Ransomware groups are everywhere, stay vigilant
An Unlikely Start to The Workday…
It has been a sluggish beginning to the day… but not unlike any other. The rich aroma of hot coffee fills your space as you take a seat at your desk (I prefer cold brew but to each their own). But something is unusual, there is a noticeable presence of anxiety in the office this morning that catches your eye. However, you have not received an email alert of an emergency, so you continue to log onto your workstation only to find your access… is gone. Outraged, yet confused, you slam down on your desk spilling your piping hot coffee all over yourself… ouch, this is why I prefer cold brew.
Looks like your IT department has a mystery on its hands and in the meantime none of the computers in your office are working. Instead, there is only one pop-up window on your screen reading, “Oops, your files are locked! But you can regain access by paying a ransom by the end of the week.” If you have completed your security awareness training, at this point it should be clear to you that your organization has been infected with ransomware that has spread to the whole office.
What is Ransomware?
What you have is a type of malware or malicious software that can destroy or block your access to critical data or systems until you pay a ransom. Ransomware can target individuals or entire organizations and over the years attackers have used more complex ways to infect hosts. Historically, there are two main types of ransomware attacks: Crypto and Locker.
No, not that type of crypto, fortune favors the unadventurous here. A Crypto ransomware attack encrypts users’ data or files, and they must pay a ransom to receive an encryption key to regain access. However, even if you pay the ransom there is no guarantee that the attacker will send the key or give you control back. According to Forbes, this is why experts suggest users do not pay the ransom.
Locker ransomware is the type referenced at the top of this blog. This type locks you out of your device making it impossible to log back in. Like our story above, the user is presented with an on-screen notice with instructions on how to pay the ransom. Locker ransomware does not typically involve encryption so once the user regains access their sensitive files should remain intact.
Once again, we want to reiterate that paying the ransom should be avoided. Gartner recently found that for companies that pay only 65% of the data is recovered, and only 8% of organizations manage to recover all of their data. Law enforcement agencies also recommend not paying because it only encourages continued criminal activity. Also, it could be considered illegal because you are technically funding criminal activity.
Why is it on the Rise?
There are two main reasons why ransomware attacks are on the rise. Firstly, ransomware is a very profitable business model for cybercriminals, and in some cases (Which we do not recommend) paying the ransom is easier and cheaper than recovering from a backup but of course, you do not want to support criminals. Secondly, the capabilities of technologies are always expanding. Ransomware tools are readily accessible online for threat actors to use. Also, the increase of remote work around the world has opened more possibilities for social engineering and email phishing campaigns. Along with that are vulnerabilities created with Bring Your Own Device and hybrid work policies that allow employees to bring their work laptop home for a couple of days of the week. A survey of security leaders in North America and the U.K found that 90% of organizations reported a ransomware attack in the last year, which was up from 70% in 2021. Ransomware groups are not to be taken lightly. Just recently Costa Rica declared a National Emergency after most of their government’s systems were frozen by a Russian-linked ransomware group called Conti. This is the first time a country has declared a national emergency in response to a cyber-attack.
It’s Here to Stay, What can you do?
The recent news of Costa Rica’s ransomware attack was unprecedented. Ransomware attacks are only becoming more prevalent and invasive for companies and organizations across the world. We recommend a few practices to curb the rising tide. This could be proper network segmentation, increased toolset, offline backups, or tabletop exercises, which you can read more about from our blogs. Also, reputable antimalware tools or software should be considered for dealing with attacks, combined with a Zero trust architecture (ZTA). A Zero trust architecture assumes there is no implicit trust granted to assets or users based solely on their physical or network location. Those are a few preventative examples, however, a strategic approach should be taken tailored specifically to your environment. We can help!
… A Not so Fun End to the Workday
After your IT team performed forensic analysis, they were able to confirm that the malicious software made its way into the organization’s network via an email phishing attack… someone needs to re-up on their training. Looking to discuss with your colleagues, you turn to your coworker sitting next to you and whisper out how bad you feel for the person who started this mess by clicking on the email. But as you say that you remember last night you opened an image in an email titled “Funny Cat Pictures”. And now you hear footsteps approaching your desk, but not like loafers or heels… something more casual like sneakers… oh no it’s someone from IT! They stop by and inform you that the ransomware originated from your laptop…oops.
For more information speak with a QoS consultant today, sales@qosconsultingsolutions.com, or reach out through our contact form on our website, http://www.qosconsultingsolutions.com/.
Michael Joe is a Security Consultant and blog writer at QoS Consulting Solutions, author of several captivating works on our website. Michael graduated from the College of Charleston in South Carolina with a Bachelor of Arts degree in Communication and with Latin Honors: Cum Laude. Michael’s passion for spreading awareness and knowledge of information technologies and cybersecurity is evident in his unique voice and writing style. As you noticed in his work, Michael’s storytelling and humor have a way of grasping the reader in a way few technology-focused blogs have done. Michael’s aim is to educate and entertain to change the way people perceive IT literature: Moving it away from a hyper-focus on so called “geeks”, towards the greater public. Cybersecurity is for EVERYONE, not just the techies in the trenches! Michael was expertly trained in the art of cybersecurity consulting.
See author's posts