Ransomware: The most lucrative and prominent phishing attack in the cyber security landscape

There’s no way to guarantee that you won’t suffer an attack, but there are ways to minimise the chances.

Ransomware definition

Ransomware is malware (malicious software) deigned to exploit a user or organisation into paying a ransom to either give access back to important data or prevent sensitive data being leaked.

Ransomware has become the most lucrative, and therefore the most prominent, type of attack we see in today’s cyber security landscape.

Examples

Some examples that you may have heard of due to the number of organisations they affected, or the size of the organisation that they were able to disrupt, are Petya, Cryptolocker and possibly the most recognisable, WannaCry – which brought the NHS to a standstill.

Infection and distribution

The biggest threat to any company is us, the humans, and our ability to be manipulated or persuaded into clicking on an infected link or file.

A phishing email is an attempt to get the receiver to click on a link and download an infected file. These emails can either look like they are from a customer, or a potential customer, with an order attached. Or it could be an email promising access to something desirable – often referred to as ‘clickbait’.

An attacker can also gain access through the use of stolen passwords which could give them direct access to the organisation’s network enabling them to manually download the malware and encrypt the files.

Once the machine is infected, the malware gets to work by encrypting files whilst avoiding anything that would destabilise the machine as they need to victim to receive their message – which is often a text file or a popup to say that your files have been encrypted.

The ransom

The ransom would usually be demanded though a pop-up, a text file or sometimes a change in the desktop wallpaper with instructions demanding a set amount of cryptocurrency (such as Bitcoin) in exchange for access to the victim’s files.

If the ransom is paid, the ransomware operator should provide a copy of the private key that can be entered into a decryptor programme to reverse the encryption and restore access to the user’s files.

It’s worth noting, however, that not everyone upholds their end of the deal and you may be left without access to your files and out of pocket.

Protecting yourself

Although there’s no way to guarantee that you won’t suffer an attack, there are multiple ways to reduce the attack surface and minimise the chances.

Firstly, educate your staff on how to spot a phishing email. You should also upgrade your AV to Advanced Endpoint Protection which can detect an attack and can be ‘rolled back’ if your files have been encrypted.

There are multiple reasons as to why you should have patch management, and this is another: Often software suppliers such as Microsoft, Apple or Adobe will release a patch which closes a vulnerability that can be exploited.

Protect against credential theft by adding another layer of security. By enforcing your users to require a fingerprint, face or another authentication method as well as their username and password, it increases security massively within your organisation.

For help and advice, contact Itek to discuss all your cyber security needs.