There certainly have been some dangerous ransomware attacks in the recent past. In 2017, the WannaCry ransomware attack exploited a security flaw in Microsoft Windows OS to hold over 200,000 computers hostage worldwide. The hospitals that were struck by WannaCry had to cancel essential procedures, including emergency services.
After postponing thousands of appointments, the costs during and after the attack, it was estimated that this attack cost the British National Health Service (NHS) over $100 million. Some estimates put the global cost of WannaCry at over $4 billion. Not long after, NotPetya/ExPetr shook companies worldwide, resulting in $10 billion worth of damages.
ransomware attacks
However, nothing has hit as close to home as the ransomware attack against Colonial Pipeline. Aside from Colonial Pipeline’s monetary loss, the operational hit to the pipeline caused gas prices to rise and chaos to ensue from the shortages.
Since then, there have been more high-profile ransomware attacks. A significant ransomware attack forced Ireland’s health service to shut down its IT systems. Tokyo’s famous technology company, Toshiba, says that the DarkSide ransomware group compromised sensitive data and experts say that DarkSide is the group responsible for the Colonial Pipeline attack.
It is easy to see why threat actors are using ransomware instead of traditional malware, such as computer viruses. While viruses are destructive, they are not particularly profitable for a cybercriminal. However, a ransomware attack can result in significant financial rewards. For example, the DarkSide ransomware group extorted $5 million from Colonial Pipeline.
It is challenging to catch cybercriminals behind such ransomware attacks because they are typically paid their bounty in untraceable cryptocurrency such as Bitcoin. With experts claiming that ransomware attacks are set to escalate due to global software structures that were built without security in mind, it is essential for companies, regardless of size, to take preventative measures now.
Proactive Cybersecurity Software
As more businesses adopt remote working protocols, they must use Endpoint Detection and Response (EDR) software that shields employee desktops, laptops, phones, and tablets from all types of threats, including some of the following:
- Ransomware,
- Spyware,
- Trojans,
- Rootkits,
- Backdoors,
- Viruses,
- Brute force attacks,
- Zero-day unknown threats.
Not only is good cybersecurity software comprehensive, it can limit ransomware’s damage by isolating systems so it does not spread laterally across networks. Additionally, it should remediate all changes by restoring files that were encrypted, corrupted, or deleted by ransomware.
In order for cybersecurity software to be truly proactive, it needs a more sophisticated threat detection system. Remember, conventional antivirus programs use signature-based detection technology to block known threats. However, there are thousands of new malware families discovered every week with unknown signatures.
Cybercriminals typically use ransomware that signature-based detection technology can’t block alone. It would help if you had cybersecurity tools that stop emerging threats with a combination of signature-based and behavioral analysis.
For example, Malwarebytes Anti-Malware technology uses machine learning and artificial intelligence to scrutinize a potential threat’s overall structure, programming logic, and data. Its heuristics-enabled anti-malware is proactive, not reactive, stopping malware like ransomware from getting a foothold if it slips past the signature detection layer.
Social Engineering Training
It is a known fact that employee error is the leading cause of cybersecurity breaches. Cybercriminals are growing increasingly in their sophistication. They are designing convincing social engineering attacks that use psychology to trick employees into downloading malware like ransomware on company computers. Here are some common social engineering attacks that employers must train their staff to spot:
- Spear-Phishing Attack: A phishing attack is when cybercriminals send out countless fraudulent emails, text messages, or social media messages, hoping to trick a few people into downloading malware. A spear-phishing attack is more targeted and specifically designed to deceive an employee based on the intelligence gathered.
- Scareware: This type of social engineering attack uses fear to trick someone into downloading malware. For example, the employee may see an alarming pop-up on their screen and click the infected link in the heat of the moment.
- Trojan Horse Attack: Cybercriminals may use fake software that carries a malware infection to deceive targets. For example, an employee may install word processing software that carries ransomware.
- Baiting: Sometimes cybercriminals, especially those sponsored by states, can be particularly bold. They may try to physically plant ransomware by leaving an infected USB or DVD at the office, hoping that an employee checks it out on a company computer out of curiosity.
- Honey Trap: A honey trap is not just a romance scam for senior citizens. It can target employees too. Cybercriminal gangs may take months to develop a fake online relationship with an employee before subtly asking for company secrets or tricking them into downloading ransomware.
- Pretexting: Like a honey trap, pretexting is a method for a cybercriminal to gain a target’s confidence. They may take months to develop a relationship with their mark with a background story before using them to breach a company’s network defenses.
Cybercriminals are developing more compelling ways to con employees into downloading ransomware. The malware works very quickly, locking systems and allowing bad actors to blackmail companies. Only the best training, cybersecurity software/threat detection and response technology can reduce a company’s risk in this risky new world.
Noman Ansari
Tags: AntiMalware, Cybersecurity, Cyberthreat, Darkside, EDR, Malware, Malwarebytes, Microsoft, Ransomware, Software, Trojan