Ransomware Virus Attack May Continue if These Steps Are Not Taken | Total Security

Ransomware attacks remain one of the most significant threats to information security. Their danger is that they affect medical institutions, banks, universities, government, and legal organizations around the world.

Prevent Ransomware Virus_Total Security

Why, despite the fact that such viruses are widely known, attacks occur almost every day and in most cases are successful? The reason is simple: cybercriminals spare no effort to modify the code and use all available means of injecting it. What for? Because it's a great way to make money fast. According to Google, cybercriminals have earned more than $ 25 million from ransomware over the past 2 years.

Evolution and Types of Ransomware Viruses.

In 2017, information about ransomware viruses began to appear on news channels around the world. In reality, such viruses are much older - the first recorded case of ransomware infection (the English term for such viruses) was recorded in 1989, that is, 28 years ago.

Naturally, since the time of the AIDS Trojan (this is the name of the first ransomware virus), such malicious programs have become more complex and diverse. Today there are 2 main types:

  • Ransomware viruses (data lockers). They contain an encryption algorithm that is applied to files on an infected computer. After infection, the user is prompted to send money to obtain a decryption key. Examples of such viruses: CryptoLocker, Locky, CryptoWall.
  • Computer locker viruses. It is these viruses that have hit the spotlight this year. Their principle of operation is that they block the operating system on the device and do not allow access to programs and files until the victim of the hack transfers a certain amount of money. This type includes viruses from the Petya and Satana families.

Other types of ransomware infect the boot sectors of hard drives, mobile devices, and even servers. Any person or organization can become their victim. Therefore, it is very important to take care of data protection and backup in advance.

How Malicious Code is Distributed

Cybercriminals are looking for a variety of ways to infect devices. If you have never been the victim of such attacks, you are seriously lucky. To ensure maximum protection, it is very important to use program behavior analysis and install any necessary updates.

Hackers always try to use the simplest methods of infection, which often depend on the user's carelessness.

  • The main methods of distributing malicious code are:
  • The Email Containing Malicious Links or Attachments;
  • Vulnerabilities in Various Programs and Operating Systems;
  • Redirecting Site Visitors to Malicious Resources;
  • Trusted Websites With Malicious Code Embedded on Them;
  • Text Messages (Sms and Instant Messengers);
  • Internet Bots;
  • Distribution From One Computer to Another Using a Portable Device or Local Area Networks.

Ransomware methods are improving every day, others are added to them, including social engineering (psychological manipulation).

Usually, infection occurs quickly and unnoticed, so the user only learns about the infection of his computer with a virus when he sees this or a similar message:

Who is the Target?

In light of recent events, we are often asked the question "who usually falls victim to scammers?"

In one word, “Everyone”: small and large businesses, ordinary users, public organizations. The potential interest in attacking your resources depends on how valuable the data on your device is, how well it is protected, how quickly you can pay the ransom, and other factors.

Which Organizations Are Most Attractive to Criminals

1. The healthcare sector, especially hospitals, are prime targets for ransomware attacks. According to a report by Verizon Data Breach Investigations, this sector accounted for 72% of all such attacks.

Reasons for vulnerability: Databases of hospitals often contain information on which hundreds of lives depend, which is what attackers use. There are known cases of medical institutions paying $ 17,000 for decryption keys.

2. Government sector. There are also attractive targets for ransomware.

Reasons for vulnerability: Criminals understand that any institutions in the public sector must function smoothly, in addition, they are financed from the budget. As a result, criminals are almost guaranteed to receive the required amounts. It is the government sector of Ukraine that has been affected by the recent Petya virus activity.

3. Educational institutions in the past were the undisputed leader in the number of ransomware attacks.

Reasons for the vulnerability: Weak protection and a large number of users who connect every day from different devices. Many of these users are young enough that social engineering is particularly effective here.

4. Legal organizations.

Reasons for vulnerability: Law firms also store their clients' personal data on unsecured computer systems and usually have sufficient funds to pay the ransom.

5. Mobile users.

A report by Kaspersky Lab notes that in the first quarter of 2017 alone, 218,625 mobile ransomware were detected on various platforms. Reasons for the vulnerability: The number of smartphones is growing steadily, and there are not many ways to protect them. Perhaps not all users will be able to pay the amounts demanded by scammers, but in this case, quantity is more important for them than quality.

Why Are Viruses So Effective?

Given the scale of the attacks, this is a natural question.

The main reason is that users - both individuals and companies - are willing to pay and pay any money so as not to lose their information. Many experts recommend refraining from making any payments to fraudsters, as money will become an additional incentive for them. There is no guarantee that your data will be restored, and a user or organization that pays once becomes a potential victim for future attacks.

There are other reasons as well, namely:

  • Development of bitcoins. Since trading in any type of cryptocurrency is still poorly regulated in many countries, and their price is quite high, criminals can receive significant amounts of money in a short period of time without the risk of being detected.
  • A large number of vulnerabilities in programs and applications. Vulnerabilities are not always detected and eliminated quickly enough, so most programs are excellent for infection.
  • Vulnerabilities in operating systems are also not uncommon. It was they who ensured the success of the 2017 attacks.
  • Another reason is the lack of data recovery tools in many companies. It is the fear of losing information that makes them pay the scammers.
  • The outdated infrastructure of many companies is the root cause of their vulnerability. Outdated hardware and programs that cannot be updated due to inconsistencies in hardware specifications - all this makes it easier for attackers.
  • Lack of basic information security knowledge among users. Viruses owe much of their success to the human factor. People still click on malicious links and install unfamiliar programs from unverified sources.
  • Lack of software to protect information. Not all companies use software to defend against attacks or rely on insufficiently effective solutions. The desire to save money on protection often ends up in such cases with even larger financial losses. As you know, "the miser pays twice."
  • An important reason is that ransomware viruses are constantly improving, exploiting new vulnerabilities, hiding better, and protecting themselves from antivirus programs.

How to Protect Yourself From Viruses: 

Not all businesses were able to recover from the 2017 attacks, and many suffered significant losses. To avoid repeating their mistakes, answer the following questions:

  • Are you using software with multi-layered proactive data protection, such as Protegent Total Security?
  • Do you back up your data regularly?
  • Do you use firewalls and filters to deny access to malicious sites?
  • Do you train employees to ensure data security?
  • Do you use corporate Wi-Fi networks?
  • Do you install regular operating system updates?
  • Do you regularly update third party software?
  • Do you restrict employees' access to information and their privileges when using corporate computers?
  • If you answered no to at least one of these questions, your company is at risk.

Comments