By Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC
Ransomware is now one of the most potentially damaging — and prevalent — types of malware. With this lucrative crime, hackers break into a firm’s computer system, encrypting the data, which they will only release for a fee.
A Sophos report revealed that the majority (83%) of IT teams in India said the number of phishing emails targeting their employees increased during 2020. Even government agencies are not spared.
In February 2021, a number of senior Indian government officials, including those from the ministries of defence and external affairs, were targeted in a phishing campaign. According to the government officials, the attackers were using compromised government domain email accounts to launch their hacking attempts.
Back in July 2020, a major Indian snacks manufacturer, Haldiram, faced a ransomware attack on its servers by hackers who allegedly encrypted all its files, data, applications and systems and demanded a ransom of 7 hundred thousand USD for giving access to the stolen data.
Cybercriminals have now resorted to stealing information during an attack and threaten to publish this information on leak sites on the dark web or sell it, increasing the pressure for victims to pay the ransom.
In February 2021, India’s national airline, Air India, reported a cyberattack on their SITA passenger service systems containing personal identity information, passport data, ticket information, frequent flyer data and credit card information of about 4.5 million customers around the world.
Cybersecurity Ventures predicts that ransomware damage costs will exceed $265 billion by 2031, with attacks on businesses, consumers, or devices occurring every two seconds. Whether the prediction is right or wrong, the message stays the same. Businesses need to plan, implement effective data protection and ransomware prevention solutions, and back up their data.
While businesses should do everything they can on the technology front to prevent ransomware and malware, people are, unfortunately, a big part of the problem.
Gartner Inc. estimates that up to 95% of cloud breaches occur due to human errors such as configuration mistakes, and the research firm expects this trend to continue. Verizon’s 2021 Data Breach Investigations Report says that 60 per cent of ransomware cases in its study involved direct install or installation through desktop apps. The rest of the vectors were split between emails, network propagation, and downloads triggered by other malware.
Humans are the common factor among many of these attacks. The report says that 85 per cent of breaches result in the loss of credentials. While a large enterprise may have the means to survive an attack, many small businesses may be forced out of business due to ransomware’s impacts. Large or small, every organization should do everything it can to protect its data and prevent ransomware.
Finding Your Role in Fighting Ransomware Attacks
There are all kinds of scams that hackers use to sneak ransomware onto devices and networks. And these scams are constantly evolving. That’s why everyone in the organization must understand what they can do to prevent ransomware. Here are some areas to consider:
Train Employees to Spot Scams
Businesses need to educate their people with regular cybersecurity awareness and training programs. Training should include recognizing potential threats, the latest news and guidance on new and existing threats, and how to respond to an actual or potential threat. It’s important to maintain awareness throughout the company with regular bulletins, updates, and tips.
Reinforce (and Enforce) Company Policies
The company should already have set policies regarding confidentiality of user credentials, even for IT and security personnel. These policies should include strong password and authentication requirements. Make sure your employees understand these policies—and the reasons they exist—and adhere to them so they can do their part in ransomware prevention.
Use Software as a Service for Applications
Using applications that are company-sanctioned can go a long way toward preventing ransomware. That’s especially true when it comes to using file-sharing applications instead of email attachments. This strategy mitigates or potentially eliminates malicious attachment phishing attacks, so it’s worth a look.
Talk About Macros
Users unfamiliar with macros in Microsoft 365 and Adobe PDF documents may automatically click on an “enable macros” button in a malicious attachment. That would be a colossal mistake, opening the door for ransomware. There has been a rise in document-based malware where malicious documents work much like executable programs, including the ability to run processes and install other code on your systems. It’s also worth considering using non-native document rendering for PDF and Microsoft 365 files in the cloud to stop this practice, as these desktop applications may have unpatched vulnerabilities that are ripe for exploitation.
Make Incident Reporting Easy
No one wants to be the person that clicks on a malicious attachment or link. It would be easy to beat yourself up if you’re the one. And it would be easiest to avoid the embarrassment that comes with reporting it. That’s why employees must understand that they—and everyone they work with—are the victims in these cases. Companies need to make sure everyone feels comfortable reporting any security incident. So put simple, clear reporting procedures in place.
Physical Security Matters, Too
Make sure that everyone understands the company’s security policies with regards to facilities and devices, too. A lost or stolen laptop that lacks a login password is an open invitation to accessing the network. And stolen credentials in the hands of a hacker can only lead to disaster. Everyone needs to understand that devices, badges, and credentials must always be kept secure.
Plan for Recovery
There isn’t any way to be 100 per cent certain that you are safe from a ransomware attack. Ultimately, the best defence is to ensure the company can recover if it happens and that starts with backup and disaster recovery planning and solutions.