What is ransomware? How should you react to this type of cyberattack?
Computers, cell phones and other devices are a key part of our lives. We use them to talk and share information, work, manage our finances and much more. The reality is we may also be leaving a large amount of data and files exposed online, often without being aware of how vulnerable we are to a cyberattack.
Of the various types of cyberattacks, one of the most widespread is ransomware, or data hijacking, because of how lucrative it can be for cyber-criminals. Companies are often the target of these attacks, and this type of extortion currently represents one of the greatest threats they face. But this is a risk not only for large corporations, companies or institutions, but also for the most vulnerable ones. Between 2019 and 2020, more than 600 US towns, cities and counties suffered ransomware attacks that forced the closure of hospitals, police departments and other public services.
How ransomware works
Ransomware is a type of malicious software that seizes possession of the information contained in the device it infects, encrypting it and preventing the owner from accessing it. To regain control over this data, cyber-criminals demand a ransom be paid. Once infected, the user usually sees an on-screen ransom note informing them that their files have been hijacked and telling them how to release them. This usually involves a payment in digital currencies, making it a difficult crime to trace.
Ransomware reaches a device through the same pathways as other malware. The most common is still phishing, which mainly involves downloading an email attachment, and other traps such as clicking on a link or installing an application that is made to appear normal. In addition to phishing, cyber-criminals can infect a device with attacks through suppliers when the target is a company, or by stealing logins. The best way to prevent this and other viruses is for users to be aware of this threat and not let their guard down when online. They should be careful with emails or unfamiliar websites, and make backups, which can be a life saver in recovering from a ransomware intrusion.
Both individuals and companies are victims of data hijacking. Even governmental systems have been attacked for economic benefit. Organizations are more likely to end up paying the ransom, because as long as their data is encrypted, their operational capacity can be greatly affected or crippled. The preferred target of cyber-attackers are small and medium-sized companies, which are generally less well prepared than larger companies and have weaker security systems.
What to do (and what not to do) in the event of an attack
As a matter of fact, many of the victims end up paying the ransom (up to 50-60% of the companies that suffer it, according to the Spanish National Cybersecurity Institute, INCIBE), but it is a mistake to do so. INCIBE reminds that extortion should not be accepted because:
- Paying is no guarantee of regaining control of our data; we must not forget that those who hijack the data are criminals.
- Whoever makes the payment becomes a more vulnerable target, because the cyber-criminals already know that he or she is willing to do so.
- After payment, you may be asked to pay a higher ransom. In fact, statistics show that this is a common practice.
- Accepting extortion fuels the business of cyber-criminals.
Although giving in to blackmail and paying the ransom is not a good option, for both practical and moral reasons, there is a broad debate in the world about how this issue should be regulated. Many countries have already moved forward with legislation prohibiting payment to cyber-criminals, but experts believe that this measure is not effective in putting an end to this practice. It continues to take place through other channels, where it is enormously difficult to follow the money trail because it moves in cryptocurrencies.
A website called www.nomoreransom.com was created by several national police forces and large IT security companies to help companies and organizations that find themselves the victims of such an attack. It functions as a database for the different ransomware variants that become known, and it is constantly updated. With the help of a wizard, you can identify what type of attack you have suffered and, if there’s a solution available, the site offers tools and instructions to unlock the hijacked information.
But those responsible for the project themselves say that it’s not an infallible tool, because in the fight against data hijacking, the greatest difficulty lies in the constant evolution of the cyber-criminals’ weapons. That’s why law enforcement and cybersecurity experts emphasize prevention. The emergence of new variants of malware and ransomware means that no anti-virus or security system is a 100% guaranteed, and forces companies in particular to be ever vigilant against cyberthreats.
Backups stored in isolation are also key to preventing ransomware. Once a device is infected, one of the few effective ways to recover from the attack without having to pay the ransom is to restore the data to the same or a new formatted hard drive. It’s likely that not all data will be recovered, but at least you can continue to operate your device or company.
These are some tips on how to initially react, but the best option is always to rely on professionals.
How can cyber insurance help?
Sixty percent of SMEs that suffer a serious cyber-attack have to close six months later. It’s not only a matter of direct impact and reputational loss: there are other economic damages, such as business disruption and equipment repair processes, which represent a significant cost, especially for smaller businesses. It is a risk that one can protect against with specialized cybersecurity insurance, which not only serves to provide financial compensation for the losses. Such insurance also takes action from the outset and provides the insured party with a service of computer experts to solve the incident. They can access systems, recover data and remove malicious software, among other actions. If the attack has caused damage to third parties (customers and suppliers, for example), cyber-insurance will also be liable, as it will be for any loss of income during the attack.
In addition to the technical side, insurers can manage legal matters, such as compliance with data protection regulations, which require them to report to the authorities any theft affecting third-party data. Preventively, they can also provide an analysis of the vulnerabilities of a company’s network and include services such as anti-virus and other security software.