2019: The Rise of Ransomware

Ransomware has been around for some time now, however, during the past twelve months wGove have seen a dramatic increase in reported attacks.   One can almost be certain that the attacks that are reported are in the minority. Most companies would not want it publicly known that they had fallen victim to an attack for obvious reasons.  One could go as far as saying 2019 was the year Ransomware impacted nearly everyone in one way or another. 

It is also safe to bet that 2019 is not going to be the end of Ransomware.  Why would it? Most organisations and individuals are either living with the hope it won’t happen to them, believe that they are secure due to traditional anti-virus software, or know they will be hit, and not knowing how to handle it, have taken out insurance to pay the criminals to allow them access to their very own data.  This goes against all law enforcement warnings, as it results in creating a larger market for these criminals, but after all, “it’s not their business” that’s being threatened.

We’re here to tell you that there are other options.  You can make it significantly more difficult for these criminals to steal your data and you do not need highly expensive solutions and extremely skilled IT professionals to do it. Ransomware, is a subset of Malware, and while it is smart and often hides itself quite well, it is certainly possible to identify with the right tools in place and thus equally as possible to to defend against.

So what is Ransomware?

Ransomware is a form of malware or malicious software that makes its way onto a network via an infected website or phishing email that is opened by a user.  Once in the door, Ransomware lurks on the network, waiting for the right opportunity to present itself. As soon as this occurs, the Ransomware malware leaps into action, encrypting the hosts data (company, organisation, individual) and then immediately demanding a ransom be paid in order to unlock this data. It is much like a stranger entering your house unnoticed and then changing all the locks so you can’t access your own possessions, without first paying a fee.

How is Ransomware different from other Malware?

Ransomware is different from other malware in that it is highly targeted, it isn’t looking for just any data, it hunts, like a predator, it is stealthy, lurking quietly, looking for sensitive files, susceptible files can range from payroll data, to private and classified client information and other confidential data. Once located, the Ransomware wastes no time in taking this data and encrypting it.

Accessing your Encrypted Data

The very name of this malware tells you exactly how you may be able to gain access to your data.  We say “may” as there is no guarantee that you will ever be able to access your sensitive data. Your data is encrypted, the criminal/hacker is the only one with the key to unlock the encryption and provide you with access to your data.  Your data is being held ransom, and for an amount, determined by the hacker/criminal, you may get the password or decryption key that allows you to access your data.

Gaining access to your data will usually involve payment in Bitcoin, or some other crypto-currency, to the hacker in return for a password or key to unlock your data.  A cyrpto-currency is not linked to anyone’s name or any identifiable location, number, banks, country or anything that one can use to discover the identity of the criminal, it is simply not traceable and the hacker will not be caught.  

Worse still

Worse still, there is no guarantee that by paying the ransom you will get the password.  Unlike other crimes, identifying the responsible party is usually impossible. The hacker or criminal can simply take the payment and then disappear as quickly as he/she/they showed up and leave your data still completely encrypted.  Now you have lost both money and reputation.  

This is not the type of malware you can afford to simply hope you are protected against.  You need to know you are, the consequences of being targeted with no defences in place are simply to severe!

Insurance is not the solution

Ransomware has become so prevalent that an entire insurance industry has been created to protect companies and provide funds to pay the ransom.  However, having sufficient funds to pay the hacker/criminal is likely to make you a repeat target while still not addressing the inadequacies in your information security arsenal.

So how do you protect against Ransomware?

Traditional antivirus software does not always have the ability to protect you from Ransomware, Ransomware is sophisticated, uses many routes in and often doesn’t have a defined signature.  Traditional antivirus can only stop malware with a known signature that the antivirus software has stored in its database.

The only type of protection that can prevent Ransomware from entering and then encrypting is advanced Web Content Filtering and Behaviour-based IDS.  The Web Content filter must be constantly learning and adding suspicious hosts to its database, countless new websites are created daily and your Content Filter needs to be crawling the web and categorising these.  Your Content Filter must be set to block suspicious hosts. This will protect you against a large percentage of Ransomware attempts – preventing them from even entering the door.

In the event that a Ransomware connection does make it through the door, your behaviour-based IDS will immediately pick it up.  Much like a criminal profiler, behaviour-based IDS looks at traffic and connection patterns, a connection that does not fit the standard pattern is immediately identified as an anomaly and the behaviour-based IDS instantly kills off that dangerous connection, not allowing it to “phone home”.  

Internet Service Providers, IT companies and large tech departments in Enterprise Companies have the ability to provide this service to their clients.  LucidView offers the service at a minimal cost should an ISP, IT company or Enterprise want to brand it as their own and offer customised reporting and dashboards.

There is no longer an excuse for service providers not being able to provide this service to their customers; as the solution is available to every ISP, business and home user.  Simply visit our website, register your Portal account and follow our clear instruction guides and you will reduce your vulnerability to Ransomware dramatically.