Ransomware Survival Guide: Removing, Recovering, and Fortifying Against Future Threats

The digital world is as complex as the real world. It offers virtually unlimited possibilities, and it comes as no surprise that businesses thrive in it. Unfortunately, where there is success, there will also be malicious personalities who want a piece of someone else’s pie. In this environment, ransomware emerged as one of the most widespread and financially damaging tools for cyberattacks. This disruptive force not only paralyzes operations but also demands a ransom for the release of critical data. Many fall victim to it, and others would keep the cyberattacks under wraps to protect their brand.

Fortunately, solutions exist. The best ways to face ransomware attacks are through knowledge, mitigation, and prevention. Let’s discuss these three key points further.

Ransomware and How it Spreads

Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in order to decrypt them. It is one of the most common and costly types of cyberattacks.

There are many different ways that ransomware can spread, but the most common ones include:

• Phishing emails: This is the most common way that ransomware is sent out. Phishing emails are emails that seem to be from a trusted source, such as a bank or government agency. The emails often contain malicious attachments or links that, when clicked, will download the ransomware onto the victim’s computer.
• Malvertising: Malvertising is a type of online advertising that is used to deliver malware. Malvertising ads usually show up on legitimate websites, but malware infected them. When a victim clicks on the ad, the computer downloads the malware.
• Drive-by downloads: Drive-by downloads are a type of attack where malware is automatically downloaded onto a victim’s computer when they visit a tampered website. Drive-by downloads usually exploit weak points in web browsers or other software.
• Remote desktop protocol (RDP): RDP is a technology that allows users to connect to and control a remote computer. Ransomware attackers can exploit RDP weak points to gain access to a victim’s computer and then inject ransomware.
• Infected removable devices: Ransomware can also be spread through infected removable devices, such as USB drives or external hard drives. When a victim connects an infected removable device to their computer, the ransomware automatically copies onto the computer.

The Effect of Ransomware

Once ransomware infects a system or device, it will encrypt the victim’s files. The encryption process is normally very fast, and the victim may not even notice that their files have been encrypted until they try to open them. The ransomware will then show a ransom note that demands a payment in order to decrypt the files. The ransom note will often include instructions on how to pay the ransom.

Cryptocurrencies, such as Bitcoin or Monero, are the payment methods of choice for ransomware. This makes it difficult for law enforcement to track down the ransomware attackers.

The Cost of a Ransomware Attack

Indigo Books & Music, a major retailer, recently experienced the devastating impact of a ransomware attack, leading to significant financial losses and disruption of operations. To clarify, the incident temporarily took down the company’s e-commerce platform, leaving it unable to process payments in retail stores for three days, and the website was offline for about a month.

In the aftermath, Indigo revealed a significant loss of $42.5 million in the most recent quarter, which was $19 million more than the same period the previous year. The retailer pinned the majority of this expanded loss to the cyberattack. Despite the financial blow, Indigo took a firm stance against paying a ransom to the criminals responsible for using the LockBit software to break into their network. Their refusal was based on concerns that such payments could end up supporting terrorism or other sanctioned activities.

A recent report from the highly regarded law firm Blakes sheds light on the broader landscape of ransomware attacks in Canada. According to the report’s findings in the fourth edition of their annual cybersecurity trends analysis, a rising number of Canadian companies hit by ransomware attacks have chosen to pay the ransom demands. In 2022, approximately two-thirds of the targeted firms ultimately gave in to the attackers’ demands, showing a notable increase from 56 per cent in 2021.

The ransom amounts demanded by hackers have also risen in recent years. The median ransom paid by victimized companies rose drastically from $100,000 two years prior to a ridiculous $546,000 in 2022. This noticeable rise suggests that cybercriminals have become increasingly sophisticated in their attack strategies.

Handling a Ransomware Attack

Ransomware attacks vary in scale but most, if not all, disrupt operations and aim to extort. Here are some tips on what to do should you or your business encounter a ransomware attack:

1. Stay calm – losing your cool is a natural response, however, it can prevent you from properly addressing the situation. Document the ransom note by taking a photo of it for evidence.
2. Don’t give in – never ever give in and pay the ransom. You’ll never know what you’re funding and there is no guarantee that you’ll ever get the decryption key. You may end up losing more and open yourself up to the possibility of added extortion. If you do opt to pay the ransomware, please employ the services of a cybersecurity company, such as IPV Network, to act as a middleman.
3. Identify and isolate the threat – once you have identified the ransomware attack, immediately isolate the affected computer/device/system, and disconnect it from the network. Do not run any backups to prevent the ransomware from infecting your other system.
4. Change your critical passwords – it is difficult to instantly tell what a ransomware does behind the scenes. Some kinds steal passwords and it is best to immediately change your passwords for critical items particularly online accounts related to banking, email, and cloud storage.
5. Use decryption tools – cybersecurity has advanced over the years and most cybersecurity companies have researched and developed tools to battle known ransomware. One such website that provides resources to combat ransomware is No More Ransom.

Recovering from a Ransomware Attack

After handling a ransomware attack, the next step is to recover from it. Here are steps to help you and your company can do that.

1. Scan Backups – this is to guarantee that your backup is not infected and there is no risk for the ransomware to spread again. If you have no backup, we recommend employing professionals to look into the situation and see if there is a possibility of saving your files.
2. Address the infection – drives or devices that have been infected may be recovered by using anti-malware tools. The best approach would always be to wipe these devices clean and reinstall their systems with a known clean installation file.
3. Restore your files – after double-checking that all infections have been addressed, the next step is to restore your files from your backups and reconnect your network.
4. Report the incident – you owe it to your business and your customers to report the attack, no matter how hard it may seem. Reporting the incident to stakeholders, clients, and governing regulators is also recommended. This allows steps to be taken to prevent such attacks from happening again.

Preventing Future Attacks

There are a number of things that organizations can do to protect themselves from ransomware attacks, including:

1. Partner with a trusted Cybersecurity Company: Forming a lasting relationship with a trusted and reliable cybersecurity provider is an investment worth taking. It assures you and your business that experts are constantly protecting your welfare against cyber threats and providing cybersecurity advisory services.
2. Educating employees about phishing emails: Training employees to be aware of phishing emails and not to click on links or open attachments in emails from unknown senders is critical.
3. Keeping software up to date: Software updates often include security patches that can help to protect against ransomware attacks.
4. Using a firewall and antivirus software: A firewall can help block malicious traffic from reaching a computer, and an antivirus software can help to detect and remove malware.
5. Backing up data regularly: Regularly backing up data will help to minimize the damage caused by a ransomware attack.

By following these tips, organizations can protect themselves from ransomware attacks.

About IPV Network
Since 2016, IPV Network has been a trusted partner of leading enterprises in the Philippines. It brings the best-of-breed cybersecurity solutions. IPV network helps businesses identify, protect, detect, respond, and recover from cyber threats. Email us at [email protected] or call (02) 8564 0626 to get your FREE cybersecurity posture assessment!

Sources:
https://www.cyber.gov.au/ransomware/what-to-do 
https://www.thestar.com/business/2023/07/04/the-high-cost-of-cyber-attacks-report-finds-most-firms-hit-by-ransomware-pay-up-and-the-price-has-risen-dramatically.html 
https://www.emsisoft.com/en/blog/36921/8-critical-steps-to-take-after-a-ransomware-attack-ransomware-response-guide-for-businesses/ 
https://www.dsolutionsgroup.com/how-should-companies-handle-a-ransomware-attack/ 
https://www.makeuseof.com/ransomware-attack-steps-to-take/ 
https://www.nomoreransom.org/en/decryption-tools.html