Ransomware Attacks – Yes, They Can Happen to You
We often read about ransomware attacks, and many people think we’ll never face one ourselves. “They happen to the big guys, the big companies, the people who matter. Why would we be targeted?” Right?
But that’s where we’re wrong. The days of cybercriminals targeting exclusively large organizations are long gone. Home users, small offices/home offices (SOHO), and all manner of small businesses are fair game now.
One small misstep is all it takes
Mistakes will be made. It’s inevitable. It can be as simple as clicking on a bad link in an email. It can be as innocuous as innocently visiting a malicious website. We’ve heard news stories of how ransomware paralyzed organizations, which gives the image of a complex attack chain that requires some serious planning, launched in an organization’s network.
Well, a lot of this is true. But many times, it’s not a grand scheme, but rather a user unknowingly making a simple error of judgement that results in an ransomware attack, leading to catastrophic consequences.
And, yes, a ransomware threat is closer to you than you think it is. As close as your own inbox, actually, or a compromised website.
Think of your inbox as a melting pot of the good, the bad, and the ugly. The good are emails from trusted sources, the bad are spam messages, and the ugly are the ones that you should be worried about. These are the ones that can drop malware onto your computer. A tell-tale of such a message is an attention-grabbing subject line that demands quick action. They might also be from an unknown/known sender, or replicate a trustworthy domain identity, or ask you to click blindly on a link.
The three steps of a ransomware attack, simplified
The success of a ransomware attack depends on criminals gaining access to a targeted system. This sets the stage for encrypting files on the system, and then comes the ransomware demand. While the attack pattern might differ from one ransomware variant to another, all attacks go through three stages:
- Infection
Cybercriminals use a number of ‘devious’ methodologies to access your system. The foundation of these methodologies is the attack vector. Typically, criminals are partial to phishing emails as a means of launching a ransomware attack. You will receive an email that contains a link to a malicious website that, if visited, will proceed to drop ransomware onto your system. Alternately, this mail might have an attachment integrated with a downloader functionality. You click on the link and soon, unbeknownst to you, you’ve downloaded ransomware that hides in the shadows of your system and proceeds to encrypt files.
As mentioned earlier, these vectors can differ, and sometimes it is the sheer simplicity of the attack that hides the high levels of sophistication and thinking behind it.
- Encryption
It’s fairly common knowledge what happens when gains access to your system and files. It starts encrypting files, replacing original files with encrypted versions. Ransomware is advanced malware, but within ransomware you have different levels of complexity and advancement. There is ransomware that might encrypt all files on the system, while there are others who have the capability to pick their files, and there are still other variants who will go ahead and delete the backup files.
- The Demand
Ransomware encrypts the files and then makes a ransom demand. This can happen in multiple ways. You might see a ransom note in the display background, or you might come across a text file, mentioning the ransom demand in all encrypted directories. Typically, the demand is to pay a specific amount in cryptocurrency if you want to access the encrypted files. Once you pay the ransom, the cybercriminal will – hopefully – give you necessary information that needs to be entered into a decryptor program. How do you get your hands on this decryptor program? It is your “friendly” ransomware operator who will provide you with this program. After all, they don’t want to get a bad name do they? (Statistically, getting all your files back from a ransomware attack is low, even if you you do pay the ransom.)
How can you protect yourself against ransomware?
Prevention is always better than cure. Take precautions and build necessary awareness to protect against the next ransomware attack. It’s safest to think you have a target on your back online. In this case, your system is the target. Don’t get confident that it can’t happen to you. Proceed from a point where you know your system can be targeted at any given time.
So how do you make it really difficult for criminals to snag you in a ransomware scheme?
Here are some practical and easy steps:
- The right decisions are imperative while using email. Often, in ransomware attacks, your inbox is the crime scene. This is where the action happens. Making the right inbox decisions is crucial to prevent a ransomware attack.
- Never respond to emails and text messages from unknown senders. Do not click on links on emails, and if you think the email is from a trusted source, verify and only then take action.
- If at all you need to download an application, always make sure it is from a trusted source.
- Malicious websites need to be avoided. But, how do you know a website is malicious? Simple: don’t visit websites that are the hotbed of malicious activities or are used by criminals to host malware. A good rule to live by is to avoid gambling sites, unknown gaming sites, explicit websites and others along the same lines.
- Make sure your family members are also aware of online risks and raise their levels of security awareness so that they follow cybersecurity hygiene as well. All your good work building awareness is for nothing if everyone using your machine doesn’t follow the same best practices.
- Continuous data backup of sensitive and important data is critical. If you are a victim of a ransomware attack, with a good data backup in place, you wont’ have to pay the ransom.
- Use a comprehensive antivirus solution such as Sophos Home to protect your device. You get the best of security features that help you prevent threats from infiltrating your system and are able to identify and remediate hidden threats lurking on your system.
No one is truly safe from ransomware attacks. Treat awareness as a strong preventative measure to ensure you don’t “invite” ransomware into your system.