On April 19, 2020 big IT giant cognizant announced that they have a massive ransomware attack. The official sources said that the organization has been hit by “Maze ransomware” and this has resulted in service disruption to some of it’s clients.
Ransomware is one the most serious cybersecurity problems for businesses. When a business becomes victim of a ransomware attack, They end up losing all their business critical data into the hands of some cyber criminal. This badly impacts organizations day to day operations, and causes monetary and reputational loss.
What is ransomware ?
Ransomware is a type of malware or in easy words computer virus, that encrypts the victim’s computer data and asks for ransom. Once the ransom is paid attackers restores the data again.
Users see some instructions on their computer screen about how to pay the ransom and get the decryption keys. The ransom can be in a few hundred dollars to thousands of dollars payable in cryptocurrencies such as Bitcoin.
How ransomware works ?
There are various ways ransomware can take access to the computers. The most common method of ransomware attack is Phishing emails.
Phishing emails come with malicious attachments, once these attached malicious files are downloaded to the system, they take control over the victim’s computer and encrypt all the data.
Some ransomware uses social engineering methods to take control over the computer. These ransomware come with built in social engineering tool kits and tricks user to get administrative access.
Some other types of ransomware such as WannaCry, NotPetya identify and exploit security loopholes. These ransomware spread through the computer network. These ransomware are programmed to scan the network and spread automatically.
Once these malware (ransomware) take control over the victim’s computer, they can perform numerous actions such as creating back-doors to spy on computers or using the infected computers to attack someone else or to perform any other criminal activity.
The most important fact to know about ransomware is that the encrypted files can not be decrypted without having the mathematical key attackers used in the ransomware attack.
The chances are very low that you will be able to decrypt files without paying the ransom to the attacker.
Who are the primary targets for ransomware attacks ?
Everyone is a potential target for ransomware attacks, but as we know the objective of ransomware attacks are to make money.
Small and medium sized businesses are the primary target for ransomware attacks as SMEs do not have enough cybersecurity countermeasures. In my personal experience SMEs believe that they are too small to be targeted by cyber criminals.
But the reality is 70% of the world’s total cyber attacks are faced by small and medium sized businesses. More specifically when it comes to the ransomware attacks SMEs face 71% of the total ransomware attacks.
As I have already talked SMEs don’t have enough cybersecurity countermeasures, majority of them are relying only on Antivirus and Firewall like traditional cybersecurity which is not at all enough to counter the modern cyber threats and the most important fact; majority of the ransomware attacks demands $300 to $600 of ransom per computer and SMEs can afford this amount.
So in all scenarios SMEs are more fruitful targets for attackers then the big giants.
On the other hand healthcare, financial services and govt organizations are the primary targets as their business can’t function without accessing the data and these organizations pay ransom at earliest.
If you are not on the list and do not feel safe, anyone can become a victim of ransomware attacks or any other kind of cyber crime. As I have mentioned earlier that there are ransomware which spread automatically over the network.
How to prevent ransomware ?
There is no silver bullet to prevent ransomware or any other type of cyber attacks. Cybersecurity awareness and multi-layer cyber defense is the only way to prevent ransomware and other types of cyber attacks. Still here are some golden rules which can help you keep your digital assets safe and secure :
- Never use pirated software, pirated software are untrusted and insecure. Always use genuine software.
- If you do not want to invest in software then opt for open source alternatives. Open source software are as good as the commercial ones.
- Always keep your Operating System updated. Security patch installation should be your top most priority.
- Do not use your computer with administrator or root privileges.
- Do not install or give administrative privileges to a software you don’t know.
- Enable your operating system firewall and install a good antivirus.
- Do not download every email attachment and do not click on every link.
- Always backup your business critical data.
- Do not connect any unknown devices such as pendrive, cd/dvd to your system.
Always keep in mind that there is no silver bullet to address cybersecurity. Cybersecurity can only be addressed using the process. Awareness among your team members, regularly install security updates, data backups, and multi-layer defense is the only way to protect your digital assets from modern cyber attacks.
Stay Safe Stay Healthy