Ransomware is everywhere. Every industry has been impacted by this menace of the digital twenty first century. Cyber Warfare is happening right in front of our eyes on a monumental scale with no signs of easing up. Large profits and lack of prosecution means the perpetrators will be around for the foreseeable future. But how does a Ransomware attack work? The scenario below broadly describes the steps of a successful Ransomware attack that leads to a Ransom note appearing on your screen.
Your machine is compromised when you click a malicious link. A common example would be clicking a suspicious link or attachment in an email. The cyber-criminal’s code is then downloaded onto your machine. By incorporating advanced stealth tactics it can evade Anti-Virus detection, enabling it to hide in plain sight.
2 Call Home
The malicious code calls home over a secured covert communication channel to a server controlled by the intruders. This is bad news for you. The interlopers now have control over your environment and terrible things are just around the corner.
3 Generate Encryption Keys
Your machine and the malicious server generate an unbreakable pair of cryptographic keys that will be used to encrypt the victim’s files. One key is stored on your device and the other, unfortunately for you, is stored on the perpetrator’s server. Without the key on the malicious server, decryption of files is impossible.
The Ransomware on your machine starts encrypting files across your network. Before long, your files are scrambled, inaccessible and useless. Applications and Operating Systems crash, and production is ground to a screeching halt.
5 Ransom Demand
A ransom note is displayed on your screen demanding payment in order to release the decryption key stored on the malicious server controlled by the criminals. Untraceable digital payment methods such as Bitcoin are the preferred transaction type. After a short period defined by the perpetrators, the decryption key will be deleted, making any decryption impossible.
What to do when you’ve been hit with Ransomware:
Getting hit with a Ransomware attack which has the potential to infect devices across the entire network and compromise organisation-wide operations is an ICT professional’s worst nightmare become reality. Once the infection has been detected there are a number of steps which should be followed to help mitigate the damage and disruption.
- Isolate – It is vital that steps are taken early on to prevent the infection spreading from infected devices to other devices across the entire network. To that end, all devices should be disconnected from the network.
- Plan – You should engage with your ICT/ Security provider to formulate a plan on how best to respond to the attack.
- Quantify – You should determine the scale of the attack by scanning all devices for Indicators of Compromise and identifying the strain of the attack.
- Recovery – You must assess what recovery options are available to you. This can involve anything from full Disaster Recovery to paying the Ransom. The option you choose to engage with depends upon a myriad of factors, including how quickly the attack was thwarted and the integrity of your backups.
It must be noted that paying the Ransom is never a good idea. Security provider ID Agent recently reported that 34% of companies that pay the Ransom never see their data again. It is very common for a company that has paid a Ransom to get hit with Ransomware again due to a backdoor being left behind as part of the original attack. There are no guarantees when dealing in any form of Ransom. Furthermore Cyberinsurance is highly unlikely to cover any Ransom payment so this is not a safety net.
What can you do to prevent Ransonware?
Having outlined the steps and options available to you once a Ransomware attack has already begun, the best advice is to take sufficient proactive steps to help ensure that your organization never becomes infected with Ransomware to begin with. Here are a few basic measures you can take to bolster your organization’s defence against Ransomware:
- Restrict the number of administrator accounts on your network.
- Use Advanced Endpoint Protection with Ant-Ransomware detection capabilities.
- Use Firewall, Email and Web Filtering to block advanced malicious content.
- Implement a user awareness campaign incorporating email phishing simulation.
- Take regular offsite backups with Ransomware detection capabilities built in.
- Deploy security solutions that share information and collate data in one place.
Damien Mallon, Senior Systems Engineer, Datapac
Register for upcoming events
"At Barretstown, we rebuild the lives of children, and their families, affected by childhood cancer and other serious illnesses. We serve 5,000 campers a year and have 1200 volunteers each year. Communication is crucially important and Datapac has helped us to streamline, improve and ensure efficiency."
"Datapac has provided us with a fantastic product and world-class levels of service and support. Whenever people ask me about our experience with Datapac I’m always ready to sing their praises and I would happily recommend their services to any organisation."
"For many years Datapac has been our sole supplier for the maintenance of Personal Computers and Peripherals in Ireland. Through their Service Centres in Wexford and Dublin, Datapac provides excellent support to our businesses throughout the country and consistently meets the SLA targets which we have set. The skill, expertise and experience of their engineers and other technical support personnel are of the highest standard."
“The value of dealing with an HP Gold partner in this process can’t be underestimated. Datapac provide us with a local touch and can cover the full range of our IT requirements, but when there is a specific technical requirement like this, they can bring the specialist technical resources of HP to the table. HP and Datapac had a thorough discussion with us around our requirement - and had really done their homework - and then were able to provide us with a very highly specified test platform for us to prove the application on before we committed to purchase.”
Datapac understands our needs and requirements and has the expertise and experience to follow through on all our requests. Our constant need to reduce costs has been assisted by Datapac's ability to suggest alternative solutions and methods whilst improving both efficiency and productivity. Our partnership with Datapac is akin to having an IT department on site that we simply could not provide ourselves.