What To Do To Handle Attacks By Ransomware?

Ransomware is dreaded by all computer users. It is an advanced malware that prevents you from accessing files and even the computer system unless you pay a ransom amount.

Ransomware is a rampant problem all over the world. As per Cybersecurity Ventures, businesses will be subject to such attacks every 11 seconds in 2021, compared to every 40 seconds in 2016 and 14 seconds in 2019.

Attacks have become more dangerous over the last few years. Attacks on corporate networks which encrypt sensitive information can cost millions of dollars. In 2020, the total global reports of ransomware rose by 485% on a year-on-year basis.

This rising trend from 2020 to 2021 is compounded by the fact that more and more people and businesses work online thanks to the Global Pandemic. Cybercriminals are using this opportunity to attack PC users as they are working outside the company firewall. Attacks first focused on COVID-19 linked messages in the first half of this period prior to shifting towards impersonations of travel, delivery, and banking services in the second half.

The quantum demanded for ransomware is also touching astronomical heights; the biggest attempt clocked a whopping $50 million. As a result, many companies put their foot down to paying ransom in 2020. Instead, they are relying on the best ransomware software to combat attacks.

Ransomware impacts all industries from higher education and oil and gas to health care and fin-tech. During the global Pandemic, the industries affected most were education, the public sector, and healthcare.

How does it work?

This malware works mostly through phishing e-mails, spam, or through efforts of social engineering. It may spread through websites or drive-by downloads to infect an endpoint and penetrate the network. The methods of infection are constantly evolving, and there are numerous ways in which your system can be impacted.

Once it reaches the system, ransomware locks all files that it can access by using strong encryption. After this, this malware presses for paying a ransom (mostly in Bitcoin) for decrypting the files and for restoring the total operations of the impacted IT system.

Cryptoware or encrypting ransomware is the most common method of ransomware. Other types include:

• Lock screens or Non-encrypting ransomware: It prevents access to data and files but does not encrypt them.
• Ransomware conducts encryption of the MBR (Master Boot Record) of a drive that prevents computers of victims from booting up in a live environment of the Operating System.
• Extrortionware or Leakware (robs damaging or compromising data) which the attackers threaten to release if the ransom is not paid.
• Ransomware of mobile devices: these infect mobile phones through fake apps or drive-by downloads.

How to defeat ransomware

In case you have been impacted by ransomware, do the following:

Isolate the infection

You must take all steps to prevent the spread of the infection by separating all impacted computers from the network, shared storage as well as each other.

The speed of detection of ransomware is critical to combat fast-moving attacks. The first thing to do is to disconnect the computer from the network as well as any devices for external storage of data. This is because cryptoworms actively seek infecting of other computers and networks.

Identify infection

Determine which malware you are dealing with by using identification tools, messages, and evidence on the computer. Most of the time, the ransomware will identify itself while demanding ransom. There are also numerous websites that help in identifying ransomware. By knowing the ransomware, one can know how it propagates, what kind of files it encrypts, and what are the options to handle and combat it. It also helps report the attack to authorities.

Report 

Thus, any ransomware attack must be reported to the authorities for supporting and coordinating measures for a counterattack. You will be helping all stakeholders by doing this. Reporting by victims offers law enforcement officials with a greater understanding of threats, offers justification for pursuing offenders, and contributes valuable information for current operations. The latter can better understand who is behind attacks and their modus operandi. This will help them develop effective anti-ransomware software.

Determine options

There are several ways to deal with ransomware infections. Determine which is most apt for you. The main options available for you are 1) paying the ransom, 2) attempt to remove the ransomware, and 3) wipe away the system and begin from scratch.

Paying the ransom is not considered a good idea. Paying up encourages more ransomware attacks, and there is no guarantee of return of affected files. 77% of respondents in a recent study said that they were not likely to pay the ransom. The fact is that even if you pay the ransom, you won’t gain your data back. This leaves you with 2 options: removing ransomware and restoring your system selectively or starting again from scratch.

It is debatable whether you can remove an infection successfully. There exists no functional decryptor for all existing ransomwares. In fact, the newer and more sophisticated the ransomware type, the lesser is the capacity to decrypt it. The best thing to do is to wipe away all systems totally and reinstall all files and systems from scratch.

Refresh and restore

Use safe back-ups, software, and program sources to restore your computer or set up a new platform. In case you have adopted a sound strategy for backup, you should have copies of all important files, media, and documents right till the point of malware infection.

Refresh the system with back-ups made before the ransomware attack and which are not prey to the infection. Back-ups stored in the cloud are the best bet.

Take steps to prevent recurrence

Evaluate how the infection occurred and what measures can be put in place to prevent ransomware from happening again. Ransomware attacks can be devastating. To prevent these, experts suggest the following:

• Use anti-malware and anti-virus software.
• Make regular and comprehensive back-ups of data
• Keep back-ups safe from potential infection
• Install latest security updates for your system
• Follow cyber-hygiene like not opening strange e-mails
• Switch off unnecessary shares of networks.
• Switch off admin rights to those who do not need them
• As much as possible, restrict write permissions on file servers.

In sum, it is good to be educated about various effects, sources, and combatting strategies of ransomware attacks.