What is ransomware and what could it do to you?

Hacking is a business, and like any business, it is focused on finding innovative ways to generate profits. It continuously improves its products and services, and it is always expanding its database of ‘clients’, ‘suppliers’ and ‘partners’. The ransomware arm of the business has proven to be particularly lucrative, and businesses of all sizes, across all countries, are under threat from increasingly aggressive ransomware attacks.

What is ransomware

Ransomware is a type of malicious software that cyber criminals use to extort money from people. It is one of the most widespread and damaging threats that internet users face. Attacks on big businesses are increasingly making headlines, but there are many more attacks on small businesses that the media doesn’t pick up on. In a typical attack, hackers try to gain access to your computer in order to execute software that locks up your important files, photos and other data. They hold your information hostage and demand ransom money before they will unlock it. Since the first appearance of ransomware in 2013, hackers have become more and more fearless, with some now demanding millions.

Examples of ransomware attacks

The most recent attack to make the headlines in New Zealand was the Waikato District Health Board. As we write this article, four weeks on, they are still nowhere near being fully operational again. Even once IT is fully restored, the long tail clean-up will take many months more, and the full effect of the attack is yet to be seen. For example, in October 2020, a Finnish psychotherapy clinic suffered a year-long breach. In addition to a decent ransom demanded from the clinic, hackers demanded smaller ransoms from their patients, threatening to publish their therapist session notes if they didn’t pay up. It may be tempting to pay the ransom to get your business data restored, especially if the ransom demand is small, as it’s near impossible to operate a business without access to its data and files. Attacks cause massive disruption, and small businesses in particular can struggle to survive. But as a Massachusetts hospital discovered, you can’t trust hackers. They paid the ransom only for the hackers to lock down the files again and demand a second ransom.

Why ransomware attacks are successful

There are many reasons why ransomware attacks are successful.
  • Cheap hacking kits make it simple for less-tech-savvy criminals to perform successful ransomware attacks.
  • Lack of security training with staff can see them help the hacker get in. Staff need to know which emails and documents they should open, how to recognise a phishing email, and what to do if something looks malicious.
  • Staff are given higher user permissions than necessary, giving them greater access and rights to make changes to hardware, software and apps. When a hacker gets in to their computer, they are able to do more damage thanks to their high user permissions.
  • Staff, especially remote workers, may have legitimate remote access gateways to their computers such as Microsoft Remote Desktop Protocol (RDP). This is a handy tool for businesses to allow staff to use their remote machines as if they were working on it locally, but it is also another potential gateway for a hacker to get into a company’s internal network.
  • Criminals hack and poison legitimate websites which downloads ransomware files to your computer without you knowing.
  • Malicious emails often look indistinguishable from genuine ones, being grammatically correct with no spelling mistakes and written in a way that is relevant to you and your business.
  • Hackers use security bugs in popular applications, including Microsoft Office and your browser.

The two main reasons

But the good news is that the two main reasons that ransomware attacks are so successful are the two easiest ones to fix:
  1. Too many people still use poor passwords. Too many passwords are easy for a hacker with a little persistence to guess, and many people still use the same or similar passwords across multiple logins.
  2. And, many small businesses don’t have proper IT security in place. There are lots of reasons a small business doesn’t; from believing that attacks only happen to the big guys, to thinking that they can do it themselves, or that having anti-virus software is enough. But usually it simply because they don’t understand that it’s no longer a matter of ‘if’ they’ll be attacked, it’s a matter of ‘when’, and paying money for proper security feels like they are paying for ‘nothing’.
Of course, if they don’t have proper security in place, they’ll certainly organise it after their first attack! Assuming their business is still standing, of course. It’s a sad reality that some small businesses don’t survive a cyber attack.

How hackers execute the software

Two popular tactics for gaining access to your machine involve trying to trick you into interacting with a malicious attachment sent to your via email, or trying to get you to click on a link that sends you to a poisoned website. Anti-ransomware technology can often block such attacks, and strong passwords can often block the hacker from getting in to your software and apps, but it’s still important that you don’t invite ransomware laced files onto your machine in the first place.

Tips to protect yourself against ransomware attacks

  1. Patch early and patch often. Updating software as soon as updates are available leaves less holes for a hacker to exploit.
  2. Enable file extensions. Default settings often have file extensions disabled. Enabling extensions makes it easier to spot file types you wouldn’t normally receive.
  3. Don’t enable macros in documents received via email. A lot of infections rely on you turning these on.
  4. Open JavaScript (.JS) files in Notepad. Notepad blocks it from running any malicious scripts and allows you to look at the file contents without risk.
  5. Only give administrator rights to those who need them, and train those staff to stay logged in for only as long as is needed, and avoid browsing, opening documents or doing any other normal work activities while they are logged in with administrator rights.
  6. Don’t open unsolicited attachments. If in any doubt whatsoever, don’t open it.
  7. Use two-factor authentication across everything.
  8. Ensure remote users accessing RDP use a VPN.
  9. Use strong passwords. Being able to spot attacks won’t mean much if you’re not using strong passwords. Criminals won’t have to try to trick you at all if they can just log straight in to your accounts! Having strong, unique passwords is a simple yet extremely important protection tool. Weak, predictable passwords basically just hand hackers access to your data on a plate.
  10. Back up, back up, back up. If they do get through all of your layers of security, your backups are what will save your business. Online and off-line backups are recommended, and encrypting backups keeps data safer.
  11. And of course, have proper, professional anti-ransomware in place.

Disaster recovery plan

As an aside, make sure you have a disaster recovery plan. Even with the best cyber security software, training and processes in place, hackers may still get through and there are things about data loss no one tells you. Their ‘job’ is not just to perform the attacks but also to keep improving their software and methods of attack. If the worse does happen, you must know where to get your backed up data, your passwords, and how to restore your data and systems, quickly.

The IT Partners are your cyber security partners. Call us on 027 497 4053 for a no-obligation chat, or email us for more information, any time.