variants of ransomware are rewritten and redistributed because people still pay the ransom. The more everybody tries to protect themselves, the more hackers have to come up with new ways to breach your system and encrypt your data.

#5. “Antivirus is enough protection against ransomware.” Just like the customer who claimed not worried about ransomware, 86% of SMBs say they are satisfied with the amount of security they provide to protect customer or employee data. Although, most of them don’t realize that no antivirus will provide 100% protection against ransomware. While some programs can protect you to a degree, that doesn’t mean that you’re not at risk. As I discussed in the previous point, people are writing and rewriting viruses every single day which makes it nearly impossible for antivirus companies to protect you.

About the author: Mr. Kaushik Pandya is a cyber security expert and information and communication technology veteran, running his ICT consultancy firm for the past 35 years. He is the immediate past President and Advisor of the Federation of All India IT Associations of India, popularly known as FAIITA. He is also the founder and trustee of the Techno Nationalism Foundation.

Covered By: NCN MAGAZINE / Ransomware

If you have an interesting Article / Report/case study to share, please get in touch with us at editors@roymediative.com , roy@roymediative.com9811346846/9625243429

- Advertisement -
spot_img
spot_img
spot_img
spot_img