Ransomware is the modern equivalent of ‘The Sting’. It is a digital con on a global scale, and it is not a case of if but when an organization will come across it.
This month, 110 care homes in the U.S. were affected by ransomware when their IT managed services company was infected by ransomware – the ransom amount? $14 million (around £11 million GBP); a spokesperson said that deaths might result because the care centres could not access medical records.
Ransomware is lucrative for the fraudsters behind it. One variant, known as Ryuk, pulled in about £3 million in 6 months. With money like that filling the pockets of cybercriminals, it is unlikely this sinister form of malware will go away anytime soon.
Ransomware is a cruel and insidious form of malware. Once infected, your files and documents are encrypted. Then the ransom message pops up demanding payment in cryptocurrency. If you can’t pay, then tough, you’re on your own trying to find a decryptor (if one exists). If you can pay, you might get your data back, but the ransomware may still lurk, in stealth mode, waiting for another opportunity to hit your company.
The situation has reached a critical point. If ransomware is so widespread, what can the average business do to prevent ending up with that shocking ransom message when they next log on to their computer?
How Ransomware Works
One of the main things to remember is that ransomware is now very accessible. You do not need to actually create the software code behind the malware yourself. No, some kindly cybercriminal has done all of that for you and created an ‘as-a-service’ offering for cybercriminal wannabes to rent. Cybercrime is a business. In the case of Ransomware-as-a-Service (RaaS), this business works as an affiliate system. In some cases, affiliates get a 60% cut of the ransom collected with potential earning up to 75%, according to a Bleeping Computer report.
Ransomware infects your computer using a number of ways and almost all involve human beings at some point. According to 2019 statistics from F-Secure, the following methods make up 63% of all attacks:
- Phishing – either via a malicious link, which if clicked takes a user to a malware infected website. Or, via an infected attachment which if opened can infect the machine.
- Drive-by-download – an infected website or infected advert running on a website. Sometimes the first site/ad will automatically and silently redirect to another website, unbeknownst to the user. This second website uses an ‘exploit kit’ which looks for flaws in the user’s machine, e.g., browser vulnerabilities, and uses those to help install the ransomware.
- Remote Desktop Protocol (RDP) – this is a tool to allow administrators and the like to assist users remotely. RDP ransomware exploits are part of a multi-part attack. Yes, you’ve guessed it, the first part requires login credentials to be stolen – often using spear-phishing.
Security Awareness Training to the Ransomware Rescue
Ransomware, the scourge of the modern business, needs a human touch. At some point in the ransomware chain of infection, a human being will click a link or download an infected attachment or navigate to an infected website, and so on.
Patching your computers to close off software flaws helps. But this won’t catch any vulnerabilities that are not covered in the security update from the vendor. It also means the IT department needs to be hyper-vigilant, and as more people use their own devices to access a network, you have to rely on your end user also patching.
Security tools, like antivirus can help. However, ransomware variants are now evading detection by using methods like ‘fileless attacks’. Other tools, like Endpoint Detection and Response (EDR) can also help. Similarly, spam filters cannot stop all phishing emails. Fraudsters improve their spam filter evasion techniques all the time. The Defence Works has spotted phishing emails that are evading detection using cunning methods like hiding malicious links in PDF files.
In the end, ransomware infection nearly always comes back to the bottom line of “me, myself, and I”.
By using a program of awareness across your organization you can put measures in place to prevent the main entry points for ransomware. Train employees about:
Research has shown that 75% of security incidents are down to a lack of staff knowledge. Use phishing simulation and/or interactive education to teach all employees, across the board, how to spot if a message is phishing. Spear-phishing, in particular, is a very difficult type of phishing to spot. As spear-phishing is often behind credential theft from privileged users, this is one to focus on. Having a phishing aware end user base will reduce your risk of ransomware by cutting out the human factor.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Make sure that employees understand that cybersecurity is about being careful and wary. A simple thing is to use robust passwords and a second factor (like an SMS code) to login to company resources. Also, to be careful about which websites are visited. But another key area to focus on is building a culture of security thinking. For example, in another ransomware scam, the method used to infect machines was to send ransomware infected USB fobs in the post; inserting the fob into a computer automatically ran the malicious code.
A Cybercriminal’s Ransom Too Far
Ransomware has become one of the most damaging types of malware. The WannaCry attack on the NHS back in 2017 showed how impactful malware can be – moving from digital damages to the potential of real-world health damage.
If human beings are needed to push the ransomware button, then we need to learn how not to do that. We cannot expect our employees to understand the sophisticated and complex ways that cybercriminals manipulate human behaviour. Instead, we must take action and teach our staff about the dangers of ransomware and how easy infection can occur. This is both empowering for the individual and the company. By using security awareness training we can take control away from the cybercriminal and place it back into our own hands.
Want access to the world’s most interactive security awareness training? Sign up for a free demo and find out how we’re already helping organisations just like yours.
Subscribe to the Proofpoint Blog