“Your files have been encrypted with the strongest military algorithms… without our special decoder it is impossible to restore the data.” Ransomware Threat!
This is an excerpt from a ransom note Chief Information Officer at the Aluminum manufacturing giant, Norsk Hydro, received from hackers who managed to seize its computer system. As a result of the attack, some of the production lines were switched to manual mode, some of them simply had to stop. Hydro officials refused to pay the hackers who were never even asked how much money they wanted in exchange for the decryption key. The plant instead chose to absorb a £45m in recovery costs.
Sometime earlier, Riviera Beach City Council (Florida) paid $ 600,000 to hackers so the city officials could recover data that has been locked and encrypted for more than three weeks. When a police officer opened a malicious email, the virus paralyzed the work of all city services, except for the emergency ones. The city was forced to pay a ransom when officials concluded that there was no other way to restore the data.
The number of such attacks in the USA continues to increase. Even poorly prepared hackers can attack users’ computers encrypting their data and demanding a ransom. Needless to say, organized groups of hackers, which usually include 5-7 people, can disable entire factories, plants, companies, and even cities.
The ways ransomware can get to your PC and why you might want to launch it
There are only three common ways for ransomware to penetrate your system: emails, malicious websites, and data storage devices. These make for 90% of the total number of ransomware attacks. The remaining 10% accrues to the above-mentioned sabotage and remote installation of the virus.
- Due to the absence of an effective spam filter, the victim will receive tons of spam. Although most of the emails are inappropriate and intrusive advertising, some of them may turn out to be very “interesting.” Petitions, requests, bills to be paid, notifications from your bank or tax office accompanied by “supporting documentation” – all could just be a hackers’ bait to convince you to click on it. Of course, the documentation attached to the email turns out to be the Trojan that the user launches when opening archives. It is important that although such letters seem to be very “serious” for an ordinary person, a spam filter is unlikely to let them through, and antivirus software can neutralize the threats, thereby saving the user from the risk of being caught by attackers.
- Malicious websites. There are two options. In the first case, a user downloads applications or other files from phishing, hacked, or simply uncontrolled resources (file sharing, torrents, etc.) and does not have a clue about receiving a malicious “appendix” along with useful content. The second scenario is even worse – sometimes it is enough to just visit an infected website to activate the launched script downloading the Trojan to the PC. The good thing is that this scenario is only possible with unsafe browser and OS settings. Unfortunately, these are the settings most users have.
- Data storage devices. If a data storage device, whether it is a flash device, HDD, or SSD, is infected, it is enough to insert it into a USB slot to activate the virus. The best way to protect your system is to install antivirus software and disable the autorun feature.
No More Ransom Project – is it the panacea?
No More Ransom Project was launched in July 2016 as a joint international initiative of three founding partners – Kaspersky Lab, Dutch Police, and McAfee antivirus software company. The project aimed at combating ransomware, providing custom decryption solutions for 109 types of ransomware including WannaCry, Puma, Muhstic, Avest, Syrk, JSWorm 4.0, and others. For these threats, the game is over.
The project not only helps thousands of victims (more than 200,000 users downloaded tools for free from the website since its launch) but riled up ransomware authors. According to the latest research, No More Ransom Project has prevented ransomware profits of more than $108 million.
Although the project has been doing a strong contribution to eliminating the consequences of ransomware attacks, these tools are at the mercy of comprehensive ransomware created by organized hackers group. Some of these viruses still cannot be decrypted. Once the ransomware is released into the system, there is a little to be done. If you do not want to face the dilemma “to pay or not to pay”, you’d better prevent the trouble following simple cybersecurity tips.
Unfortunately, the panacea for ransomware victims has not been created yet. That is why it is much easier to prevent infection rather than look for a way to get your data back.
Make backups regularly, use robust antivirus software and keep it up to date, enable the “show file extensions” option in the settings, and do not trust anyone on the Web.
Ransomware threats you should be prepared for in 2020
The heyday of ransomware was from 2016 to 2018. In this period, we heard about at least one large-scale attack every month. At this time, ransomware produced en masse. In 2017, a new Ransomware as a Service (RaaS) called Satan was launched by unknown hackers, which allowed users to launch the spread of ransomware without any coding knowledge. With Satan, anyone could spread ransomware and extort money from Internet users. All that had to be done was to register on the website, set up your version of Satan, and start distributing it. For this service, the Satan developers take a 30% cut of illegal income.
At the beginning of 2019, hackers backed off a little and ransomware was forced out of “the number one cybersecurity challenge” place by new Miner viruses stealing Bitcoins. However, recent attacks on significant targets such as local governments, police stations, offices, and enterprises, which took place in the last ten-months pointed at the fact that the enemy is not defeated. Cyber threats like ransomware will escalate in 2020 and become more targeted. The main targets of such attacks will remain small and middle-sized businesses, not individuals. Healthcare organizations, local governments, specific businesses – the higher disruption hackers can inflict, the higher the ransom they can get. Those companies that cannot adapt to the current cybersecurity landscape will be forced to bear huge losses compared to the cost of services to prevent threats.
Recovery from a ransomware attack is always a difficult process, especially if companies have not taken protective measures. A piece of good news is that 53% of companies can recover data from backups, according to the Datto’s Global State of the Channel Ransomware Report. However, only 15% of companies surveyed used antivirus software installed on endpoints.
To combat such threats in 2020, companies can be expected to employ innovations and new techniques. Cyber insurance is one of them. Moreover, the use of Artificial Intelligence is likely to help companies respond to cyberattacks and block threats before they affect them and spread. However, hackers will benefit from the tech and use them to develop new ways to find vulnerabilities and develop more harmful malware.
About the Author
The article was contributed by Dean Chester, a practicing cybersecurity expert and author of numerous articles on Cooltechzone. Dean is a fan of all topics related to data privacy and cybersecurity. He usually takes part in various tech tutorials, forums, conferences, etc. He can be reached at twitter @DeanChe36640282