Businesses of all sizes, especially those 100+, are known to be targets of ransomware. The healthcare sector takes the brunt of the attempts, but everyone from restaurants to car dealerships is in danger – if you collect data, you’re at risk.
As you’re taking the necessary steps to protect yourself from a broad range of cyberattacks, it’s critical you and your team be well aware of the threats, particularly when it comes to one of the digital criminal’s favorite tools.
So let’s discuss what exactly ransomware is, how to detect it within your network, and, of course, what to do if you run into a problem.
What is Ransomware?
First and foremost, ransomware is defined as an ever-evolving form of malware (software specifically designed to disrupt, damage, or gain unauthorized access to a system) designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and then those malicious actors demand ransom in exchange for decryption.
It may seem like a really specific definition, but think about it this way: Ransomware belligerents, much like the professional kidnappers of the bootlegging era in America, often target those who are unable to fight back, meaning those with poor security and even poorer IT management.
Once they gain access to your information, these bad actors will threaten to sell or leak exfiltrated data or other privileged information if a ransom is not paid by a specific time. Recently, ransomware incidents have become increasingly common against governments and critical infrastructure organizations.
In 2020 alone, the FBI received 2,474 complaints, and those are just the attacks that were discovered and eventually filtered up to the highest level. In 2016, businesses in America were victims of a Ransomware attack every 40 seconds, a number that has since dropped to just 11 seconds in 2021. Due to so much online schooling in America right now, K-12 school districts are sadly the main targets of ransomware, accounting for almost 60% of all attacks according to the FBI.
The average amount paid in Q3 of 2020 was a whopping $233,817, though it decreased in Q4 to $154,108 as businesses of all sizes became fed up with ransomware deployers destroying files after receiving payment. Individual ransoms have skyrocketed, reaching up to $50 million in one case.
Understanding how knowledgable you are in regard to ransomware could save your business!
Detecting Ransomware On Your Network
It’s incredibly important to note first and foremost that, if you’ve been contacted by someone with a ransom, you need to take immediate action. Those gaining access to your system don’t perform large-scale smash and grab operations like some thieves have taken to in major cities, but instead tip-toe around and opt to take their time, pursuing the data you’ve presented them and planning their next steps.
Luckily, it is possible to tell that someone has accessed your network before they lock you out for good. For instance, many will perform “dry run” attacks on your system, hitting you with small, isolated attacks on different machines that appear to take the form of individual breaches with no coordination. This is where the attacker is gathering information about their malware, specifically about where your vulnerabilities are.
Your team should always discuss any attacks on your network and immediately perform detailed backups if you suspect foul play. Some of these attacks are obvious – shutting down networks – but others can take the form of lateral phishing emails (a phishing attempt that comes from inside your domain) or even continuous suspicious login attempts.
Read our blog on the importance of data backups here:
Your IT team can also search your network for scanners like AngryIP and Advanced Port Scanner. Though not specifically bad on their own, the detection of these programs – when they aren’t traced back to someone within your team – are evidence attackers are performing reconnaissance on your system. Other security-disabling apps like GMER, PC Hunter, Process Hacker and more can also signal the presence of ne’er-do-wells.
Finally, the typical final step in a full-out attack on your system is the encryption of a small number of devices. As they are normally working slowly and methodically, this last test confirms the Ransomware is ready to be activated enmasse, making it the last chance your team could have to back up your entire system.
The repercussions from a ransomware attack can be catastrophic to any business impacted, but these attacks don’t come out of the blue and materialized from thin air. Setting up regular processes to monitor your network means you team will always be looking out for these sure-signs your network is under water, allowing your group to take the protective and evasive measures that can keep your money in your pocket and your data where it belongs.
For more information on tech topics like how to protect your business from ransomware attacks, sign up for PTG Tech Talk, follow us on LinkedIn, Facebook, and Twitter, check out our other blogs or give us a call at (864) 552-1291, and we'll help you evaluate capabilities and options.