Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Ransomware: what is it, and why should your organization be concerned?

Businesses of all sizes can be a target for ransomware attacks. Small business owners might think a hacker will ignore their organization in favor of a larger company with more data. In fact, small businesses are the low-hanging fruit of cybercriminals everywhere. This is partly because small-to-medium business owners think “it won’t ever happen to me.”

But all it takes is one click from an employee on an infected link, and a hacker can access your network. Whether this comes from a phishing email or through another vulnerability in your system, you can quickly go from feeling like “it won’t ever happen to me” to “OK, it’s happened—now what do I do?”

The problem is so prevalent that the Federal Bureau of Investigation recently issued a Public Service Announcement regarding the increasing attacks.

What is ransomware?

Ransomware is a type of hacking attack wherein a company’s data is “held hostage” by hackers after they have successfully breached your systems. This can effectively shut down a small business until the data is recovered (in some cases, the data is gone forever, even if the ransom is paid). Many times the hackers will demand Bitcoin or another form of cryptocurrency in return for the stolen data, making it extremely hard to trace.

A famous example is the WannaCry ransomware attack, which swept the Internet in 2017. Hackers infected 200,000+ computers in over 150 countries, demanding the Bitcoin equivalent of $300 per computer they were able to infect. The havoc inflicted by this attack included shutdowns and delays at a major hospital system in the United Kingdom, as well as halting operations at a major European auto manufacture. The malware exploited a vulnerability in the Microsoft operating system, and a patch was quickly released to mitigate further spread of this attack.

Ransomware has been making recent headlines, as well, with dozens of city governments and even schools paying ransoms to get back up and running. It’s clear that ransomware will continue to be a problem—because it works. Every time a ransom is paid, it’s more encouragement for other would-be attackers.

Book Your Demo

Ransomware attackers need to break into your systems

Before a hacker can lock your systems down and demand a ransom, they have to find a way to break in. Methods include the usual suspects: Trojans/malware which have been downloaded by unsuspecting users, phishing emails, visiting an infected website, or finding a vulnerability within the network. Sophisticated attacks like WannaCry can get in without the need for anyone to click a link or download an attachment.

Once the ransomware has been successfully installed in a user’s system and “infects” the computer, an on-screen alert will display stating that the system has been locked and the files on the user’s computer are now encrypted. The user is instructed to pay a ransom to receive the files back, and usually within a tight timeline of 24-48 hours.

Why not just pay the ransom?

If you’re running the risk of needing to halt operations at your business, you undoubtedly want to fix the situation as quickly as possible. It may seem like the logical way to do this is just to pay the ransom and get your system access back.

However, hackers know that where there’s one payday, there may be another. If you pay, you’re essentially letting hackers know that your organization is fair game. The ransomware itself might leave a “backdoor” into your system so the same cybercriminal you paid can come in again and shut you down a second time. There is also the concern that, even if you get your data back, hackers may have made a copy that they can turn around and sell or use for their own malicious deeds.

Will you get your systems back if you pay? Maybe. Believe it or not, hackers have a reputation to uphold. If the hacking community learns that an individual was paid a ransom and didn’t release the encrypted files, this may be a negative mark on their “street cred.”

Binary Defense Co-Founder & CTO David Kennedy on Uber Paying Ransom to Hackers (H3)

The best thing to do in a ransomware situation is get the authorities involved. Even if the ransomware message from the hacker specifically states to NOT call the police, you need to bring in experts who have experience in dealing with situations like this. Get them involved early, before you are too far along in the process and have left yourself with no choice but to pay. In some cases, the authorities may instruct you to pay the ransom, if they feel that is the best path forward. But, don’t go it alone; thinking you’re going to outsmart a hacker is a gamble at best.

An ounce of prevention is worth a pound of cure

How can you prevent ransomware from wreaking havoc in your organization?

Employee education is a great first line of defense. Train staff to look for red flags such as suspicious sender email addresses, typos in the message body, and unexpected attachments. While this won’t prevent 100% of the attacks, it may help mitigate some of them.

Antivirus software can detect known methods of attacks, and it’s great at its job. However, the newer, more sophisticated malware can move past antivirus without sounding an alarm. It’s clear that antivirus protection alone is no longer enough to protect users’ computers. Keeping it up-to-date, however, will definitely help. Make sure you are installing the latest security patches for your antivirus software.

A team of cybersecurity experts can monitor for newer threats that antivirus software isn’t programmed to catch. SOC-as-a-Service is a fully managed approach to defending an organization against threats like ransomware. A Security Operations Center (SOC) is a team of dedicated cybersecurity personnel, trained in the latest cyber threats, including those that antivirus doesn’t catch. With a human-driven, technology-assisted approach, SOC-as-a-Service provides businesses of all sizes with the 24/7/365 coverage against cyberattacks. Yes, even small businesses! This is a cost-effective method of keeping your business secure.

Software such as endpoint detection & response (EDR) can help monitor your employees’ computers for suspicious activity. This software works for businesses of any size, as well, and goes hand-in-hand with the SOC.

Being proactive is key. The last thing you want to do is wait until ransomware hits your business. Be prepared by putting cybersecurity measures in place. Don’t be the next victim of a ransomware attack!