Cybercrime has increased at an alarming rate in recent years. Unfortunately, advances in technology are closely linked to advances in cybercrime.
According to the Cyber Security Breaches Survey, in 2018, 43% of companies were victims of some form of cybersecurity filtering. The previous year, the state of California in the United States lost more than $ 214 million just for cybercrime.
Just last month we wrote about the latest attack on the news, Collection # 1. And on the basis that it is calculated that only last year, cybercrime generated at least $ 1.5 trillion, it is not surprising that there is great concern.
There are many forms of cybercrime, from identity theft and Internet fraud to cyber stalking. In this blog, we will focus on the ransomware.
What is ransomware?
The ransomware is a structure of malicious software designed to block access to a computer system or publishing online personal data of the victim. By this, the attacker always demanding a ransom from the victim, (which is not always true) to re-enable access to the data after payment.
Although they have existed since the 80s and we have seen the emergence of different ransomware Trojans in the last decade, the great opportunity to attack has been facilitated since the appearance of Bitcoin. This cryptocurrency allows the attackers to obtain money from their victims easily, without having to use traditional channels.
Where does the ransomware come from?
The ransomware the scammers designed with great knowledge, experts in computer programming. The ransomware can enter through your computer in an email attachment, through your network or through your browser, if you visit a website infected with this type of malware.
How does ransomware work?
The system most used by the ransomware is the spam of identity theft, by means of attachments that arrive at the victim’s email simulating a file in which they can trust. According to research by Trend Micro, a company security software, 91% of cyber-attacks and data leaks resulting start with a phishing email spear (spear phishing)
Once the attachment is downloaded and opened, the malware seizes the victim’s computer, encrypting some of the user’s files. When this happens, the only way to remove the encryption is through a mathematical key that only the attacker knows.
There have also been cases where the malware displays a message stating that the user’s “Windows” is blocked. Then, the user is instructed to call a “Microsoft” phone number and enter a six-digit code to reactivate the system. The message indicates that the phone call is free, which is not true. While calling the fake “Microsoft”, the user accumulates expenses for long distance calls.
Another type of malware is the so-called leakware or doxware. In this case, the attacker threatens to publish sensitive data from the victim’s hard drive, unless a ransom is paid. It frequently points to emails and Word documents, although there have also been cases of mobile variants, where private messages, images and contact lists of users’ phones have been published.
The doxware is more effective than the ransomware, in terms of taking money from the victim. With the ransomware, it is possible to keep backup copies of data recovery company that can no longer be accessed, but with the doxware, once the attacker accesses the information that the victim does not want to see published, there are not many more options to pay.
It is not only the rescue that is costly!
One thinks that paying a ransom to regain access to your own data is bad enough, although that may be insignificant compared to the real costs of damage that an attack involves. Among them, we find the following:
- Damage and destruction (or loss) of data.
- Lost productivity
- Interruption after the attack of normal commercial activities.
- Forensic investigation
- Restoration and deletion of hostage systems and data.
- Damage to reputation.
- Employee training, as a direct response to the attacks.
If we take into account all of the above, it is not surprising that ransomware damages are estimated to reach 11,500 million this year, with a projection of an attack every 14 seconds at the end of this year, which is an increase with respect to the 40 seconds of last year.
Pay or not pay
When we talk to experts in cybercrime, most advise not to pay ransoms, since financing ransomware attackers will only help to create more ransomware.
Despite this, many organizations discard this advice after comparing the costs of the encrypted data with the requested rescue. Last year, in the United States, 45% of companies attacked by ransomware paid their attackers. Because they did that?!
Even when it is suggested to refuse the ransom payment in the case of a large business community, it may not be the best course of action for a certain company. Especially when there is a possibility that the company may stop having permanent access to vital data, receive fines from regulatory bodies or simply go bankrupt. The choice between paying a relatively small ransom and continuing to function as a company or refusing to pay to help the wider community, for the majority, is not something that needs to be thought twice.
In some cases of ransomware, the ransom demanded has a cost that justifies the effort of the attacker, but it is low enough to make it cheaper for the victim to pay for it than to reconstruct their lost data. In some cases discounts are offered, if the victim pays within a certain period, for example 3 days.
Considering this, some companies have started to accumulate Bitcoin reserves to use them specifically for the payment of ransoms. We can appreciate this in particular in the United Kingdom, where organizations seem to be more likely to pay ransoms. According to Gotham Sharma, Managing Director of Exeltek Consulting Group, “Approximately one third of medium-sized English companies report that they have Bitcoin available to respond to ransomware emergencies, in case other options cannot be implemented immediately.”
What to do if you suffer a ransomware infection
If you discover that you have suffered a ransomware infection, you must first determine what kind of ransomware it is. If it is not possible for you to remove a ransomware note from the screen, then you probably have suffered a screen-blocking ransomware infection. If you can use the applications, but you cannot open your files, play movies, etc., the infection is by encryption ransomware, the worst of the two cases. If you can use your entire system and read all your files, then it is probably a false attack that simply tries to scare you into paying.
This is an excellent blog that details what you should do when you suffer a ransomware attack, both screen lock and encryption.
How to avoid ransomware?
Make sure you have a good backup copy of all your files. That way, if something happens, restoring your files from a backup copy will be the fastest way to regain access to your data.
When you respond to emails, unsolicited phone calls, text messages or instant messages, do not provide any personal information. Phishing scammers may try to trick employees into installing malware or obtain information by saying they come from the IT department.
Make sure you have a firewall and good quality antivirus software. There are many fake programs on the market, so it is vital to have a strong antivirus and firewall, in order to ensure security against malware attacks.
Make sure the filtering and scanning of content on your email servers is enabled. Each of the incoming emails must be scanned, in search of known threats, and any type of attachment that may be a threat must be blocked.
If you travel for work, make sure your IT department is informed of this, especially if you think you will use public wireless Internet points. Make sure you have a trusted Virtual Private Network (VPN) when you access any public Wi-Fi point.
Make sure all the software on your computer is up to date. This includes the operating system, the browser and any toolbar plugins that you use.