Question

what are the trends in ransomware ?, how it is deployed, who gets attacked, and whether victims get access to their (decrypted) data. Provide a short list of recommendations for small businesses to prevent or deal with ransomware.

Answer 1

A. What are the trends in ransomware?

Following are few ransomware trends:

• Publication of victim files— This has already happened that cybercriminals have threatened victims to publish thieir files if ransom is not paid. This can extend and attackers can extort thier victim in fifferent ways.
• The “ransomware as a service”(RaaS) market can flourish — Many underexperiences attackers and cybercriminals are offering RaaS. Underground forums are filled with ransomware ads.
• Role of courts in driving behaviour of criminals and victims — As ransom amount keeps increasing, Victims will be provided more incentive for reachinf out to the courts inorder to recover thier funds and stop ransomware attackers from publishing victims personal information.
• Advanced Persistent Threat (APT): These are specially designed personalized attacks in order to bypass or break down the current safeguards. Cybercriminals will invest in such approachs and use them to destroy the safeguards like backing up of data to the cloud.

B. How it is deployed?

First phase of a ransomware attack is the installing components that can be used to infect victim’s system. Following are some ways through which the files used as part of the attack are downloaded on the victim’s system:

1. Drive-by download: automatically download malware or spyware without the user’s knowledge.

2. Strategic web compromise or watering-hole attack: Here the attackers collects strategic information which is used to enter victims’ organization. The information gathered can be in the form of trusted websites usually visited by their target. Then Attackers insert a malware into such sites and when target visits the site, the malware make use of any vulnerabilities in the system to gain control and access.

3. Phishing emails: Spam emails are sent in this attack. These emails might contain links or attachments to malicious websites.

4. Exploiting vulnerabilities in Internet-accessible systems: Makes use of methods like Network scanning for finding vulnerabilities.

C. Who gets attacked, and whether victims get access to their (decrypted) data.

Following are four target groups of ransomwares:

• Universities: This is a potential target because they have a lot of file sharing and less security. They are perceived to have a smaller security team.
• Banks, government agencies, medical facilities etc.: They fall under the target category which can pay quickly. This is because they require immediate access to their files.
• Law firms: because these hold sensitive and critical data.
• Businesses in the Western markets: targeting these types of corporates can lead to bigger ransom. Western markets have greater wealth, and many uses personal computers.

Ransomware encrypts files present on victim's system. In order gain access or decrypt the data, the attacker demands a ransom from the victim. Victim is instructed on how to pay the ransom to get the decryption key.

D. Provide a short list of recommendations for small businesses to prevent or deal with ransomware.

Following are some recommendations for small businesses to prevent ransomware:

1. Avoid providing personal information in emails, over phone calls or messages. This is because attackers try to trick employees into installing malware on their machines or gain information. Inform IT department of your organization in case you get such suspicious calls. Attackers gather information through social media too. Organization should have a strict social media policy to limit work-related information from being uploaded on social media.
2. Don’t pay the ransom because if you pay the ransom, it’s not guaranteed that you will regain access to your data. And only thing it will do is encourage and fund the attackers.
3. Invest in a good antivirus and firewall and keep your security software up to date with relevant patches. This will protect you from some ransomware attacks which use old versions software’s.
4. Backup your data every day. Impacted files can be recovered from backup copy.
5. Scanning and filtering of inbound e-mails should be done and block attachments that appear to be threat.