AXEL Network Products:

AXEL GO - share and store files securely.

LetMeSee - photo sharing app.

  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

AXEL.org

  • Network
  • Technology
  • Applications
  • Blog
  • About
    • Team
    • Press
    • Careers
    • Patents
  • Contact Us
  • Login
    • AXEL Go
    • AXEL Cloud

October 7, 2020

Ransomware: Give us back our files!

Ransomware: Give us back our files!

Ransomware attacks are on the rise. By 2021 they’re expected to cost companies over $20 billion per year[1]. With that kind of money at stake, it becomes evident that prevention is crucial. Let’s look into some background on ransomware and what companies can do to prevent catastrophic hacks.

What is ransomware?

Ransomware is a type of malware that has gained popularity over the past five years. The general progression of a ransomware attack goes like this:

  1. The targeted computer network is delivered a malicious payload. The majority of the time, this means an employee falls for a phishing scam, clicks a bad link, and accidentally opens access to the system.
  2. The computer virus maps out the connected drives (both local and networked) and encrypts data as it goes. Depending on the strain of malware, the infected computers may transmit the encrypted data back to the hackers.
  3. The hackers contact the company to inform them about their misdeeds and demand a ransom to unlock the files. Usually, this is on a strict time limit, and the demand increases if not met promptly. If the bad actors stole the data and not just encrypted it, they also threaten to leak or sell it on the Dark Web when no payment is received.

The encryption used in ransomware attacks is practically impossible to brute force crack. If there are no backups, or the organization doesn’t want the information leaked and sold, favorable response options are limited.

Common types of ransomware in 2020

There are many different flavors of ransomware, and all of them are disgusting. But, the most popular versions in 2020 include:

Sodinokibi. Also known as REvil, this malware comprised up to 29% of ransomware attacks this year[2]. It is thought to be a ransomware-as-a-service (RaaS) package that different affiliated hacker groups purchase. These groups focus on U.S. businesses and have demanded ransoms of up to $42 million. Analysts estimate this virus has generated approximately $81 million in profit through September.

Maze. Here’s another RaaS. Maze made up 12% of ransomware attacks so far this year. It incorporates similar tactics to Sodinokibi but, starting recently, is known to utilize a program called the Buer Loader. The Buer loader is especially insidious. Once installed on the target network, it can execute additional malicious payloads while establishing persistence in the system. This means that while the infected computers remained attached to the network, that entire system is compromised.

EKANS. Let EKANS slither into your network, and you’re in for an awful time. Discovered in late 2019, it’s involved in 6% of ransomware attacks in 2020. It’s unique in that it can terminate critical processes, including some Industrial Control System (ICS) functions. This makes it very dangerous to industrial organizations that rely on automation.

Ways to prevent attacks

The best way to protect yourself from ransomware is to build a strong defense plan against it. Doing so puts you well ahead of most companies, as a recent survey concludes 77% of IT professionals feel their organizations don’t have consistent response plans[3]. Here are our top six tips:

Maintain current offline backups. It may be a pain to set up redundant backup file storage, but it’s well worth the effort to prevent a successful ransomware attack. You should back up your important files regularly to offline hard disks. This allows you to wipe infected systems and reload your sensitive information back onto the clean drives. This alone offers full protection against many attacks, although if the hackers obtained the data for themselves and threaten to sell it online, you still have problems.

Implement quarterly phishing training. As previously stated, phishing is responsible for the majority of data breaches. It’s doubtful you will prevent all phishing, but providing the proper training will help. Employees should take mandatory quarterly classes that inform them about new phishing techniques and how to spot fraudulent communications.

Test the system to find weaknesses. We recommend frequent penetration tests from internal or third-party experts. Consider penetration testers ethical hackers. They will poke and prod your network to expose vulnerabilities. Once they are known, your company can fix the issues and solidify your defenses against the unethical hackers out there.

Monitor file systems and mail servers to pinpoint suspicious activity. With recent advances in AI solutions, monitoring network traffic is easier than ever. Block unknown or suspicious connections immediately. You can always unblock connections after they are confirmed safe. Email is the primary attack vector for phishing, so ensure that you monitor it sufficiently as well.

Use up-to-date, patched antivirus software. Antivirus programs are critical defenses against ransomware, but you should update them frequently to their current versions. Hackers continuously attempt to find new exploits that can go undetected by older software. They also develop new ransomware to evade antivirus programs. Be as safe as possible by keeping things patched.

Do not pay ransoms. This advice may not seem preventative, but it is in the longer term. If you ever do get attacked, we recommend not paying the ransom unless absolutely necessary. Paying criminals will put a bigger target on you for other cyber thieves in the future. Furthermore, if businesses worldwide stopped paying altogether, the market would dry up, and the malicious actors would have no incentive to keep trying. We understand that not all circumstances are created equal, but as a general rule, you should not negotiate with crooks. Can you even trust them to do what they say they’ll do after you pay the ransom? Think about it.

What to do if successfully attacked

Nobody wants to boot up their computer to find a ransom demand. However, there are steps you should take if you ever find yourself in this unenviable position, such as:

Isolate infected computers. Figure out which machines have encrypted data and decipher their network connections. Then, disconnect the affected computers as soon as possible. Many ransomwares attempt to connect to peripheral networks, so you want to quarantine them quickly.

Identify the type of ransomware. Hopefully, the malware is known and documented. If it’s older, someone may have leaked the decryption keys online. In these lucky cases, you can decrypt your data within paying a dime. Even if that isn’t the situation, you still want to know exactly which ransomware is infecting your system.

Talk to law enforcement. Contact your local authorities, or if it’s a more considerable ransom, federal law enforcement. Federal agencies especially may have access to common decryption keys and can give more information about the perpetrators’ tactics.

Wipe infected drives and install recent backup data or recover data from damaged drives. Organizations with reliable backups should wipe the compromised drives and reinstall their most current data. Those without backups may have to use specialized IT firms to recover information from damaged and cleaned drives.

Conclusion

To protect your company from ransomware, you need to have robust security and threat response strategies. New file storage solutions like AXEL Go should play a part as well. AXEL Go uses the decentralized AXEL Network to store and transfer files. Instead of holding data on a central server farm, the information gets spread around a vast collection of network participants (Masternodes). This results in data storage without a single point of failure. Even if a particular server gets compromised, your data has redundant backups throughout the world. It makes for a much more secure way to store sensitive information. Visit axelgo.app to learn more about this exciting technology.

[1] Steve Morgan, “Global Cybersecurity Spending Prediected To Exceed $1 Trillion From 2017-2021”, Cybercrime Magazine, June 10, 2019, https://cybersecurityventures.com/cybersecurity-market-report/

[2] Camille Singleton, Christopher Kieer, Ole Villadsen, “Ransomware 2020: Attack Trends Affecting Organizations Worldwide”, Security Intelligence, Sept. 28, 2020, https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/

[3] “IBM Study: More Than Half of Organizations with Cybersecurity Incident Response Plans Fail to Test Them”, IBM News Room, April 11, 2019, https://newsroom.ibm.com/2019-04-11-IBM-Study-More-Than-Half-of-Organizations-with-Cybersecurity-Incident-Response-Plans-Fail-to-Test-Them

  • Share on Twitter Share on Twitter
  • Share on Facebook Share on Facebook

Filed Under: Cybersecurity Tagged With: cybersecurity, hackers, hacks, malware, ransomware

Primary Sidebar

Recent Posts

  • AXEL News Update
  • AXEL Events
  • Biggest Hacks of 2022 (Part 2)
  • Biggest Hacks of 2022 (Part 1)
  • The State of Government Cybersecurity 2022
  • Privacy for the Future
  • File Sharing 101: How to Easily Share Large Files
  • Web3 Beyond Crypto
  • Your Privacy and The Internet of Things
  • Personal Vehicle Telematics and Privacy Oversights
  • Why IPFS is the Future of Internet Storage Systems
  • Protecting the workplace from Day 1 Exploits
  • How User Experience Impacts Cyber Security
  • Protecting your Privacy With End-to-End Encryption
  • Devastating Hospital Hacks
  • The Dangers of Leftover Attachments
  • How Secure Are Your Apps, really?
  • ABA GPsolo Roundtable Roundup
  • Our Continued Loss of Privacy
  • Casting a Shadow of Protection
  • Why Digital Sharding is the Future of File Storage
  • The Practical Applications of Web3
  • Archival With the Future in Mind
  • IPFS: Securing Our Privacy Future
  • What Do We Do About Social Engineering?
  • Five Simple Security Tricks
  • IPFS: The InterPlanetary Solution to Small Business Problems 
  • Schools: Our Cybersecurity Blindspot

Recent Comments

  • Anonymous on Five Simple Security Tricks

Footer

Sitemap
© Copyright 2023 Axel ®. All Rights Reserved.
Terms & Policies
  • Telegram
  • Facebook
  • Twitter
  • YouTube
  • Reddit
  • LinkedIn
  • Instagram
  • Discord
  • GitHub