Avoid Ransomware: That’s why it’s best not to take any risks
Estimated reading time: 4 minutes
ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it is because the risk is too great in terms of reputation and collateral economic losses.
Researchers from IBM Security’s X-Force interviewed executives of 600 companies of all sizes and found that organizations affected by ransomware choose to pay in most cases.
Data shows that 20% of compromised organizations paid ransoms of more than $ 40,000 and 25% paid between $ 20,000 and $ 40,000. These numbers are much higher than that. that consumers typically pay, which is usually around $ 500-1,000, depending on the variant of the ransomware.
When targeting businesses, hacking groups aim to paralyze organizations by encrypting financial data , customer databases, sales data and other vital information .
Avoid ransomware – the risks of attacks
In the past year, a number of organizations have been hit by severe ransomware attacks, including hospitals, universities and others. For example, the San Francisco Municipal Transportation Authority was hit by a ransomware attack during the weekend of Thanksgiving, a very important holiday in the US. The attack paralyzed desktops within the agency and forcing officials to shut down the automatic ticket machines. Needless to say, this attack resulted in a huge loss of assets and a ransom demand.
Getting malware into public organizations isn’t as difficult as you might think, and is often done with a single email .
In their attacks on networks, cybercriminals seek out the servers that keep the business running and encrypt critical assets rather than working on enterprise-wide endpoints.
The access point is usually a phishing email with a malicious attachment, sent to the mailbox of a employee . In most cases, the attachment is a Microsoft Office document asking the victim to enable macros . Clicking the macro enable button is often a trivial matter for those uninformed users who just want to get rid of the warning at the top of the document . The malware runs as soon as the user allows the macros to run. The ransomware can also arrive through any other attachment or through exploit kits which facilitate infection without any special action on your part.
The amount of money businesses have paid to get their data back shouldn’t come as a surprise considering the alternative. As is increasingly the case, the attack doesn’t just put key the data until payment of the requested amount. The threat continues with the release of data if you do not agree to pay a second ransom. In the end two ransoms will be paid and in any case there is no certainty that the data will not be disclosed. (It is said double extortion attack).
Many organizations keep these attacks under wraps to avoid public humiliation and loss of customer confidence . Data from the IBM survey shows that 29% of executives in large corporations would pay more than $ 50,000 to retrieve financial data.
Law enforcement, including the FBI, and security experts advise ransomware victims not to pay, for a variety of reasons. First, there is no guarantee for the attacker to deliver the decryption key. Second, the ransomware’s profits help fund other cybercrime operations.
How to defend yourself to avoid ransomware
Phishing remains one of the key methods by which a ransomware attack is attempted. With the recent increase in remote working, it is imperative to reiterate the importance of being careful when opening emails and attachments . If employees are suspicious of something, they should report it.
Organizations should also make sure they have a good patching strategy and apply the latest security updates . This prevents cybercriminals from taking advantage of known vulnerabilities to distribute malware.
Regularly updating backups should be a priority , because if the worst happens and your organization falls victim to a ransomware attack, your network can be restored without paying the ransom.
SOD provides solutions for the situations listed through the SOCaaS service. You can ensure the protection of a Security Operation Center without having to invest in its initial funding .
The system controls the actions of the computers connected to the network using an artificial intelligence. As soon as a suspicious, even legitimate, action is detected, the technicians are alerted who can investigate the nature of the fact . The new generation SIEM systems and behavioral analysis via UEBA , work together to offer 360 ° security.
SOD also provides intelligent anti-ransomware backup systems via Acronis Cyber Protect Cloud . With this tool at your side, business and customer data are safe. Any attack attempt is identified and mitigated immediately, meanwhile, thanks to dynamic backups, the data is immediately restored .
Avoiding ransomware can be relatively easy – just pay attention to every operation you perform on your computers. Unfortunately, sometimes this is not enough. This is the time when having invested in a quality safety system will make a difference.
For questions or requests do not hesitate to contact us, we will be happy to answer your questions and propose a solution tailored to your needs.
- The threat of DDoS ransomware
- Procedural Security Analysis – Thank you for contacting us!
- Zombie phishing: beware of emails, it could be zombies
- Social engineering: how hackers scam their victims
- What is phishing? Understanding and identifying social engineering attacks
- Avoid Ransomware: That’s why it’s best not to take any risks
- Double extortion ransomware: What they are and how to defend yourself
- Zero-Day attack: what they are and how to defend yourself with SOCaaS
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (17)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (6)
- Web Hosting (13)
- Inside Strata's Plans to Solve the Cloud Identity Puzzle February 25, 2021Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
- Microsoft Releases Free Tool for Hunting SolarWinds Malware February 25, 2021Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017.
- North Korea's Lazarus Group Expands to Stealing Defense Secrets February 25, 2021Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
- Ransomware, Phishing Will Remain Primary Risks in 2021 February 25, 2021Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.
- Thousands of VMware Servers Exposed to Critical RCE Bug February 25, 2021Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
- 5 Key Steps Schools Can Take to Defend Against Cyber Threats February 25, 2021Educational institutions have become prime targets, but there are things they can do to stay safer.
- How to Avoid Falling Victim to a SolarWinds-Style Attack February 25, 2021A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
- Cybercriminals Target QuickBooks Databases February 24, 2021Stolen financial files then get sold on the Dark Web, researchers say.
- New APT Group Targets Airline Industry & Immigration February 24, 2021LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
- 61% of Malware Delivered via Cloud Apps: Report February 24, 2021Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
- Backdoor.Win32.DarkKomet.irv / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/a229acff4e0605ad24eaf3d9c44fdb1b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.irv Vulnerability: Insecure Permissions Description: DarkKomet.irv creates an insecure dir named "Windupdt" under c:\ drive, granting change (C) permissions to authenticated user group. Standard users can rename...
- Trojan.Win32.Pluder.o / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ee22eea131c0e00162e4ba370f396a00.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Pluder.o Vulnerability: Insecure Permissions Description: Creates an insecure dir named "z_Drivers" under c:\ drive, granting change (C) permissions to authenticated user group. Pluder.o also creates several registry key...
- Trojan.Win32.Pincav.cmfl / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/9d296ebd6b4f79457fcc61e38dcce61e.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Pincav.cmfl Vulnerability: Insecure Permissions Description: The trojan creates an insecure dir named "Windupdt" under c:\ drive, granting change (C) permissions to authenticated users group. Standard users can rename the...
- Trojan-Proxy.Win32.Daemonize.i / Remote Denial of Service February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/61bec9f22a5955e076e0d5ddf6232f3f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Daemonize.i Vulnerability: Remote Denial of Service Description: Daemonize.i listens on TCP port 5823, sending some junk packets to the trojan results in invalid pointer read leading to an access violation and […]
- Backdoor.Win32.Ketch.h / Remote Stack Buffer Overflow (SEH) February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/63c55ad21e0771c7f9ca71ec3bfcea0f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.h Vulnerability: Remote Stack Buffer Overflow (SEH) Description: Ketch makes HTTP request to port 80 for a file named script.dat, after process the server response of 1,612 bytes or more it […]
- Backdoor.Win32.Inject.tyq / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/833868d3092bea833839a6b8ec196046.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Inject.tyq Vulnerability: Insecure Permissions Description: The backdoor creates an dir named "hotfix" under c:\ drive granting change (C) permissions to the authenticated user group. Type: PE32 MD5:...
- IBM(R) Db2(R) Windows client DLL Hijacking Vulnerability(0day) February 23, 2021Posted by houjingyi on Feb 23A few months ago I disclosed Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability I found : https://seclists.org/fulldisclosure/2020/Oct/16 In that post I mentioned "I will add more details 90 days after my report or a security bulletin available". Here it comes. NOTICE : This vulnerability seems did not get […]
- CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189) February 23, 2021Posted by David Coomber on Feb 23CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189)
- [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability February 20, 2021Posted by research on Feb 19-------------------------------------------------------------- docsify
- Backdoor.Win32.Bionet.10 / Anonymous Logon February 19, 2021Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/be559307f5cd055f123a637b1135c8d3.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bionet.10 Vulnerability: Anonymous Logon Description: The backdoor listens on TCP port 12348 and allows anonymous logon credentials to be used to access an infected host. Type: PE32 MD5: be559307f5cd055f123a637b1135c8d3 Vuln ID:...
Cyber threat intelligence identify dangers before they cause damage Find threats before they become a problem… https://t.co/eoT3Mfmi7g
Analisi di Sicurezza Procedurale Verifica che le operazioni in azienda rispettino gli standard imposti per il trat… https://t.co/HYs4UsX3mP
VPN Aziendali connessioni protette sempre e dovunque Gran parte del lavoro ormai passa per la rete,la sicurezza dev… https://t.co/ZreMXSsS17
Ultimamente ci sono stati casi critici di ransomware degni di nota. L’Universita' Tor Vergata ha subito un attacco… https://t.co/oHVilx0VXx
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked… https://t.co/FQYuyKdAv6