Feel the Xmas spirit but do not nibble the bait: Α complete Ransomware guide

Visa’s data shows (November 16, 2023 report) that for the top merchant categories targeted by fraudsters 2022 holiday fraud rates increased 11% over their non-holiday fraud rate and saw an increase of 8% over the previous year during this time, top merchant categories being business to business, telecommunications, insurance, automotive, home improvement and supply, healthcare, entertainment, education and government, lodging, airlines, drug store and pharmacies.

What do you know about ransomware?

Ransomware is a type of malicious software that locks and encrypts a victim’s sensitive data and demands a ransom payment in exchange for the decryption key. It calls for readiness and awareness.

How does ransomware typically work?

• Malware infection: For the ransomware to begin, the attackers must gain access to the victim’s system, the most typical methods being all forms of phishing, RDP abuse, credential abuse and software vulnerabilities which are the attack’s target. Once the malicious software gains access, it silently installs itself and will scans for files to encrypt.
• Encryption: Once the device is compromised, the attackers use a C&C (Command and Control) server to spread additional malware, they maintain persistent control over the compromised network (Lateral movement and persistence), they discover high-value data exfiltrate them to the C&C server and encrypt them.
• Ransom Demand: Upon completing the encryption process, a ransom note is displayed informing the victim of the attack and demanding a ransom payment.
• Payment pressure: The ransom note typically includes a payment deadline, often with warnings of increasing the ransom amount or permanently deleting the encrypted files if the deadline is missed. This causes a sense of urgency and pressure for the victim to pay and receive the decryption key.

What are the different types of ransomware?

• Crypto-ransomware: Crypto-ransomware is a malicious software that locks files and demands payment in exchange for the decryption key.
• Locker-ransomware: Locker-ransomware prevents victims from accessing their data or devices, without encrypting files.
• Scareware: Scareware is a type of scam. Attackers blackmail the victim with a supposed data breach trying to trick victims into paying a ransom by claiming that their device has been infected with malware.
• Doxware: Also known as leakware, extortionware or exfiltrationware threatens to release a victim’s sensitive data to the public or sell it on the dark web if a ransom is not paid. This data may include personal information, financial records or confidential business documents.
• Ransomware-as-a-Service (RaaS): RaaS is a cybercrime business model where cybercriminals rent out or sell ransomware software and tools to other attackers. Developers may receive a percentage of the attack profits.

Shall an organization pay to regain access to their data?

It is strongly advised by cybersecurity experts to avoid paying. Giving in to the attackers’ demands can embolden them and make victims more vulnerable to future attacks. Moreover, there is no guarantee that paying the ransom will result in the delivery of the decryption key. It is, therefore, advisable to take proactive measures to prevent such attacks from happening, rather than resorting to paying ransom as a last resort.

How to protect your business from ransomware?

• Educate your employees about ransomware.
• Back up your data regularly.
• Use strong passwords.
• Enable multi-factor authentication (MFA).
• Use a virtual private network (VPN).
• Have a plan for responding to a ransomware attack.
• Test your disaster recovery plan.

Neurosoft’s Ransomware Readiness Assessment is the pinnacle of modern businesses’ security assessment. This service is designed to fortify your cybersecurity defenses and protect your organization from ransomware threats.