BUSINESS NEEDS

Ransomware

Ransomware attacks are one of the biggest cyber threats for organizations globally, costing billions of euros yearly. But it's not only the economic loss itself that is a threat but also impacting crucial functions and services, ultimately risking life and health. All organizations are possible targets for ransomware attacks.

What is ransomware?

Ransomware is a type of malware that uses encryption to hold the victim's information at ransom. Data is encrypted so that the victim cannot access files, databases, or applications. The victim must pay a ransom fee to get back access to their data; otherwise, it's gone forever.

Ransomware often spreads across a network, targeting database and file servers to weaken an entire organization rapidly. Many victims are likely to suffer from repeated attacks, especially if the system is not cleared.

Ransomware examples

The worst-case scenario would be that ransomware spreads throughout your organization's network, taking large amounts of documents hostage, causing extensive damage to your organization. 

 

How does ransomware affect your organization

Malicious email

Almost all ransomware attacks start with a legitimate-looking email, seemingly from a known sender or trusted brand. 

Downloading content

The email will make the user download and run a virus. The document is either attached in the email or downloaded through a website linked to an email.

Infecting & spreading

The virus will infect the computer and then try to find ways to spread further into your organization's network. The virus will try to find vulnerabilities within the network to spread into all systems possible, causing significant damage. 

Demanding ransom

The ransomware will either extract sensitive information and request a ransom for not publishing the information or remove it completely. The ransomware could also encrypt all local documents in the systems asking for a ransom, usually in bitcoin, to unlock them.

How to prevent ransomware?

Strong protection against ransomware attacks consists of several steps.

 

Stay up-to-date

Vulnerable software and operating systems are the targets of most attacks. Ensuring that your operating system and software are patched with the latest updates significantly reduces the number of exploitable entry points. Implementing a vulnerability management framework will help you find vulnerabilities in computers and systems proactively.

Awareness training

With a strong human defense, your organization will build a human firewall, significantly decreasing the risks of being exposed to ransomware and data leakage incidents.  

Take continuous backups

Make sure to take continuous data backups and have a recovery plan for all critical information. Regularly test the recovery process to make sure the backup works as intended. Keep backups separate and offline to make sure they can't be infected or sabotaged.

Restrict user permissions

Restrict users' ability to install and run unwanted software. It's recommended to give users the least possible privileges. Restricting privileges may prevent ransomware from running or at least limit its capability to spread throughout the network.

Maintain an anti-virus

Maintain an up-to-date anti-virus software, and ensure the software verifies all software downloaded from the internet before executing.

Ransomware attacks

Ransomware attacks come in many different shapes and forms. Here are some of the more well-known ransomware attacks.

CryptoLocker

CryptoLocker is one of the most well-known strains. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, hackers have widely copied the CryptoLocker approach, although the variants in operation today are not directly linked to the original.

WannaCry

In 2017, WannaCry became global news in a widespread ransomware campaign that targeted 200,000 organizations in more than 150 countries. The ransomware strain affected Windows machines through a weakness known as EternalBlue. Unpatched and out-of-date systems were crippled by this attack, costing businesses both time and revenue.

Petya

Petya, initially discovered in March 2016, was named after the 1995 James Bond film GoldenEye. However, the effects of this strain were no fiction. Unlike some other types of ransomware, Petya encrypts entire computer systems. Petya overwrites the master boot record, rendering the operating system unbootable.

Ryuk

Ryuk ransomware was the attack of choice in 2020, responsible for more than a third of all ransomware attacks that year. Ryuk encrypts business-critical files and demands a high ransom–typically in the multi-millions, often targeting companies, hospitals, and government organizations.

Bad Rabbit

Bad Rabbit spreads through a fake Adobe Flash update on compromised websites. This strain of ransomware has infected organizations in Russia and Eastern Europe but is still a global threat. When the ransomware infects a machine, users get directed to a payment page demanding .05 bitcoin. 

Maze

In 2019, Maze ransomware quickly made news for releasing data belonging to victims, mainly in the healthcare industry. The Maze ransomware has also targeted companies like Xerox Corporation and stolen more than 100 GB of files.

BUILD YOUR HUMAN FIREWALL

Phishing & Awareness Training

Educate your employees to recognize cyberthreats and phishing attempts in a safe and controlled environment. Take the first step towards increasing cyber security awareness, protecting sensitive and personal information, and avoiding costly data breaches. Build your human firewall with automated and personalized phishing simulations. 

Take your tour