WHAT IS RANSOMWARE?

Ransomware is a type of malware, or malicious software, that hackers launch to disable or limit an organization’s access to its data until a ransom is paid. The hackers then instruct the organization on how to pay the ransom to release the decryption key that will allow the company to decrypt the data and potentially gain access to its files, databases, and applications.

Ransomware attacks are increasing rapidly, generating substantial revenue for cybercriminals and causing significant damage to businesses and government bodies. Attack groups are constantly adapting and evolving their tactics, devising new ways to extort ransom from victims. As long as these gangs can extort payment from businesses, ransomware attacks will continue to escalate.

To combat this, businesses like yours need to develop a solid cyber defense strategy to minimize the risk and mitigate the impact of ransomware so that they can recover quickly if their systems are compromised.

Top attack vectors

When you understand how ransomware attacks work, including the vectors and avenues used by bad actors, you can lower your chances of falling victim to them. Listed below are a few popular attack vectors hackers use to launch ransomware:

• Email phishing 
• Unsecured RDP ports 
• Software/patching vulnerabilities
• Malicious websites 
• Pop-ups/ads 

Top ransomware trends

Ransomware gangs continuously rethink and upgrade their techniques as new technologies emerge and more businesses try to protect themselves against attacks. Here are a few of the latest techniques ransomware gangs and their affiliates use to target their victims:

• Supply chain attacks

To maximize the attack radius and impact, threat actors target weak links in supply chains, threatening not only a single business but also an organization’s entire ecosystem.

• Double extortion

Hackers not only encrypt the data but also steal it and threaten the victim to release it unless a ransom is paid.

• Ransomware-as-a-Service (RaaS)

Affiliates secure access to a subscription-based platform that contains all the ransomware code and operating infrastructure needed to run ransomware attacks.

• Increased attacks against small and midsize businesses

After several high-profile indictments of cybercriminals who got caught, law enforcement agencies have seen a shift in criminal behavior from high-profile hacking to targeting midsized businesses to evade public scrutiny

Impacts of a successful attack

• Extended downtime
• Lost files, wages, and equipment 
• Additional costs
• Damaged reputation and loss of customers
• Regulatory fines 

Best practices to protect your business from ransomware attacks

CISA recommends the following precautions to shield users against today’s sophisticated ransomware threats:

» Hackers can easily exploit vulnerabilities in outdated applications and operating systems because they have more attack surface areas. Update your software and operating systems with the latest patches to stay ahead of threats. » A standard tactic hackers use to launch ransomware attacks is sending phishing emails with malicious links or attachments. Never click on links or attachments in unsolicited emails.

» Keep your backups safe by taking them offline and ensuring they are malware-free.

» To reduce the risks associated with online browsing and remote connections to your network, ensure your employees are aware of security best practices and maintain cyber hygiene.

More best practices include:

• Anti-phishing and email security protocols and tools  
• Security awareness training
• Vulnerability scanning 
• Patch management
• Endpoint detection and response  
• Network monitoring
• Network segmentation 
• Identity and access management
• Strong password policies/good password hygiene

More details about the best practices and how to respond to a ransomware attack you can find in YOUR RANSOMWARE SURVIVAL GUIDE.