Ransomware is an act of crime punishable by law. Criminals hack into the computer systems or devices and lock out the user. Once the ransom is paid, the system or device is unlocked.
Microsoft Defender for Endpoint blocked more than 9.6 billion malware threats targeting enterprise and consumer customer devices, between January and December 2021, according to a Microsoft report, Cyber Signals January to December 2021.
In India, the most recent large-scale ransomware attack was the one against airlines about five days ago. Click here to read more about that.
There has been an increase in attacks and phishing campaigns, especially ransomware attacks, that target not just critical infrastructure providers or large enterprises but also small and medium businesses, due to the shift to a remote working environment, said Rama Vedashree, CEO Data Security Council of India (DSCI), at a recent roundtable conference on cyber security.
The report also states that contrary to popular belief that there is a single monolithic entity organising such ransomware attacks, in reality, it's quite the opposite.
“A type of ransomware can only become prolific when it gains access to credentials and the ability to spread. From there, even if it is a known strain, it can do a lot of damage,” the report stated. There is a cybercriminal economy where different criminals participate in a commoditised style of attacking. The aim is to generate maximum profit based on how each criminal exploits the information that they get access to. The higher the quality of information, the higher is the monetary reward.
Three Main Ways Of Ransomware Attacks
According to the report, cybercriminals used three primary entrance vectors to plug the ransomware into the systems of the victim.
- Remote Desktop Protocol (RDP) Brute Force
- Vulnerable Internet Computer System
- Phishing Attacks
All of these vectors can be mitigated with proper password protection, identity management, and software updates in addition to a comprehensive security and compliance toolset, noted the report.
A ransomware attack affects not only the company also but its customers. For example, in the Spicejet ransomware attacks, passengers had to face delays of several hours. In the attack on Oil India, the PSU received a ransom demand of $75,00,000 (over Rs 57 crore).
There are various such cases, but organisations can protect themselves from ransomware attacks. Here’s how.
- Credentials: For a ransomware attack to be successful, criminals need to find a person with higher-level credentials and then compromise it, the report states. To prevent such a situation from developing, companies should implement safeguards such as password-less authentication, multi-factor authentication, placing certain persons as priority executives, and better management of administrator and other privilege roles.
- Anomaly: Look out for telltale anomalies in their system’s behaviour. “Early logins, file movement, and other behaviours that introduce ransomware can seem nondescript. Nonetheless, teams need to monitor for anomalies and act on them swiftly,” the report states.
- Response Plan: Microsoft noted that since almost every big organisation uses Cloud computing, it is common practice to share and sync data. Hence, appropriate training of employees should be conducted so that they can effectively visualise and practise data recovery or restoration plan taking minimal time.
- Risk Mitigation: The time difference between a cyber attack and its detection is highly critical. So, if warning systems are fast enough and the organisation has the required skill-set to deal with it, a lot of data can be saved.