Blog

Beware the ever-present danger of ransomware

Ransomware is a growing threat and your business should have a disaster recovery solution in place to safeguard your data. STS can offer you this.
03 November 2020 Michael Holtzhausen

Ransomware is a particular type of malware with a self-descriptive name. It blocks access to systems and data while the perpetrator demands a ransom, usually in the form of cryptocurrency, to remove it.

In 2016, a study conducted by IBM found that spam emails loaded with ransomware had increased by
6 000% in the space of a year. And although its proliferation has slowed since then, the staggering cost of ransomware attacks around the world continues to rise. A report from cybersecurity firm Deep Instinct put the total cost of the damage inflicted in 2019 at US$11.5 billion compared with about US$8 billion in 2018.

A 2020 report from Kaspersky Lab found that overall awareness for the necessity of security measures was increasing, so cybercriminals were becoming more precise with their attacks. Microsoft’s Digital Defence Report found that attackers had found new ways to scour the internet in search of vulnerable systems, with an increasing focus on IoT devices.

Examples of ransomware attacks

Although there are abundant varieties of ransomware attacks appearing, disappearing and evolving, here are a few typical (and some notably unique) examples:

Maze: Maze uses multiple methods of intrusion including cloned websites and email spam to impersonate government agencies or popular security providers. The perpetrators steal an organisation’s data, encrypt it, and then threaten to publish it if a ransom isn’t paid. This is typical of a new trend of online extortion where cybercriminals threaten the disclosure of sensitive data.

vxCrypter: This is possibly the first ransomware infection to delete duplicate files as it encrypts data. The perpetrators reportedly tell the victim they have hacked their networks and discovered evidence of tax evasion, which they will report to the authorities unless they receive a Bitcoin payment.

Virlock: First seen in 2014, Virlock ransomware spreads like wildfire through a network via cloud storage and collaboration apps. It not only encrypts files, it weaponises them. This gives it the ability to spread the infection to every user in a cloud environment. The ransom note is typically disguised as a notice from a law enforcement agency telling the victim that pirated software has been detected. It threatens them with imprisonment or an exorbitant fine unless they pay a smaller “first-time offender” fine.

CryptoLocker: This form of ransomware attack used a trojan to target computers running Microsoft Windows, encrypting their files. Social engineering was used to trick users into running the software, usually through an infected email attachment. Although isolated in 2014, unrelated but similarly named ransomware trojans have continued to lurk on the web.

Responding to a ransomware attack

If you find that your files are suddenly locked or you receive error messages when trying to open them, and an alarming message appears on your desktop background, it’s safe to assume that you’ve been infected. 

It might be tempting to simply give the attackers what they’re asking for, especially if it’s a sum you can easily afford to pay. But by doing so, the attackers gain the finances they need to upgrade their infrastructure and conduct increasingly sophisticated attacks. Fortunately, there are a number of ransomware removal toolkits available which will give you a fighting chance to remove the malware and ultimately decrypt your files. But it will take time and effort and there’s no guarantee of success.   

How we can help

Prevention is always better than cure, but every business should also have a contingency plan in place for this type of occurrence. We have a number of solutions that will help your business to quickly get back on its feet. 

An off-site back-up copy of your data ensures that we can restore it from before the encryption event by running an isolated removal process of the encrypted data and replacing it with the clean data. And virtual and physical server backups can ensure that your applications and software are soon fully operational again. 

We’ll help your business to identify the perfect data back-up and disaster recovery solutions for your unique requirements. Take a moment to learn more about the strengths of a disaster recovery solution from STS.

Disaster Recovery as a Solution
Resources
Disaster Recovery as a Solution
Download

In Other News