Blog

Ransomware is back!

After the tumultuous year of 2017, which was marked by devastating ransomware attacks, a calmer period followed, as hackers turned their attention into crypto mining. At the end of 2017, the value of Bitcoin was near 20000 USD, and the price of most of the other popular coins peaked as well. This situation created a very lucrative opportunity for hackers, who quickly distributed various stealth applications that used victims’ CPUs to mine different coins, most notably Monero.

However, in the first part of 2018, Bitcoin, Ethereum, Monero, and the other coins lost more than half of their peak values, and the trend continued in 2019. This means that the profits from crypto mining plummeted dramatically, and we are now seeing the bad guys getting back to older means of extortion, including ransomware.

Looking back at the beginning of 2019, we saw a few targeted ransomware outbreaks (SamSam), but more others soon followed (LockerGoga, Bad Rabbit, Dharma, Ryuk, and so on). The number of incidents has risen recently, and unlike in the past, we are now facing more sophisticated attacks that usually target businesses. Either way, ransomware is again the number one security threat, as a recent report from Europol shows (https://www.europol.europa.eu/newsroom/news/cybercrime-becoming-bolder-data-centre-of-crime-scene).

What about protection?

Since ransomware became a pandemic phenomenon, some anti-virus companies managed to update their products to fight these attacks better. However, there are ransomware variants out there which can still easily bypass AV products. So, to implement an adequate protection solution, several things must be considered:

  • Backup data regularly to a safe (and preferably “cold”) storage system, and double-check the backups are valid and can be restored quickly. There have been many cases of companies that backed up data and not being able to restore it.
  • Virtualize the infrastructure and backup all systems. For companies, besides losing valuable data, another significant loss is the downtime incurred in case of a ransomware attack. To have the systems back online, sometimes it can take several days, even weeks, and the disruption can cost businesses even millions of dollars. By using a virtual infrastructure supported by a sound backup system, restoring virtual machines can take minutes, and the whole infrastructure can be back online in a matter of hours, instead of days.
  • Patch systems frequently. Even if ransomware is usually spread by email and infected web sites, from time to time we also see some variants that can exploit vulnerabilities in certain programs or system modules (e.g. WannaCry). To best solution to mitigate such risks is to patch systems and applications frequently.
  • Use dedicated anti-ransomware tools. Many people assume ransomware programs are like regular viruses, and AV products must be able to track them down. This is a false assumption, as ransomware is different in many ways, the most notable trait being the fact that it’s usually simpler and performs common operations, as users do. That’s why security products must use specific methods to catch ransomware, methods which are usually different from the ones used to catch typical viruses.
  • Train users to be more security-aware. Ransomware is usually delivered by email, embedded in infected documents. Many attacks can be prevented if users do not open suspicious attachments. Hence learning how to identify dangerous emails and how to handle their content is a potent means to prevent a computer from being infected.

For more information about ransomware and how to protect against it, check out this article: https://temasoft.com/information/ransomware-protection-prevention.

Conclusion

Last but not least, it looks like ransomware is here to stay, and hopefully, companies and individual users will become more informed about it and will use more efficient means to protect themselves.

This post was last modified on August 21, 2023 7:26 am

Lucian Mocanasu

Share
Published by
Lucian Mocanasu

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023