A Guide to Ransomware Protection

November 9, 2022

Whether it be on articles, videos or traditional news channels, we see constant coverage of ransomware attacks. 

In 2021, a ransomware attack cost over $4.5 million, with some mega breaches of over 100 times higher. Larger ransomware attacks are prevalent and cost tens of millions to companies worldwide. 

Here at DFI Forensics, we’ll quickly overview the types of ransomware attacks and tips on how you and your company can protect your systems. 

What is Ransomware?

Ransomware is a specific type of malware that can lock and encrypt a computer remotely. The term comes from “malware” and “ransom”. The attacker is often driven by a monetary reward or a “ransom” for the victims to access their data again. The reward is usually paid in cryptocurrency so that the attacker protects their identity. 

Cybercriminals use ransomware because it’s lucrative since 58% of organizations infected with it actually pay the ransom to retrieve access and their data back. 

Malware falls into a couple of categories:

  • Lockerblocks: This tactic blocks (or locks) access to an organization’s computers, files and systems. 
  • Crypto Encryptions: This method encrypts files on a computer system. The cybercriminals then demand a ransom to offer the decryption key. 

Ransomware Landings & Vectors

Learning how ransomware attackers operate is the first step in understanding how to protect yourself and/or your organization. 

Think of a ransomware landing like a gateway. A typical point of entry for a ransomware attacker is an email inbox. The majority of retrieved emails of course are not malicious, thanks to modern spam filters. However, they are not absolute. 

Seemingly legitimate emails containing strange outbound links and mockup forms are phishing emails. Phishing emails are getting more sophisticated and personalized and are therefore becoming harder to identify. 

Gone are the days of loud, scarlet text reading in all capital letters: “CLICK HERE TO WIN YOUR FREE TRIP TO XYZ”. Nowadays, corporate emails are attacked by realistic pseudo-login forms, questionnaires and sign-ins. 

Plenty of weaker gateways found in your organization are through human error. Cyber attackers know this and exploit this through social engineering: using deceptive and manipulative tactics of people to divulge confidential information. 

Once a harmful link is clicked on and vital information is filled in, a type of malware enters your system. The ransomware attacker has opened the gate; they’ve landed in your system.

Exploring

After the cybercriminal lands, they explore your system covertly. The ransomware attacker then uses programs to probe systems. While probing, they can even find even your backup files and copies. This means they will have complete control when they lock the system. 

Locking & Encryption

The attacker then locks your systems down, blocking access to important files, documents and backups. The ransomware attacker makes themselves known and demands a hefty price for you to gain access. The locking stage also encrypts the important data so that the victim cannot access it. 

This is extremely dangerous because it’s difficult to get rid of the virus once it’s in your system. To you, a ransomware attack might just look like a typical day of you logging into your computer. Then suddenly, a window appears telling you to pay a huge sum into a Bitcoin account before a specified time. 

What you can do to Prevent Ransomware Attacks

There are a few main strategies you can implement to protect your company against future ransomware attacks: 

  • Have a trustworthy, dependable anti-malware program installed on all devices and systems. 
  • Educate employees on social engineering and ransomware. Update teams on the latest phishing scams and social engineering tactics. 
  • Update and patch your systems frequently. 
  • Turn off administration rights for users who don’t need them.
  • Identify and backup critical data (Do not depend solely on your backups).
  • Create isolated backups which cannot be accessed without multiple steps of authorization & authentication. 

Is Your Industry at Risk?

Some industries are more susceptible to ransomware attacks than others. This is due to a number of factors including the ease of system access and a higher ransom payoff for cybercriminals.

  • Education
  • Retailers
  • Business & Professional Services
  • Government Organizations (federal, international, local)
  • IT
  • Manufacturing
  • Energy & Utilities
  • Healthcare
  • Financial Services

If you suspect your company is at risk of a ransomware attack, don’t hesitate to contact us at DFI Forensics. You may also learn more about our in-depth procedure for cyber attack response