Ransomware and malware threats

In the age of digitalization, billions of people worldwide use the Internet, and the trend is rising. As the number for both companies and private users increases, so does the risk of viruses, Trojans and co. While the number of robberies at banks, for example, is declining, cybercrime is increasing rapidly. It has become more lucrative for hackers or cybercriminals to inflict damage and extort money from companies and individual users from the comfort of their own four walls. Well-known companies such as Canon, Kaseya and many others have already been victims of a hacker attack. Therefore, it is more important than ever for companies to protect their IT infrastructure and take appropriate measures to make it as difficult as possible for cybercriminals.

What is malware?

Malware refers to different types of malicious software:

  • Viruses: The aim of viruses is to damage the affected company systems to such an extent that, in the worst case, they fail completely and can no longer be used. Among other things, viruses destroy or manipulate valuable company data. For example, the entire hard disk can be formatted or destroyed by viruses.

  • Spyware: This malware spies on the affected devices. This affects (highly) sensitive company data such as passwords, user names, etc.

  • Trojans: Like the famous Trojan horse, Trojans infiltrate the relevant devices surreptitiously. This happens unnoticed and only turns out to be a threat after the malware has been installed. Through a Trojan, hackers are able to gain access to the affected systems and thus also to the data.

  • Worm: A computer worm is similar to a virus. What is special about a computer worm is that it spreads independently to other devices without the intervention of the affected user. For the most part, it does not attack programs, but spreads to storage media such as hard disks and causes damage there. In this way, a worm can spread rapidly in a corporate network and cause a great deal of damage.

     

What is ransomware?

Ransomware belongs to the malware family and is becoming increasingly popular among hackers due to its good camouflage properties. Specifically, ransomware is extortion software that locks the device and asks the user to pay a ransom so that the device (for example, a computer) can be unlocked again. This makes ransomware a particularly treacherous threat in terms of cybercrime. Ransomware encrypts the data on the device. Without the corresponding key, for which cybercriminals usually demand a ransom, the data can no longer be decrypted. It is important to know that the criminals are not interested in directly capturing confidential information during a ransomware attack. The criminals are interested in making it impossible to access data that is useful for users. The cybercriminals focus on how important the data to which they no longer have access is to the victim.

Virus icon on blue background

 

How does ransomware infiltrate one's device?

There are several types of ransomware, two main types are:

  • Locker-ransomware: this type blocks necessary computer functions. For instance, access to the desktop can be denied. Only the window with the ransom note remains functional. With locker-ransomware, it is rather unlikely that the system's data will be completely destroyed.

  • Crypto-ransomware: this is used to encrypt important data, such as documents. Unlike the locker-ransomware, the necessary computer functions continue to work. The data is still visible, but users can no longer access it. Often, the criminals include a countdown until which a ransom must be paid.

Well-known ransomware include Locky, WannaCry, Bad Rabbit, Ryuk and many more. Among other things, the malicious malware can be found in email attachments, on manipulated websites, in supposedly harmless downloads or in advertisements. Insecure or unprotected WLAN networks are also an ideal gateway for ransomware. It can thus get onto the user's own device, either intentionally or unintentionally.

 

Danger of ransomware increases rapidly

According to the German “Bundesamt für Sicherheit in der Informationstechnik (BSI)“, ransomware attacks are on the rise. Companies are also increasingly affected by ransomware attacks. For example, it was the hacker group "REvil" that attacked hundreds of companies with ransomware in the recent past, thus blocking access to their data. The starting point of this attack was the American IT provider "Kaseya". Since many customers were networked with this IT service provider, numerous companies were affected by the attack. In May 2017, one of the largest ransomware attacks to date struck. The WannaCry malware program encrypted data in over 150 countries worldwide in just a few days. It is estimated that several million computers were affected by the attack, including more than 200,000 Windows computers. WannaCry was a worm that spread on its own to numerous Windows computers without the user's knowledge. WannaCry exploited a security gap in the Windows system. The well-known camera and printer manufacturer Canon also fell victim to a ransomware attack. The hacker group "Maze" encrypted important data such as photos, documents and databases. The hacker group only wanted to release the data again for a ransom. The damage for companies affected by ransomware attacks is high. Internal company data is at risk of being made available to the public, and thus also to competitors.

 

This prevention helps against malware infestation

To prevent infection by malware as well as ransomware, the following tips can help:

 

  • Regular updates of the operating system and the software used on the device.
  • Use of antivirus software. This should always be kept up to date.
  • Regular backups of existing data. If possible, independent data carriers such as external hard drives and storage systems (e.g. DAS, SAN and NAS systems) should be used.
  • If a ransomware infection has occurred, decryption tools will help to decrypt the affected data.
  • Do not open email attachments from unknown senders.
  • Do not visit dubious websites.
  • Do not click on links in emails from unknown senders.
  • Effective firewalls also help to successfully fend off malware attacks (and thus ransomware attacks as well).

 

However, there are also fake emails from well-known senders, such as Amazon, Telekom or PayPal. These look confusingly similar to the emails from the real senders. In case of doubt, contact the company and ask whether the email actually originates from this company.

Companies need to protect their IT infrastructure and take appropriate measures to better protect themselves against malware. IT security should not be a marginal topic that is dealt with exclusively by the IT specialists in the company. It is more effective to make employees aware of this issue.

Keyboard with orange enter key

 

What can companies do in concrete terms? Here are a few more tips:

  • The network infrastructure should be adequately protected. This includes, among other things, sealing off the network (using an efficient firewall solution), separating networks, and dividing the network into different areas. By dividing the network into different areas, devices with a high security risk and devices with a low security risk can be isolated from each other. This makes it impossible for these devices to exchange data with each other. This reduces the risk of infestation throughout the network.
  • Restrict user access rights at the network or computer level. This is done in the form of appropriate read and write permissions of the users of the network.
  • Allow only specific, permitted software to be used on company computers.
  • Inform employees at regular intervals about the topic of cyber security and provide them with rules of conduct for their daily work on the company computer.

Effective firewalls and security solutions for successfully defending against such attacks you can find here.