Everything about Ransomware you would want to know, an insight for SME

Today’s digital world is very much prone to cyber-attacks, and, Ransomware accounted for 20% of the  cyber breaches in 2022. Every type and size of business will suffer from this phenomenon, but the  focus will be more on small businesses due to their unprepared environment for the threat. 

Let’s look at some statistics of Ransomware attacks: 

Ransomware statistics  

• In the first half of 2022, there were around 236.1 million ransomware attacks globally. • During 2021, at least 15.45% of internet users worldwide experienced at least 1 malware-class  attack, which includes ransomware. 
• Ransomware accounted for around 20% of cyber breaches in 2022. For comparison, using sto len credentials (hacking) accounted for 40% of breaches in 2022, and phishing accounts for  around 20%. 
• Just 13% of organizations reported suffering a ransomware attack and not paying the ransom in  2022. 
• At least 130 different ransomware families have been uncovered. Gandcrab is the most active  family, with 78.5% of reported attacks attributed to it. 
• The top 10 countries most affected by ransomware attacks are: 
  • Israel
  • South Korea 
  • Vietnam
  • China
  • Singapore
  • India
  • Kazakhstan
  • Philippines
  • Iran
  • UK 

• 93.28% of detected ransomware files are Windows-based executables. The next most common  file type is Android, at 2.09%. 
• Ransomware attacks increased by 51% in 2022 in comparison to the previous year.  • In India, the majority of the attacks are observed in Datacentres/IT/ITeS sector followed by the  Manufacturing and Finance sectors.  
• Ransomware groups have also targeted critical infrastructure in H1 2022 including Oil& Gas,  Transport, Power  
• The most common entry point for ransomware attacks is through phishing, with 41%.
• 90% of ransomware attacks either fail or result in zero losses for the victim.
• It’s estimated that, by 2031, a ransomware attack will occur every 2 seconds.
• Ransomware attacks are evolving with increased use of legitimate tools like “Anydesk” for remote administration, which ensures continued command and control by the attacker.  
• By executing the scripts to reboot victim machines in safe mode, threat actors are able to evade  security solutions and carry out further activities.  
• Development of customized payloads along with cross-platform functionality to target multiple  platforms
  • Linux based Systems
  • Virtualised environment 
  • Backup storages
  • Cloud environments 

• For cloud-based systems, ransomware groups are wiping the data instead of encrypting, after  data exfiltration. 

What is Ransomware? 

In Bollywood or Hollywood films an individual is taken into custody to get some money from his/her  first-hand family, and, such cases also happen in real life. Similarly, in this digital world, if your  computer gets hacked with the help of malware, encrypting your data in a non-readable format and  returning it to the original state by decrypting the same, you are asked to pay a handsome amount. This  version of virus or malware is known as “Ransomware”. 

The first demand for Ransomware was detected in 1989 for $ 189, which has now grown to many folds  and most of the time the money demanded is in the form of digital currency like Bitcoin. Many cases  are known to the world where the victim has paid millions of dollars to get the data decrypted. Many  times it is also observed that Ransomware is used to disrupt the Government or business operations of  one or more countries and cause a panic situation. 

Let’s understand how Ransomware works and how we need to defend ourselves.

How does Ransomware work? 

Ransomware normally enters your computer system through an email or as a malware through  browser. The email variant, which is a phishing mail, contains a malicious link or an attachment to  download. Once opened this link will install malware in your computer and immediately start  encrypting all the files inside your computer systems. If your computer is connected to a network, it will  spread like a human infection to other computers and encrypt the data in those computers also. All the  extensions of the files will be changed to some weird extension and while trying to open the file a  message appears contacting some group or individual to get the decryption code to get your data  back!!! 

Affected parties normally have two choices, first, if they have data back-ups, they can restore it and  start operations with extended security. Secondly, if you do not have data back-ups and your data is  very important and sensitive that you cannot afford to lose them, therefore, end up paying them the  ransom amount demanded by the cybercriminals and get the data back. But, in many cases, it also  happens that even after paying the ransom, the decryption keys or programs are not given to the  suffering parties just for the sake of sadistic pleasure. 

Understanding our mistakes, will defend! 

Cybercriminals generally exploit the lack of awareness of employees. Phishing attacks are randomly  done to many organizations and most of them make common mistakes leading them to Ransomware  attacks. It is observed that most organizations do not put enough effort into training their employees  about likely cyber attacks. Following are the few important points to be observed. 

1. Beware of links: Due to a lack of training and awareness, employees click on links or  attachments that initiate the Ransomware attack. 
2. Antivirus: Many times Antivirus software used is in free versions which are not capable of  defending, not capable of providing an upgraded defense mechanism.
3. Illegal Operating Systems: Illegal operating systems installed on computer systems do not  provide essential patch updates which provide a defense mechanism against the latest  vulnerabilities. 
4. Lack of Cybersecurity planning: Most Small and Medium organizations do not take  Cybersecurity as a serious matter to be considered, therefore, not having any Cybersecurity  planning and proactive actions. They fall prey faster to Cybercriminals. 
5. Do data back-ups: Having multiple copies of data back-ups on different devices can save you from Ransomware attack after effects. 

Can you avoid a Ransomware attack? 

Yes, proactive and planned actions can save you from a Ransomware attack. Adopting these simple five  steps will defend your fort to a large extent against a Ransomware attack. 

1. Use legal operating systems, and avoid pirated or counterfeit copies. 
2. Do not install unknown software from an email link. 
3. Use a good reputed antivirus and keep it always updated. 
4. Keep backups of your data, multiple copies on different devices. 
5. Train your employees to identify spoofs and phishing. 

Here are 5 common misconceptions about ransomware that I hear all the time: 

#1. “If I just pay the ransom, I’m guaranteed to get my files back.” That is false, as there is no  guarantee. I have seen cases where people pay the ransom, and they don’t get their files back or they  only get some of their files back. Keep multiple copies of your data on different devices.  

#2. “If I don’t surf the Internet at work, I won’t get ransomware.” This is also false. Victims usually  get ransomware through a link in an email. Of course, third-party websites do pose a risk but you can  also get ransomware from legitimate websites, even from third-party advertisements and links on a site  you visit all of the time. Train yourself and your employees to identify spoofs and phishing.  

#3. “We’re just a small business, we’re not a target for ransomware.” Not true. When ransomware is distributed, it may not target a specific industry or place; it usually just spreads like a plague. For instance, when the WannaCry virus was released, many people thought it was just attacking healthcare  companies overseas, but that wasn’t the case. The hackers were using a Windows SMB exploit on  computers that weren’t up to date with their operating systems in over 150 countries worldwide. It  doesn’t matter if you’re a big company or a small company or even just at your home computer. Ransomware goes out to everyone and whoever clicks on the download link can be infected.  

#4. “Ransomware attacks will go away.” Someone recently told me that ransomware will be gone in  the next few years. No, it won’t! Ransomware viruses may change or evolve, but they won’t disappear.  The variants we see now are a lot different than the ones we saw just a few years ago. Old variants of  ransomware are rewritten and redistributed because people still pay the ransom. The more everybody  tries to protect themselves, the more hackers have to come up with new ways to breach your system  and encrypt your data.  

#5. “Antivirus is enough protection against ransomware.” Just like the customer who claimed not worried about ransomware, 86% of SMBs say they are satisfied with the amount of security they  provide to protect customer or employee data. Although, most of them don’t realize that no antivirus will provide 100% protection against ransomware. While some programs can protect you to a degree,  that doesn’t mean that you’re not at risk. As I discussed in the previous point, people are writing and  rewriting viruses every single day which makes it nearly impossible for antivirus companies to protect  you. 

Do contact us for any of your cybersecurity needs! 

Be alert, be aware, be safe.