What is ransomware?
Ransomware is a damaging variant of malware, designed to lock victims out of their computers by rendering their data inaccessible. Hence the name; cybercriminals demand a ransom payment in exchange for the victims’ data.
Among many others, ransomware is most commonly spread through phishing emails or drive-by downloading where the a user is redirected to an infected website which downloads and installs the malware without the user’s knowledge.
What are the two types of ransomware?
The first type is locker ransomware, which partially blocks basic computer functions such as the keyboard and mouse, allowing the user to interact with the payment window, but rendering the rest of the computer inoperable. Unlike most, locker ransomware doesn’t target critical files.
The second type is crypto ransomware, which is the most common variant of ransomware, and while it doesn’t interfere with basic computer functions, it does encrypt important data such as documents, pictures, and videos. This type of ransomware is known to destroy all encrypted files if the victim doesn’t make any payment.
Damaging impacts on organisations
Ransomware can spread within minutes across a corporate network, making it a very real threat to organisations that rely on their systems for business operations. The loss of vital systems, even temporarily, can create a multitude of long-spanning problems for organisations.
Downtime
Gartner research found that the average cost of 1 minute of downtime is around $5,600. Depending on the size and scope of an organisation, the hourly cost can range between $140,000 to $540,000, showing how impactful 1 minute of downtime can be.
Reputation
Organisations rely on their reputation to maintain a trustworthy service, but a survey by The State of Consumer Data Privacy found that only 21% of respondents trust global brands to keep their personal information secure. Combining this with a ransomware attack can create serious reputational damage.
Business Operations
Ransomware can prevent access to critical systems, which can severely disrupt supply lines resulting in a long string of financial losses.
Liability
Data loss and theft is, fundamentally, down to the security steps organisations are expected to put into place. Having this data publicly exposed can result in extensive litigation costs, fines, and identity monitoring for user compensation, amongst other liabilities.
Loss of Business Data
Losing vital, irreplaceable data for which business success relies upon can lead to organisational failure almost instantly.
NHS Ransomware Attack (2017)
Did you know that medical records are worth 10x the amount of other data such as banking details to cyber criminals? This is why the NHS is a lucrative target for many cybercriminals, and in May 2017, the NHS was bought to a halt after ransomware spread across the NHS network, taking advantage of a software vulnerability within Windows called EternalBlue, which worked by exploiting the Server Message Block 1.0.
It begs the question, how was a government network breached? It was found that most infected devices were running Windows 7, which had an unpatched security vulnerability. One year prior, the Department of Health was warned about cyberattacks, and set upgrade work underway, however they did not formally respond to the warning until two months after the attack; a lack of urgency and funding that ultimately cost an astounding £92 million.
What can we do to protect against ransomware?
Backups
Keeping backups is a golden rule for individuals and organisations handling important data they’re not willing to lose.
Adopting the 3-2-1 rule is good to practice for maintaining a consistent backup procedure. It gives you multiple plans for restoring compromised data.
- Create three copies of your data
- Store two copies locally
- Store one copy off-site
Prevent Delivery and Spread
Setting barriers and filters across your network is one of the most effective ways to maintain robust cybersecurity.
- Filter specific file types to those you expect to receive.
- Block websites that are known to be malicious.
- Actively inspect content you receive from external sources.
- Use signatures to block known malicious code.
These barriers can be achieved by implementing them across the network, rather than on individual devices, such as mail filtering, intercepting proxies, internet security gateways, and safe browsing lists.
Incident Preparation
We can never fully protect ourselves from ransomware, but we can always stay one step ahead by taking steps to mitigate the damaging impact.
Identifying these risks is essential to formulating a robust strategy designed to minimise damage and downtime as much as possible. This strategy should include auditing critical assets, developing internal and external communications, identifying legal obligations, and ensuring fundamental business assets such as contact details are available without the computer systems.
What can GTL do to help with this process?
All these protective measures require specialist teams to help set this into practice. That’s why Gemraj Technologies Ltd. has formed strategic partnerships to deliver robust strategies and effective protection across your organisation alongside an in-house specially skilled team.
GTL will analyse and identify the threats to your organisation and help you to take the necessary steps to prevent attacks by securing your organisation behind several layers of security, and with cybercriminals adapting methods to bypass modern security, it’s vital to take advantage of GTL’s Security Operations Centre (SOC) to ensure round-the-clock threat intelligence, detection and response services for constant certainty.
Two famous ransomware examples
Ransomware is commonly distributed via phishing emails containing dangerous attachments or links to install ransomware onto the computer. This makes ransomware particularly dangerous to organisations where all computers are interconnected. Let’s take a look at two famous examples of ransomware that were in mass circulation:
- CryptoLocker, first used in 2020 was spread via email attachments and searched for important data to encrypt. It affected an estimated 500,000 computers.
- Petya, first used in 2016, encrypts the victim’s entire hard drive by encrypting the Master File Table. Petya was distributed to corporate HR departments via a fake application containing an infected Dropbox link.
Conclusion
The risks posed by ransomware can ripple into severe organisational damage. Did you know that malicious emails are up 600% due to COVID-19? (ABCNews, 2020) This statistic is very alarming and highlights the growing need to take cybersecurity seriously before it’s too late.
Secure your business behind GTL’s specialist layer of cybersecurity, where our experts will help to identify the risks, implement secure layers and mitigate the impact.
Get your FREE consultation with us today on our cybersecurity services. Make the most of industry leading security solutions, only with Gemraj Technologies Ltd.