Ransomware is no laughing matter.
It has crippled and ended entire businesses. It has brought headache, heartache and dismay to the lives of many. Over the last decade, ransomware has grown to become one of the most successful forms of cybercrime, but the worst thing is that it does not seem to be slowing in the least bit. This may be due to the fact that people that are hit with ransomware are reluctant to let the world know that their systems have been compromised. Not only would they be losing face, but there would be a certain amount of trust lost between the afflicted party and their clients or investors. Many businesses capitulate to the demands of the criminals and end up paying the ransom in hopes that the whole thing would just go away like a bad dream.
The real question that pops into the minds of victims of ransomware attacks is, How did this happen in the first place? People often mistakenly associate ransomware attacks with viruses. Close, but no cigar. More often than not ransomware attacks are varieties of worms or Trojans. Once installed on systems, these cryptographic worms will lie in wait, seek out or collect info, then once activated by the cybercriminal, it will encrypt files, and it may even delete copies of those files throughout the network. Once it has reached this stage, very little can be done in terms of preventing or remedying the situation. However, if one were to focus on the precursor of such an event then maybe, just maybe, something can be done.
Ransomware worms don’t just appear out of nowhere.
Sure, there may have been instances were a worm was stealthily downloaded by a malicious website onto the system of an unsuspecting individual casually browsing the Internet. But, the most common way ransomware worms make their way into company and individual systems is through emails. An alarming statistic was recently released which indicated that up to 93% of all phishing emails contain some form of ransomware. 93%! Cybercriminals are now meticulously crafting phishing emails that are meant to look like, sound like, and feel like authentic emails from trusted sources. They even have headers and signatures that mimic official interoffice emails sent within a company.
Since phishing emails are the main vector upon which cybercriminals are transmitting ransomware attacks, it is, therefore, logical to focus efforts in that area. Yes, you should still perform regular backups of your files, folders and drives, as this will ensure that you will always have a copy of your data and information tucked away in a safe place, but you will drastically reduce the odds that a ransomware cryptographic worm will enter you system if you know how to deal with “bad” emails.
Setting up a filter is an obvious first step in creating an email handling protocol.
This filter should begin with the creation of a whitelist (for known trusted senders) and a blacklist (for known malicious senders). The next step would be to create a standardised email handling procedure, from which no one is exempt, not the director or CEO, not the mailroom guy, no one. This procedure will outline the default standard headlines, letterheads and signatures to be used within the company. This will help make it easier for employees to notice aberrations or modifications to email defaults. The next step is a bit more tricky to teach or implement, because email wording is nuanced from person to person. Different people have different writing styles, but what can be relayed to employees is to ask them to familiarise themselves with the writing styles, tones and vocabulary that their contacts use. Their suspicions may arise when their client who is usually a curt, 5-sentence maximum kind of guy or gal, is all of a sudden writing in with a lengthy 5 paragraph note asking them to, above all else, take a look at their attached file. Red flag!
Speaking of downloadable files, ransomware worms are embedded in them.
Opening and installing files is the predominant way that cryptographic worms enter systems. Proper download regulations and guidelines must be created, implemented and enforced to ensure that worms, viruses and other malicious files do not find their way into the company system. Implementing these security measures allows a company or an individual to be proactive in securing their systems from ransomware attacks.