In the last 2 years, due to the global COVID-19 pandemic, most businesses and organizations had to comply with government rules and regulations and most of their employees had to turn on remote working (Work From Home) to protect themselves and their health.
Due to the rise of remote working, cybercriminals exploited and took advantage of this situation, very quickly. They targeted multiple companies in the Health Care, Utility, Fuel Supplies, and other large sectors.
One of the most common Cyber Attacks is the Ransomware Attack, during which attackers inject malware into the Operating System. This results in encrypting the victim’s device and holding the user’s information as a hostage. All data stored on the Operating System become unusable and based on the encryption/attack of the ransomware, the victims might be able to recover their files. Most of the attackers are requesting a certain amount of cryptocurrencies or fiat currencies to provide the victims with the decryption key or the tool that will decrypt their data. But there is a catch to this. They won’t provide any decryption key or tool even if they pay them, thus all Security Vendors are instructing the victims to not proceed with any exchange with them but create Disaster Recovery Solutions to prevent this kind of event from rising again.
Attackers are using these techniques to lure the victim to distract any useful information that will make their work more efficient:
- Phishing emails (Some of them might contain malware or malicious URLs)
- Social Engineering activities
- Spam emails
- Fake landing pages that will ask for any detail
- Exploiting
Ransomware attacks were increased by 82% from 2020 to 2021 based on Crowdstrike
Below are some practices that might help you on how you can mitigate or avoid a Ransomware attack:
Cyber Awareness Training and Education: As Ransomware is spreading using phishing emails, it is important to train users that interact with the servers on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially-engineered message that encourages the user to click on a malicious link.
Continuous data backups: Automated, protected data backups enable your organization to recover from an attack with a minimum of data loss and without paying a ransom. You can maintain regular backups of data as a routine process which is a very effective practice to prevent losing data.
Patching: Patching your Operating System and software used within, is a critical component in defending against ransomware attacks as cyber-criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. The latest vulnerability was found in Log4js. Multiple systems were exposed and attacked due to unpatched software.
User Authentication: Accessing services like RDP with stolen user credentials is a favorite technique of ransomware attackers. The use of strong user authentication can make it harder for an attacker to make use of a guessed or stolen password.
In case the attack takes place and your systems are infected (file encryption) you can also try restoring your server by following the below steps :
Quarantine the Machine: Limit the spread of the malware by removing access to other potential targets.
Don’t power off your computer: Encryption of files may make a computer unstable, and powering off a computer can result in loss of volatile memory. Keep the computer on to maximize the probability of recovery.
Create a Backup: Make a copy of encrypted files on removable media in case a solution becomes available in the future or a failed decryption effort damages the files.
Check for available Decryptors: Check the No More Ransom Project to see if a free decryptor is available. If so, run it on a copy of the encrypted data to see if it can restore the files.
Wipe and Restore: Restore the machine from a clean backup or operating system installation. This ensures that the malware is completely removed from the device.
*MassiveGRIDs R1Soft Backup Services can help you create a Disaster Recovery Plan such as Ransomware as described above.