Ransomware attacks are on the rise. Here, we break down the threat so you can protect your business with the right planning, tools and training.

Key Points:

  • Ransomware has become one of the most prevalent and damaging email security threats of the past year, with all signs pointing to growth in an economy of remote workers.
  • Attackers use ransomware to encrypt sensitive information or lock devices. They then demand that companies pay them to regain control of their data and devices.
  • To avoid attacks and minimize the threat, businesses need a cyber resilience strategy that combines a layered email security system with employee training.

Ransomware attacks surged in 2020. The overnight shift to remote work left little room for companies to stress-test their IT security or properly train employees to spot potential threats in the new environment, opening the door to a wave of attacks from opportunistic cybercriminals.

Six in 10 companies suffered a ransomware attack in 2020, according to Mimecast's State of Email Security 2021 (SOES). These organizations were damaged on many levels. First, they experienced an average of six days of downtime after an attack. Second, many companies were ultimately forced to pay ransom to regain control of their IT systems and resume operations. Third, sensitive data was exposed; often it wasn't even returned when a ransom was paid.

To avoid being held hostage by cybercriminals, it is crucial to understand three things:

  • How ransomware works
  • Which are the most common forms of attack
  • How to protect your data from them

What Is Ransomware?

Ransomware is a malicious form of software used by cybercriminals to hold people or organizations ransom in exchange for payment. Attacks can come from a number of sources, but the mechanism generally takes one of two forms:

  • Crypto: As the name implies, crypto ransomware encrypts files on a target's computer or network so they are no longer accessible. Crypto attack victims must then pay their attacker to retrieve their files.
  • Locker: These ransomware attacks lock victims out of devices. Attackers then ask for a ransom in exchange for renewed access to the infected device.

Ransomware attacks are ubiquitous and spread in three ways:

  • Through malicious links or attachments in phishing emails
  • Through drive-by downloads (unintended downloads of malicious code on an infected website)
  • Through an infected USB or external hard drive

What makes ransomware so nefarious is that once cybercriminals gain access to a single computer in your business, their malware can spread, blocking and encrypting data across multiple devices and networks. The effects of a network breach can snowball quickly, handcuffing departments and entire businesses for days or weeks until they eliminate the threat or pay the requested ransom.

6 Most Common Types of Ransomware

Ransomware attacks have evolved significantly over the years as malware becomes more sophisticated and difficult to spot. Even high-tech companies have been hit by ambitious cybercriminals asking for millions of dollars in exchange for terabytes of data they had encrypted.

Here are six of the most common types of ransomware in use today:

  • Locky: Locky is a popular ransomware that spreads via email. Cybercriminals often disguise their message as an invoice that prompts users to enable macros when opened. If a target falls for the ploy, the malware will begin to encrypt their files and hold them for ransom.
  • CryLocker: CryLocker infiltrates people's computers by drawing on their personal data to create tailored ransom notes, including their name and location, social media data and system details. Victims generally have 24 hours to pay the ransom or risk being locked out of their device permanently.
  • WannaCry: One of the world's most notorious types of ransomware, WannaCry first made waves in 2017 by hitting users in 150 countries. WannaCry was initially designed to exploit a common vulnerability in Windows, which is why it spread so quickly and had such a broad impact.
  • CryptoLocker: Going back further to 2013, CryptoLocker worked by encrypting a target's files using file extensions. Cybercriminals then threatened to delete the private access keys required to retrieve the files if they didn't receive their ransom payment. While the initial CryptoLocker outbreak was shut down, a number of variants have since developed and continue to wreak havoc.
  • Cerber: While relatively new, Cerber has proven effective for cybercriminals who want to target global organizations operating in multiple countries. This is because the decryptor for Cerber variants works in up to 12 languages, turning the malware into a multi-headed beast that can attack many regions at once. High-profile Cerber attacks have recently been aimed at popular collaboration platforms, affecting millions in the past year alone.
  • Jigsaw: Jigsaw is among the more sadistic types of ransomware. It encrypts a victim's files and then begins to delete them in steps until the ransom is paid. Anyone hit by a Jigsaw attack typically has 72 hours to respond before all their files are deleted.
  • Ryuk: Initially appearing in 2018, Ryuk ransomware makes it impossible for its victims to restore encrypted files by disabling Windows' 'system restore' feature unless they have a backup. Ryuk attacks remain popular, accounting for one-third of ransomware attacks in 2020 by some accounts.[1]

Ways to Spot Ransomware Emails

For individuals, the most effective way to avoid ransomware attacks over email is to detect them before opening a message. In other words, verify the sender of every email you receive and make sure it comes from a trusted contact. Ransomware email subject lines and sender names can look similar to trusted contacts so be sure to read these carefully.

It might sound obvious, but employees should avoid opening emails or clicking on links from sources they don't trust, especially when using their work devices. Another flag to watch for are messages asking recipients to enable macros, which is a common mechanism for ransomware attacks to spread.

Security teams might notice signs of an attack at the network and device level. Typical indicators include a large batch of attempted file modifications, which occurs when ransomware tries and fails to access, encrypt or steal data, and increased CPU usage caused by the ransomware modifying data files.

How to Protect Yourself from Ransomware Attacks

Cyber resilience is a war fought on two fronts - your business's email security infrastructure and your employees' behavior. Companies with a cyber resilience strategy that combines both of these elements are less likely to be negatively affected by ransomware than those without one.

By monitoring and tracking email with the right technologies, businesses can automatically filter incoming messages and prevent suspicious emails from slipping through. These tools also make it possible to disallow risky extensions in attachments from being opened, such as executable files. Many vendors offer standalone security and backup solutions, while others like Mimecast have created multi-layered solutions combining defenses such as data protection, archiving, data recovery and business continuity measures on a single platform.

Meanwhile, companies also need a plan for how they will respond to ransomware. With attacks happening more frequently and becoming more sophisticated, it is important to have a cyber resilience strategy in place to minimize the impact of an attack. Crucially, companies should test and refine their approach ahead of time, to ensure the strength of their strategy and its response plan.

Finally, employees should be educated on best practice to spot, avoid and report ransomware threats. A complete training program includes a list of actions they should take if they come across a suspicious email or website, and pointers on which red flags indicate they are being targeted by a cybercriminal.

The Bottom Line

The threat of ransomware has never been greater, but with the right solutions and employee training, companies can stay ahead of cybercriminals. Knowing the nature of the attacks you face and developing a layered cyber resilience strategy can help head off ransomware more effectively, so you can run your business securely without missing a beat.

[1]'Ryuk Ransomware Behind One-Third of All Ransomware Attacks in 2020,' Help Net Security

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Thanks forSubscribing

You will receive an email shortly

Take me back to the article please

Attachments

  • Original document
  • Permalink

Disclaimer

Mimecast Limited published this content on 13 July 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 July 2021 12:14:03 UTC.