
01 Dez +++ It was people, now it’s data! +++
Ransomware has grown from an underground threat that affects a small number of companies or even individuals into a fully-fledged business. Nowadays, cyber criminals offer their ransomware as a service model, complete with SLA and without the customer even knowing any technical details at all. Right now, one of the biggest players – Emotet – is back, after it was believed to be shut down for good earlier this year. Time to look into the details of this special kind of software.
Ransomware is a malicious software and hides in the system. It encrypts the entire hard drive or individual areas of it, and the attacker has the opportunity to use the decryption key as lever for extortion. The user cannot access his data again until a ransom is paid. Once the money is transferred, the user can only hope that the attacker will provide the decryption key and regain access to his files.
Infected email messages is the most popular technique used to spread ransomware. These types of emails are sent to the victim and contain an attachment. Believing that the email is from a trusted source, the victim clicks on it and the malware is downloaded and installed without the user’s knowledge. On the one hand, this message can be trivial and generic, but on the other hand, it can be precisely tailored to the company, for example, disguised as an application for an actually advertised job.
Ransomware can also be spread through drive-by download (the attacker manages to place the malicious code on the computer through a vulnerability in the browser), malvertising (ads with infected links) and social media attacks (direct messages with infected content).
It is expected that in 2021, one company will be affected by a ransomware attack every 11 seconds. Since the introduction of COVID, cyber criminals have also begun attacking new entities, including schools, healthcare providers/researchers, and government institutions.
This shows that no organization, regardless of size or industry, is immune to a ransomware attack. Therefore it is important that data protection and cybersecurity software is implemented in all of them as well as keeping backups. In various past cases, attacked companies have regained access to their data in some cases after paying the ransom, but there is no guarantee. In one case, the decryption tool provided was even slower than the complete recovery from backups.
If you have any questions about securing your company, we look forward supporting you with our certified IT security experts. Just contact us! https://bit.ly/3d4Cqhz