Manoharan Mudaliar

Cyber Security Consultant

Ransomware 101: Facts, Threats, and Countermeasures

Ransomware 101: Facts, Threats, and Countermeasures

The last two years have seen ransomware become a substantial threat to individuals and businesses in the US. As the name suggests, ransomware—a type of malware—holds victims’ files to ransom. The targeted individual or organization risks losing their files altogether or sustain a financial loss if they choose to pay.

According to a 2019 report by The Beazley Group, small and medium-sized businesses, which typically spend less on information security, were the most at risk of ransomware attacks.

While the average ransomware demand in 2018—a staggering $116,000—was skewed by some exceptionally large demands, the median demand was $10,310. A Safety Detectives analysis found that the average projected cost of ransomware-caused downtime per incident in 2020 was $283,800.

In this piece, we’ll provide an in-depth guide to ransomware facts, threats, and countermeasures.

Infection Vectors

Infection Vectors

Most attackers propagate ransomware through user-initiated actions—visiting a compromised or malicious website or clicking a malicious link in a spam e-mail message. In other cases, ransomware is spread through drive-by downloads or malicious advertising.

In certain cases, ransomware attacks aren’t opportunistic, but, instead, specifically target victims. The FBI considers such cases to be extortion, not ransomware, because the strategic targeting is almost always accompanied by a relatively higher ransom amount.

Ransomware Capabilities

Recently, the features of ransomware variants have broadened to include the following:

  • Data exfiltration
  • Distributed denial-of-service (DDoS) attacks
  • Anti-detection
  • File deletion, irrespective of payment
  • Cloud backup locking
  • Internet of Things (IoT) device and smartphone infection

Mitigating Ransomware Infection Risk

Here are some best practices you should adopt to mitigate ransomware infection risk:

Securing Systems and Networks

  • Devise an incident response plan that lays out your plan of action against ransomware attacks.
  • Prioritize backups by implementing a system whereby multiple versions of the backups can be saved, so you don’t have to rely on a single copy. Conduct routine tests for operationality and data integrity of backups.
  • Incorporate anti-spam and antivirus programs that regularly scan your network and system. Your anti-spam software should not let phishing e-mails reach your network.
  • Patch your systems, including hardware, software, operating systems, content management systems (CMS), cloud locations, applications, and mobile devices. Consider using a patch management system that’s centralized and implement white-listing for applications.

Securing End Users

  • Devise a plan for reporting suspicious activity. All employees must know how to do this.
  • Have users close browsers when not in use.
  • Train employees not to visit unknown or suspicious websites and not to click on open attachments or links in suspicious e-mails.

Responding to a Ransomware Attack

  • Disconnect all infected systems from the network immediately to prevent the infection from propagating.
  • Determine which data is affected.
  • Check if there are any available decryptors.
  • Use your backups to restore files.
  • Report the incident to the relevant authorities.

A ransomware attack can cripple a business if not addressed effectively and immediately, which is why it’s recommended that you partner with a cybersecurity professional to mitigate all potential risks.

As a certified information security manager, I will help you devise a robust and effective information security strategy for your system and network to ward off ransomware threats.

Get in touch with me for more information on my services.

Posted in

Manoharan Mudaliar
Consultant and Blogger

Leave a Comment