Ransomware – A Concerning Trend

If you follow HIPAA breach news you know that around a third of the breaches reported involve Ransomware attacks. One of the most terrifying things about this type of attack is that anyone with a computer is a potential victim. Because many small business owners don’t believe they are important enough to be targeted, they are especially vulnerable.

What is Ransomware?

A type of malicious software, the idea behind it is simple–encrypt the victim’s computer to lock them out of it and demand money from them in order to restore access. With your personal or business files being held hostage, these hackers instruct victims to pay within a set period of time or risk losing that data forever. The worst part is that paying the ransom doesn’t ensure that access will be restored.

There are multiple types of Ransomware.

Scareware. Click + for more information
Coming at you as annoying popups or alerts that manufacture urgency, scareware claims to have found serious issues with your computer, and demands that you pay to fix the problems. These often mimic well known anti-virus, anti-malware, or system tools, such as Norton, Malware Bytes, or CCleaner, and usually come from infected websites.

Lockers. Click + for more information
When this malicious software infects a system it completely locks the computer, making it inaccessible. Sometimes there is no ransom and it just locks you out, but more often there is a lock screen with contact information that includes whom to pay and how much, though chances are that even paying will not restore access. These most often come from infected websites, but can be delivered through phishing scams.

Crypto Malware. Click + for more information
Among the more damaging types of ransomware, this targets files, folders, and additional hard-drives encrypting the data while leaving access to computer programs. In order to be provided with decryption key top access the data, victioms are typically required to pay ransoms in bitcoin to make payments more difficult to trace. Most often delivered by phishing scams, the software also accesses contact lists to spread and is especially virulent within networks.

Doxware. Click + for more information
Also known as leakware or extortionware, the purpose of this software is to force victims to pay a ransom to avoid having stolen information published online. With more people storing sensitive data on their computers, this type of ransomware gets very personal. At one time, the risk to small businesses were minor, but with the regulations surrounding ePHI and PII, this type of breach can cost small businesses fines that can easily reach into seven figures. Doxware tends to be more target based, going after people or businesses most at risk, but can also be delivered through phishing scams and infected websites.

Mac/Mobile Ransomware. Click + for more information
Apple products and mobile phones are immune, right? WRONG! There are ransomwares specifically designed for these platforms, spread by phishing scams, infected apps, and USB charging. This software will most often encrypt and lock the devices requiring payment to restore access.

RaaS. Click + for more information
Also known as a Ransomware Service, it is actually a hosted platform where cybercriminals work with ransomware developers to distribute the software, collect payments, and manage decryption keys, getting a cut of the overall ransom in return. They are also known to follow up with victims who have paid ransoms, claiming to still have access to their systems and demanding more money. These cybercriminals actively infect websites, send out phishing scams, and target at risk individuals and businesses, trying to infect as many people as possible.

 

Who are the Targets?

As we mentioned above, everyone is a target, but that doesn’t mean that hackers aren’t able to choose targets. Sometimes they go after people and businesses who can pay larger ransoms, but mostly they are looking for easy targets. When targeting ransomware, we’ve found that they go after four particular targets:

        1. Businesses with small or no security teams – this includes small businesses and universities who are perceived to have file sharing practices are not very secure, simple or no passwords, and limited security protocols.

        2. Any business that maintains sensitive digital information – small medical practices, law firms, and real estate agencies are targeted because revealing this data could result in large fines, legal controversies, and public embarrassment.

        3. Those who will pay quickly – this includes organizations such as banks, hospitals, and government offices who face serious consequences for not having immediate access to their data as well as individuals with a large social media presence.

        4. Corporate Entities – members of this target group includes not just the large corporations themselves, but anyone who uses their logo, which can include contractors, business associations, and franchises.

Best Practices for Dealing with Ransomware

As we mentioned above, Ransomware is extremely profitable for the hackers and there is no guarantee that paying the ransom will put an end to the threat. The single most important thing about Ransomware is prevention, but in order to prevent it you must realize that YOU ARE A TARGET. We all are targets.

That doesn’t mean that there’s nothing we can do about it. Here are some ways to deter the hackers and protect yourself.

  • Get Security Software: if you don’t have some type of anti-virus or anti-malware on EVERY computer, you are vulnerable

  • Update the Security Software: new threats are emerging all the time, keeping security software updated keeps the hackers out

  • Update, Update, Update: yes, all those Windows updates, Office updates, and browser updates can be annoying, but the vast majority of the updates you are seeing are security updates, if you’re not doing them, you’re leaving yourself vulnerable

  • Be Wary of Phishing Scams: we’ve talked about Phishing before, these are the perfect payloads for Ransomware; pay attention to emails and never, ever automatically open an attachment

  • Watch Out For Macros: if you do open an attachment and it says anything about macros – STOP and make absolutely sure that it comes from a trusted source and that person purposely sent it, if not, cancel and immediately delete that email

  • Cloud Storage for the Win: one of the great things about cloud services is that data is backed up offsite and you’ll be able to access a previous version before the ransomware took affect, you might lose a little current data, but that’s all

  • Backups, Backups, Backups: this cannot be stressed enough, if you have a solid backup, no matter what else happens, you can be back up and running with very little downtime

  • Never Pay the Ransom: even if you pay the ransom there is no guarantee that you will get your files back, and paying it tells the hackers that you are a target that can be exploited over and over and over, don’t do it!

Hackers are getting more advanced and new Ransomware variants are appearing all the time. Remember, the hackers are looking for the path of least resistance, be aware, secure your data, and train your employees. The more difficult you make it for the hackers, the better you and your data will be protected from being the next Ransomware target.