What is Ransomware & How to Deal with it?
Date: 29 April 2022
Ransomware Attacks have been occupying considerable headline space in the last few years. This should come as no surprise given how rampant, complex and expensive these attacks have become for businesses across the globe.
In this educative blog, we aim to give the reader quick answers to simple questions such as - what is a ransomware attack, what does ransomware do, what is ransomware protection and is ransomware prevention possible?
What is a Ransomware Attack?
A ransomware attack, put simply, is when a malicious software takes over your system and denies you access to your own files and data until you pay a ransom. Ransomware infections can be introduced into your systems through the simplest of techniques such as phishing emails. One or more of your staff members clicks on a malicious link or downloads a malicious attachment and that’s that.
But don’t mistake the simplicity of the method with simplicity of the attack itself. Ransomware attacks are quickly turning out to be extremely complex, difficult to detect and very costly to remediate. Ransomware operators are leveraging vulnerabilities at a breakneck speed - faster than businesses or their security vendors can catch up with them.
To make matters worse, ransomware kits are now being avidly sold on the Dark Web - a trend you may have heard being popularly referred to as ‘Ransomware As A Service’. Basically these kits contain malware kits which can be easily deployed by less experienced attackers for monetary benefit.
What’s worrying is that these Ransomware As A Service (RaaS) toolkits are sold on the Dark Web as aggressively as you’d find legit services being sold on social and online channels that you use daily. There are discounts, promises of customer support, bundled deals and every other online marketing technique you can imagine to make these toolkits more appealing.
You may think of the RaaS model as the darker, malicious version of the SaaS or Software As A Service model we often hear of.
The idea of this whole discussion was to shed light on exactly how easy it’s become even for those with mediocre hacking skill levels to unleash a ransomware attack, encrypt your files and hold your sensitive data as ransom until you pay a pretty penny to retrieve it.
At Cyber Management Alliance, we always advise our clients to not start a negotiation with the hackers and to never pay up. The reason is simple - you pay up once, they know you’ll pay again.
In fact, for this very reason it is also critical that your systems are free of residual ransomware even once you’ve managed to decrypt your files. If hackers manage to leave behind residual malicious materials, then chances of you being attacked again are almost certain. And if you paid up the first time, there’s no way you’re getting away by not paying in the second instance.
What Does Ransomware Do?
Although we’ve briefly answered this question earlier, in this section let’s take a closer look at what happens when ransomware attacks your business networks.
Once a malware makes its way into your systems, it basically locks up computers, files and databases, known as encryption. The malware encrypts your sensitive or personal data so that you cannot access it. The ransomware attacker will either threaten to release the data on the web or keep it locked up until you pay a ransom within a set time frame.
The problem with them releasing the data on the Web is unbridled reputational damage for your business. Once your clients or business associates find out that their confidential information was leaked out due to a vulnerability in your system, they will think many times before doing business with you again.
Sometimes the leaked data may also be leveraged by competitors to bring more ruin to your business. If the data remains encrypted, it means you cannot access business-critical information that may be required for day-to-day functioning. In any case, losing access to your systems and databases means many days of business lost.
Whichever way you look at the situation, it is unfavourable. The worst part is that because ransomware attackers are usually out there to make a quick buck, there is no guarantee that your information will be accessible to you once you’ve paid the ransom.
So what do you do if you get attacked? While there are several ways to mitigate the impact of a ransomware attack, prevention is always better than cure. In this case, however, you can’t prevent the ransomware attack altogether. But you can take some preventive steps to bolster your ransomware readiness and ensure that when hackers strike they’re able to cause minimal damage to your business.
What is Ransomware Protection?
In the world of cybersecurity, one often gets asked one question - what is ransomware protection and does it really work?
Ransomware Protection, in the broadest sense, refers to the deployment of tools and technologies that can protect your organisation from succumbing to a ransomware attack. Under the broad umbrella of Ransomware Protection come important steps such as deploying an appropriate security product or antivirus solution.
It must be noted, however, that new and advanced ransomware techniques are easily able to evade even modern-day malware detection products.
If you are particularly concerned about the threat of ransomware, it is worth looking into security products that have a ransomware protection layer. In many cases, you can employ a ransomware specific add-on to your existing security products.
In summary, of course, ransomware protection is necessary but it is often not enough. What then is the solution?
At Cyber Management Alliance, we advise our clients to bolster their Ransomware Readiness as much as possible. This means that it’s great to take preventive and protective measures to ensure that you never get attacked. But even then it’s highly unlikely that you’ll never get attacked.
It’s often wiser to invest a greater degree of your energies towards making sure that you’re ready for a ransomware attack. This means that if you are attacked, your business won’t immediately come to a halt and hackers may not be able to cause too much damage to you monetarily as well as reputation wise.
Here are some things to keep in mind to reach this level of Ransomware Readiness:
- Download our Ransomware Checklist to know where you stand today in terms of your capability to deal with an attack. Use this checklist as an honest barometer of where you stand and it should give you a good idea of where to start from.
- Train your staff in all aspects of Ransomware Prevention and Ransomware Response. Good cybersecurity training will help them understand basics like if an email looks even remotely suspicious, they shouldn’t click on it because that can spell doom for the entire organisation. They should also be well-versed in your Cyber Incident Response Plan which should contain specific steps on Ransomware Response.
- Regularly rehearse your Incident Response Plan with the key stakeholders and decision-makers in your organisation. The idea here is clear - what’s the point of having Plans and Playbooks if nobody knows what’s in them or nobody is conversant enough with them to actually put the steps in action when you’re attacked.
We run specific Ransomware Tabletop Exercises with this purpose. These exercises create a simulated attack environment. They put into the spotlight those systems and assets that are most likely to be compromised. Your team is, therefore, forced to think and act like they would in case of an actual attack. This is where their familiarity with the Incident Response Plan also comes into play.
What To Do When You’re Attacked By Ransomware?
The time right after you’ve been hit by Ransomware is aptly known as the Golden Hour. Just like in a medical emergency, the Golden Hour in cybersecurity too, can be critical to the health and ultimate survival of your business.
This is why you need to be prepared for this Golden Hour in advance. As a business, you and your top management should have already asked this question to each other in the preparation stage - What should we do when we’re hit by a Ransomware Attack?
Your IT & Security Incident Response teams must have a Ransomware Checklist handy at all times. This checklist should list out the key steps and actions they must take immediately after being attacked.
The reason we insist on this Checklist is not just preparedness. Such a Ransomware Response Checklist helps cut the chaos in times of panic. Thinking straight can become difficult even for the most seasoned security practitioner when a complex ransomware encrypts all your business data and everyone is left locked out.
We also encourage our clients to download our printable Ransomware Response Workflow because it acts as a clear and visual guideline in times of crisis. This zero-fluff document on ransomware response is also a great tool that can be used at the time of staff training.
Ransomware in Cyber Security: Bottom Line
We often use the aviation analogy when trying to explain cyber security incidents and response strategies to our clients.
Pilots and aviators are regularly trained for aviation disasters. Their training from the get-go is based on the assumption that something could go wrong even with the sophisticated machines they're flying - either due to a lapse of technology, malicious intent or due to human error. The only way to combat such mishaps in air is training, preparation and repeated practice.
Similarly, business and technical teams need to understand that Ransomware Attacks have become a reality of our times. There’s no escaping them. The best strategy is to be alert and aware of the risks that are most imminent for your business and then prepare for them.
With regular ransomware assessments and a finger on the pulse of your organisational cyber resilience, you can definitely bolster your defences and ensure that when hackers do strike, your business doesn't come to a halt and your brand reputation isn’t tarnished.