Remember ransomware, the malicious software that blocks computer access until a ransom demand is paid? The threat was huge and dominated headlines in the past but seems to have slowed down in recent months. Could the decline in publications citing ransomware as the cause of a data breach or loss of data indicate that cybercriminals have given up on dishing out the malware that locks your system or files until a ransom is paid? The answer is no, not even close.
Ransomware wreaked havoc among individuals and organizations over the past few years, making a name for itself across the globe. Although the chatter around the malicious software may have quieted down, the threat is very much alive, and working hard to hand out ultimatums to its victims – pay up to unlock your data or lose it indefinitely.
Cybercriminals are continuously improving their techniques and attack methods, a large contributor to the fact that we’re hearing less about ransomware than many other attacks that have recently risen in popularity. Aside from the growing threats in the news, such as targeted phishing attacks and Business Email Compromise (BEC) scams, the de-emphasis on ransomware in large part comes from cybercriminals finding new ways to infiltrate a user’s system in a more targeted, harder to measure approach.
How is ransomware distributed?
The most common way for ransomware to be distributed is via a phishing email containing malicious attachments. The malware may be directly inside the attachment or may include a link to a website hosting the malicious software. Another common method for dispersing malware is by using an exploit kit to search for vulnerabilities in outdated software and then exploiting those vulnerabilities.
Vulnerable servers are also an open door for cybercriminals to distribute ransomware. Once a hacker gains access to a server, they can do serious damage, some of which may involve using administrative rights (which can also be obtained relatively easy with the right tools) to turn off certain protections that may alert administrators of the threat.
Who is a target?
Everyone can be a target for ransomware. While cybercriminals do have industries they favor and target, such as the healthcare and financial industries, everyone is susceptible to a ransomware attack if the proper training and security measures aren’t in place. Whether an individual user, small business, or large enterprise, everyone is fair game to a cybercriminal looking to make money via ransomware.
With that said, cybercriminals may be doing more research these days to choose their victims. Many believe that hackers are targeting fewer victims through ransomware, however, the truth is that they are just choosing the right victims. What does that mean? Cybercriminals are choosing targets who they believe CAN afford to pay large ransoms and CANNOT afford to lose their data – resulting in fewer attacks but more success for the attacker.
How can you protect yourself and your organization?
- Provide security awareness training routinely to educate employees on current threats and best practices.
- Ensure that proper controls are in place that only allows employees to access areas and information needed to perform their job function.
- Utilize two-factor authentication as an added security metric for gaining access to your system and your company’s sensitive data.
- If users are connecting remotely to your network, make sure it is done so securely through a VPN.
- Keep your systems up-to-date and patch when necessary to prevent system vulnerabilities from being exploited.
- Make sure your organization is using reputable antivirus software and firewall.
- Email filters should be put in place to help identify and block known threats on incoming communications.
- Confirm routine backups of your organization’s data are being performed.
- Implement policies and procedures that outline your organization’s rules and expectations, such as password requirements.
- Have a disaster recovery plan in place to ensure that your organization knows how to respond to a ransomware attack if one were to occur.