Are You Safe from Ransomware?

How do I get it, who is targeted, and how can I protect myself?

MARK WHITTLEY

Vice President, DFIR

linkedin.png

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox

Ransomware is one of the most devastating types of cybercrime malware in existence today. You have certainly read about it in the news or perhaps, unfortunately, experienced it firsthand; but what is ransomware, exactly?  

 

Ransom malware, otherwise known as “ransomware”, is a type of malware that encrypts a user’s system or file(s), denying them access to their documents. Ransomware typically spreads through phishing emails or by inadvertently visiting an infected website, which enables computer code to run on the victim’s computer system. 

 

Ransomware code will encrypt the disk contents, or upload copies of the data to the attackers. These attackers then demand a ransom in exchange for the decryption or return of data, ranging from hundreds to thousands or even millions of dollars, depending on the value of the content, often to be delivered in untraceable digital currencies (such as Bitcoin).

 

If the ransom demands are not met, the data remains encrypted or in the hands of the attackers, potentially released to the public, sold on the dark web, or deleted altogether.  

This article outlines the targets of ransomware attacks, how it creeps its way into your desktop, and how you can prevent yourself from being forced to pay a hefty deliverance fee.

How do I get ransomware?

There are three main ways for ransomware to infect your computer: 

 

1. Malspam Emails

 

Malicious spam, or “malspam” emails, are unsolicited emails that are used to deliver malware. The email may contain the virus disguised as a credible attachment in the form of a PDF, Word document, or link to a malicious website. Malspam preys on human weaknesses, using social engineering to deceive people into opening attachments or clicking links by appearing to originate from a legitimate source (e.g., a trusted friend or reputable organisation). ​

2. Malvertising

Malicious advertising, otherwise known as “malvertising”, is another form of ransomware that requires little to no user interaction. While scrolling through a website, users are directed to criminal servers without even clicking on the advertisement, as these malicious ads often appear as pop-up windows.

 

It must be noted that reputable, legitimate websites are not immune to malvertising. You might have the latest and best computer protection, but all it takes is one wrong click or pop-up for you to fall prey to such attacks.  

 

3. Ransomware-as-a-Service (RaaS): 

 

Ransomware is so popular and effective among cybercriminals these days that many malicious actors operate Ransomware-as-a-Service (RaaS) business models in online criminal markets.

 

RaaS allows anyone who wants to access and use ransomware against another individual or business to do so by simply paying online providers for the service, significantly lowering the barrier to cybercrime. Many RaaS providers operate with a high level of sophistication, offering competitive market prices and excellent customer support services to their criminal patrons. 

"With rapid growth across Asia-Pacific markets, ransomware-related acts are increasingly normalizing in the region as attackers follow the money trail"

Who are the targets of ransomware attacks? 

In the past, ransomware attackers targeted individuals. However, cybercriminals have more recently turned to businesses for larger payouts, affecting more endpoints and to detrimental effect.

 

Attackers target organizations holding sensitive data who can (and often do) pay quickly to retrieve their data and avoid irreparable damage or embarrassment. Such firms include financial institutions, medical facilities, and government agencies.

 

Hackers know that these industries require consistent and reliable access to their data and face serious repercussions if Personally Identifiable Information (PII) of their patients, clients, or contractors are eliminated or released. 

 

Western markets like the United States, Canada and the United Kingdom remain the top three targets for ransomware attacks geographically. However, with rapid growth across Asia-Pacific markets (such as Hong Kong, Singapore, and ASEAN economies) ransomware-related acts are increasingly normalizing in the region as attackers follow the money trail. 

How can I protect myself against malware?

A commitment to cyber hygiene is critical to protecting organizations and users from cyber threats.  Malware protection begins with the basics, as follows:

 

  1. Update your software and operating system regularly. Outdated applications are at higher risk of compromise and are often the target of attacks.
     

  2. Configure firewalls to block access to malicious IP addresses.
     

  3. Do not click on links or open attachments from people who are outside your network or organisations unless they are completely trustworthy. If in doubt confirm with sender that they intended to send communication through new reply email or phone call.
     

  4. Back up your devices to an external hard drive on a regular basis and disconnect the hard drive from your computer following backups – backups are also targeted by attackers.
     

  5. Follow safe practices when browsing the internet. Do not visit pages with uncommon URLs or sites that are not trusted.
     

  6. Enable strong email spam filters to prevent phishing attempts from reaching end users.
     

  7. Be wary of attachments that require you to enable macros to view files. Macro malware can infect multiple files.
     

  8. Authenticate inbound emails to prevent email spoofing.
     

  9. Apply application whitelisting to monitor the applications allowed to run on your network.
     

  10. Avoid revealing any personal or financial information over email or over the phone. Important transactions should occur face to face where possible.

More technical solutions include engaging a cyber security incident response firm to perform a routine risk analysis on your networks and servers to identify potential points of compromise. In addition, penetration testing is a good way to assess your barriers to entry from the perspective of a hacker.

For professional assistance with any of the above services, please schedule a call with a Blackpanda incident response expert here.

Interested in speaking to a DFIR specialist? 

Services

Additional Resources

Copyright © 2020 Blackpanda.
All Rights Reserved.

HONG KONG

Room 37, Level 5, Core F

Cyberport 3,

100 Cyberport Rd

Hong Kong

+852 6975 1099

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

JAPAN

301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031

+81 80 2077 9824

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

SINGAPORE

3 Church Street

#25-01, Samsung Hub

Singapore 049483

+65 6692 9110

  • LinkedIn
  • Facebook
  • Twitter