Ransomware – sharp increase of cyber-attacks over the last 12 months.
23 November 2020
According to the Cyber Resilience Centre for the West Midlands, incidents of reported ransomware attacks increased significantly in the last 12 months. It is reported that there have been 121 million attacks since the start of 2020.
So what is ransomware, how does it work and how can it be removed? The following information is provided courtesy of ‘CSO United Kingdom’; experts in providing IT security professionals with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks. The full ransomware article can be found here
https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html
Ransomware is a form of malware that encrypts a victim’s online files. The attacker then demands a ransom from the victim to restore access to the data upon payment. The victims are shown instructions for how to pay a fee to get the decryption key. The payments demanded can range from a few hundred pounds, running into thousands or even millions, payable to the cybercriminal via Bitcoin.
There are a number of attack vectors ransomware can take to access a victim’s computer. One of the most common methods is through phishing spam — attachments that come to the victim in an email, purporting to be trustworthy but when opened, they can control the victim’s computer. Other forms of ransomware seek to exploit security vulnerabilities and require no deception.
There are several things the malware might do once it’s taken over the victim’s computer, but the most common is to encrypt some or all of the victim’s files. These files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now encrypted and inaccessible, and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.
There are a number of defensive steps that can be taken to prevent ransomware infection.
These steps are generally good security practices, so implementing them improves your resilience to all kinds of cyber-attack:
- Keep your operating system patched and up to date to ensure you have fewer vulnerabilities to exploit.
- Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorised applications from executing in the first place.
- Back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.
So, if you’ve been the victim of a ransomware attack, how can you remove it? Generally speaking, a victim will want to do 2 things: 1) Regain control of their computer 2)Decrypt the files subject of the ransomware attack.
It is possible to regain control of your computer, and there are various online resources that can provide a step by step guide to regaining control, removing the malware and restoring your machine to a previous state. However regaining control will not decrypt your files. That can only be done via the key held by the attacker, and because you’ve removed the malware you have now also lost any opportunity to pay the attacker the ransom they demanded.
Ransomware is big business. Globally its believed ransomware costs 21 billion dollars per week. Some business sectors are particularly prone to ransomware attacks – and to paying the ransoms demanded.
Hospitals, other medical and healthcare establishments including laboratories account for approximately 45% of victims – as these establishments are highly likely to pay a resonable ransom to remove the problem.
By contrast, data from 2017 revealed that approximately 90% of the financial services sector were targeted for ransomware attacks on the presumption that is where the big money is.
Ransomware continues to evolve. The National Cyber Security Centre (NCSC) has issued guidance on mitigating malware and ransomware attacks, which can be found here https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks