Are You Safe From Ransomware?

Ransomware is one of the most devastating types of cybercrime malware in existence today. You have certainly read about it in the news or perhaps unfortunately experienced it first hand; but what is ransomware, exactly?  

 

Ransom malware, otherwise known as “ransomware”, is a type of malware that encrypts a user’s system or file, denying them access to their documents. Ransomware typically spreads through phishing emails or by inadvertently visiting an infected website. Attackers then demand a ransom in exchange for the release of data, ranging from hundreds to thousands or even millions of dollars, depending on the value of the content, often to be delivered in untraceable digital currencies (such as Bitcoin). If the ransom demands are not met, the data remains in the hands of the attackers, potentially released to the public, sold on the dark web, or deleted altogether.  

 

This article outlines who are targets of ransomware attacks, how it creeps its way into your desktop, and how you can prevent yourself from being forced to pay a hefty deliverance fee. 

How do I get ransomware

There are three main ways for a ransomware to infect your computer: 

 

  1. Malspam Emails: 

Malicious spam, or “malspam” emails, are unsolicited emails that are used to deliver malware. The email may contain the virus disguised as a credible attachment in the form of a PDF, Word document, or link to a malicious website. Malspam preys on human weaknesses, using social engineering to deceive people into opening attachments or clicking links by appearing to originate from a legitimate source (e.g., a trusted friend or reputable organization). ​

    2. Malvertising:

Malicious advertising, otherwise known as “malvertising”, is another form of ransomware that requires little to no user interaction. While scrolling through a website, users are directed to criminal servers without even clicking on the advertisement, as these malicious ads often appear as pop-up windows. It must be noted that reputable, legitimate websites are not immune to malvertising. You might have the best server protection, but all it takes is one wrong click or pop-up for you to fall prey to such attacks.  

 

    3. Ransomware-as-a-Service: 

 

Ransomware is so effective and popular among cybercriminals these days that many malicious actors operate Ransomware-as-a-Service (RaaS) business models in online criminal markets. RaaS allows anyone who wants to access and use ransomware against another individual or business to do so by simply paying online providers for the service, significantly lowering the barrier to cybercrime. Many RaaS providers operate with a high level of sophistication, offering competitive market prices and excellent customer support services to their criminal patrons. 

Who are the targets of ransomware attacks? 

In the past, ransomware attackers targeted individuals. However, cybercriminals have more recently turned to businesses for larger payouts, affecting more endpoints and to detrimental effect. Attackers target organizations holding sensitive data who can (and often do) pay quickly to retrieve their data and avoid irreparable damage or embarrassment. Such firms include financial institutions, medical facilities, and government agencies. Hackers know that these industries require consistent and reliable access to their data and face serious repercussions if Personally Identifiable Information (PII) of their patients, clients, or contractors are eliminated or released. 

 

Western markets like the United States, Canada and the United Kingdom remain the top three targets for ransomware attacks geographically. However, with many markets in Asia growing rapidly such as Singapore, Hong Kong, and China, ransomware-related acts are increasingly normalizing in these countries as attackers follow the money trail.  

How do I get malware?

There are three main ways for a ransomware to infect your computer:

 

  1. Malspam Emails:

 

Malicious spam, or “malspam” emails, are unsolicited emails that are used to deliver malware. The email may contain the virus disguised as a credible attachment in the form of a PDF, Word document, or link to a malicious website. Malspam preys on human weaknesses, using social engineering to deceive people into opening attachments or clicking links by appearing to originate from a legitimate source (e.g., a trusted friend or reputable organization).

 

    2. Malvertising:

 

Malicious advertising, otherwise known as “malvertising”, is another form of ransomware that requires little to no user interaction. While scrolling through a website, users are directed to criminal servers without even clicking on the advertisement, as these malicious ads often appear as pop-up windows. It must be noted that reputable, legitimate websites are not immune to malvertising. You might have the best server protection, but all it takes is one wrong click or pop-up for you to fall prey to such attacks.

 

    3. Ransomware-as-a-Service:

 

Ransomware is so effective and popular among cybercriminals these days that many malicious actors operate Ransomware-as-a-Service (RaaS) business models in online criminal markets. RaaS allows anyone who wants to access and use ransomware against another individual or business to do so by simply paying online providers for the service, significantly lowering the barrier to cybercrime. Many RaaS providers operate with a high level of sophistication, offering competitive market prices and excellent customer support services to their criminal patrons.

Who are the targets of malware attacks?

In the past, ransomware attackers targeted individuals. However, cybercriminals have more recently turned to businesses for larger payouts, affecting more endpoints and to detrimental effect. Attackers target organizations holding sensitive data who can (and often do) pay quickly to retrieve their data and avoid irreparable damage or embarrassment. Such firms include financial institutions, medical facilities, and government agencies. Hackers know that these industries require consistent and reliable access to their data and face serious repercussions if Personally Identifiable Information (PII) of their patients, clients, or contractors are eliminated or released.

 

Western markets like the United States, Canada and the United Kingdom remain the top three targets for ransomware attacks geographically. However, with many markets in Asia growing rapidly such as Singapore, Hong Kong, and China, ransomware-related acts are increasingly normalizing in these countries as attackers follow the money trail.

How can I protect myself against malware?

A commitment to cyber hygiene is critical to protecting organizations and users from cyber threats.  Malware protection begins with the basics, as follows:

 

  1. Update your software and operating system regularly. Outdated applications are at higher risk of compromise and are often the target of attacks.

  2. Configure firewalls to block access to malicious IP addresses.

  3. Do not click on links or open attachments from people who are outside your network or organizations.

  4. Back up your devices to an external hard drive on a regular basis.

  5. Follow safe practices when browsing the internet. Do not visit pages with uncommon URLs or sites that are not trusted.

  6. Enable strong email spam filters to prevent phishing attempts from reaching end users.

  7. Be wary of attachments that require you to enable macros to view files. Macro malware can infect multiple files.

  8. Authenticate inbound emails to prevent email spoofing.

  9. Apply application whitelisting to monitor the applications allowed to run on your network.

  10. Avoid revealing any personal or financial information over email or over the phone. Important transactions should occur face to face where possible.

More technical solutions include engaging a cyber security incident response firm to perform a routine risk analysis on your networks and servers to identify potential points of compromise. In addition, penetration testing is a good way to assess your barriers to entry from the perspective of a hacker.

For professional assistance with any of the above services, please schedule a call with a Blackpanda incident response expert here.

  • LinkedIn
  • Facebook
  • Twitter

SINGAPORE
 

3 Church Street, #25-01,

Singapore 049483

+65 6692 9110

hello@blackpanda.com

HONG KONG
 

Room 37, Level 5, Core F

Cyberport 3, 100 Cyberport Rd

Hong Kong


+852 6975 1099


hello@blackpanda.com

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

hello@blackpanda.com

SITE MAP

HOME

ABOUT US 

SERVICES

RESOURCES

CAREERS

CONTACT US

JAPAN
 

301, 2-7-18 Nishiazabu Minato-ku,

Tokyo 106-0031


+81 80 2077 9824


hello@blackpanda.com

Copyright © 2020 Blackpanda.
All Rights Reserved.

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

hello@blackpanda.com