Ransomware is a particularly nasty type of malware that is being deployed with increased frequency over the past several months. In a ransomware attack, files are encrypted and held captive by criminals until a financial ransom is paid. The culprits often demand payment in Bitcoin, and recently the attacks have at times stolen data before performing the encryption.
In this post, we are going to look at some of the targets that have attracted the attention of hackers and discuss why the most obvious way of dealing with ransomware may not be in the best interests of the affected organization or society as a whole.
Overview of a Ransomware Attack
Ransomware attacks are mostly conducted against a specific entity rather than on random computers. Cybercriminals search for high-value targets that may be willing to meet their financial demands due to the importance of the data held for ransom. They are not particularly interested in locking up the data on your personal laptop.
There is a general pattern followed in the majority of ransomware attacks that is composed of several steps.
Target identification - The criminals behind the attack may perform research on potential victims to identify the most viable targets.
Ransomware delivery - Once a target is found, the malware needs to be delivered and installed on a network-attached machine. Popular delivery methods include phishing emails and taking advantage of lax security measures.
Triggering the attack - After the program gains access to an enterprise network, it may search for valuable data before initiating the attack. Once the target is found, its data is encrypted and the affected organization will be notified of how they can fulfill the ransom demands.
Collecting the ransom - Once their demands are met, the hope is that the criminals will provide the necessary information to decrypt the targeted data. Since the attack was perpetrated by criminals, there is a chance that they will not live up to their part of the bargain and may not ever furnish the necessary keys.
Prime Targets for Ransomware Attacks
Ransomware attacks are on the rise with security services reporting a 700% increase in the number of incidents this year. The increase has been spurred on in large part by the fear and confusion associated with the COVID-19 pandemic. Hospitals and healthcare facilities are among the targeted institutions and cannot afford anything that impacts their ability to access their data resources. Criminals are taking advantage of the critical nature of health-related data in the hope of attaining quick payment to meet their demands.
Another disturbing trend that has serious implications for the United States is the concern that the upcoming election will be hampered by ransomware attacks. Successfully attacking voting machines and software holds the potential to add more confusion and mistrust to an already problematic election. Foreign actors who are determined to sow chaos in the country are behind many of these efforts and may cause delays and contention when the country casts its votes in November.
Any organization that has valuable data resources may be targeted by ransomware gangs. Those in charge of these organizations may feel that paying the ransom and getting back to business as quickly as possible is the best course of action. While this may address their immediate concerns, the practice may be the biggest reason for the continued proliferation of ransomware.
Put That Wallet Away!
Organizations that have had data assets encrypted for ransom are put in a very difficult situation. Paying the criminals seemingly offers the quickest method of regaining access to the data, as long as the perpetrators follow through and decrypt the information after payment is made. The societal problem that accompanies this strategy is that successful ransomware attacks are an impetus for more of them to be planned and executed. Cybercriminals are in it for the money, and ransomware has become one of their tools of choice these days.
The U.S Department of Treasury’s Office of Foreign Assets Control (OFAC) has recently issued an advisory that warns organizations against paying ransomware demands. The advisory points out that payment encourages future demands and may violate OFAC regulations regarding having direct interaction with sanctioned individuals or organizations. Making a ransom payment to a blacklisted cybercriminal may violate OFAC guidelines and can result in civil and criminal penalties being enforced.
Backups Offer the Best Protection
When faced with the effects of a ransomware attack, the availability of good backups provides your best defense. A viable backup and recovery strategy that takes into account the recovery point objective (RPO) can be used to restore systems that have been impacted by ransomware. Using this method eliminates the risk of failure to decrypt the data after payment is made and should discourage the criminals from conducting further attacks on a given enterprise. It also saves the organization from paying the ransom.
SQL Safe Backup offers a reliable tool for backing up and recovering your SQL Server environment on-premises and in the cloud. It provides fast backups and saves space with dynamic compression while encrypting the data for enhanced security. Choose from multiple recovery techniques that get your systems up and running quickly in an emergency. The application allows you to manage your complete SQL Server backup environment from a single console. It provides the defensive capabilities you need to avoid falling victim to a ransomware attack.
Powered by IDERA