Ransomware attacks are making headlines in a big way. A recent attack on the Colonial Pipeline and JBS has led to shortages across the country. But these companies are not alone. Last year, the US experienced 65,000 ransomware attacks according to cybersecurity experts.
It’s not just major businesses that are under attack by cybercriminals. Hospitals, universities, city governments, police departments have all been targeted by ransomware. Without taking measures to secure their systems, these organizations – many of which make up the backbone of the US economy – are vulnerable to attack.
In this blog, we’ll explore what ransomware is, what individuals and small businesses need to do to protect themselves from ransomware attacks, and how to report a ransomware attack if it happens to you.
What is ransomware?
Ransomware is a type of malware, short for “malicious software”. Cybercriminals use this software to hack into computers, smartphones, tablets, and other systems. Malware is often used to steal personal information, commit fraud, or in the case of ransomware, to get a big payout.
When ransomware is installed, it encrypts the files on a device. If any systems or processes rely on those files, ransomware can bring business operations to a complete halt. Then, the software demands a ransom to decrypt the files, often in cryptocurrency. These ransoms are increasing over the years, sometimes going over $1 million. Some criminals also threaten to release data or publicly name and shame victims to pressure them to pay.
If the victim does not pay the ransom, their files may remain indefinitely encrypted. To get back to business, victims of ransomware will have to rebuild their systems, data, and files back from scratch if they don’t have backups.
How does ransomware get installed?
Cybercriminals take advantage of vulnerabilities in IT systems, software, or human error. The majority of ransomware attacks stem from phishing attacks but can also come from remote desktop protocol (RDP) weaknesses or software vulnerabilities.
Phishing is a cyberattack that comes through email. A cybercriminal sends an email that includes an attachment or a link. If the recipient visits the link or opens the attachment, ransomware is installed on their device. At first glance, phishing emails often look like real emails from people you know or institutions you do business with, which makes them hard to detect.
RDP allows access to a computer over the internet. Remote teams may be familiar with this software since IT departments often use it to fix devices from a distance. Cybercriminals can brute-force attack or use stolen information to gain access to RDP systems. Once they have it, they can install their ransomware on the device.
Additionally, if the software used at a company isn’t regularly updated, it may be susceptible to hacking. Depending on the vulnerability within the software, hackers may be able to take control of systems and deploy ransomware.
What you can do to prevent ransomware attacks
Malware and ransomware can be difficult to defend against because cybercriminals are constantly changing the software. For that reason, it’s important to keep applications, browsers, plug-ins, systems, and software updated and patched on a regular basis, especially your anti-virus software.
Practice internet security best practices at your organization. Know what a phishing attempt looks like and educate those around you. Create and use a strong password, and don’t use the same password for more than one account.
You can also backup and encrypt your data and any systems you need for business as usual. Don’t keep the backups online, as they may be susceptible to hacking too in that case and test your backups regularly.
Multifactor authentication is another tool that can help prevent unauthorized access to your systems. Cybercriminals may have the ability to buy a stolen password off the dark web, but without the second piece of the multifactor authentication, they are unable break into your RDP or someone’s email account.
Despite your best efforts, you may still encounter a ransomware attack. Be prepared and create a response plan. Moving quickly in the face of an attack can prevent criminals from shutting down all of your systems or disrupting multiple areas of business. Disconnect the infected device as soon as possible to prevent a spread. This is the moment when your backed-up files will come in handy. You can even see if a decryptor is available for your data. Then, report the incident.
How to report ransomware attacks
Now is the perfect time to brush up on your cybersecurity practices. Check out our library of cybersecurity blogs and best practices:
- Cybersecurity 101: What it is and why it matters
- How to avoid online scams
- Tips and tools for cybersecurity