What is ransomware and how to fight it

What is ransomware and how to fight it

1 photo

  • 0
  • 9 de August de 2021

As long as it has a high profitability, any business will remain and will mutate to adapt to the requirements of its customers. And ransonware is a prime example of this. This sophisticated cybercrime, which mobilizes large amounts of resources, in practically any field, has been expanding and improving. Therefore, for any organization or individual whose data is “protected” in electronic devices, it is essential to know how to combat it.

But what is ransomware?

One of the first steps to be able to stop and / or combat ransomware is to understand what it is. Ransomware is malicious software or malware, by means of which the data of an organization or person is encrypted. But not just any data. They are usually vital data for the operation of the business, which are stored in electronic devices.

Once cybercriminals take control or “hijack” this data, they proceed to demand a ransom. Once the payment has been made, the victim receives a code through which it is possible to decrypt her data. To make it difficult to trace the money, the “ransom” is usually demanded in cryptocurrencies. This “modus operandi” is straightforward and the money demanded as ransom used to be relatively low. Thus the victim did not hesitate to pay them, as it was cheaper than other options, but …



A growing business

As in any profitable business, it did not take long for new alternatives to emerge. And it is that the strategies associated with its application have been developed more and more. From the data hijacking he went to the next step. The threat of making this data public, or even selling it to the highest bidder, was also viable. Thus a double extortion or “doxing” was exercised. In this way, the pressure on the victim increased and the payment of the ransom was faster and safer.

And these novel methods also target the websites of companies, their employees, suppliers, customers, and other business partners. Too much of a risk for any organization. Not only is your production process directly affected, but also your environment indirectly. In this sense, the willingness of a company to pay for its data increases. This means greater profitability and expansion for ransomware.


New slopes

Thanks to the large sums mobilized, business opportunities for these criminal gangs receive and also open up new avenues. So much so that they have developed interesting business models. Among others, RaaS (Ransonware as a service). This ransomware-as-a-service model has integrated a large number of new affiliates.

And at the marketing level they have very efficient strategies. For example, in some cases, they have the equivalent of User Support. Thus, they provide assistance to their victims or “clients” to make their payments and / or decrypt their data. A service to the complete satisfaction of the client, at the height of the big companies. This is a business for which there is no near horizon in sight. Therefore, it is essential to know how to combat ransomware, since staying defenseless is no longer an option.



The smart strategy to curb ransomware


curb ransomware


Faced with this panorama and having a clear conception of the potential of ransomware, every organization must be prepared. Yes, it is important to assume that an attack on your data is imminent. And for this, prevention is vital. It is the best way to minimize direct and collateral damage. Furthermore, the good news is that the universe of clients or victims for these cybercriminals is almost limitless.

Thus, the problem for them lies in selecting their next victim. And undoubtedly, it will not only matter the amount that you can pay, also, the facilities that it provides, to access your data. Therefore, the more armored a company’s data is, the less attractive it will be to attack. Experts on the subject of ransomware and how to stop it suggest:

For the users

Users are the main bridge of entry for a ransomware attack. Hence, their training and discipline are basic. Among other aspects they must:

Guarantee the adequate administration of the security of your access codes to the networks. Also, be very responsible with the sites you visit and the files you download.
As far as possible, do not involve corporate networks with the management of smart devices, whose users often access untrusted networks.
They must adhere to the mandatory use of multi-factor authentication, beyond a password: Biometric authentication must be a must. A text message sent to the personal mobile and / or the use of a specific application are factors that support security.



For technical support personnel

Due to the ease of propagation of this malware and in order to be prepared beyond prevention and the basic firewall, to combat ransomware, those responsible for technical support should:

Keep operating systems and browsers up-to-date, to be able to protect against infected websites
Make continuous backup copies of essential company data, thus guaranteeing the possibility of restoring the data in the event of improper encryption of the same. It is important to be certain that these copies work. As an added measure, these copies should only be online during the backup process.
Maintain strict control over the proper use of access levels. In addition, make the use of distributed networks that, in case of being violated, minimize the impact and / or access to other company data.
Carry out continuous risk assessments to detect vulnerable access points in the infrastructure, especially in equipment close to decommissioning due to obsolescence.
Finally, it is important to note that the ransom payment will never guarantee that a company’s data will be restored or that its confidential information will be respected. You need to remember that they are cybercriminals you are dealing with. So in the event of a ransomware attack, it is advisable to make a smart decision.

For more information on this topic or to ask for help if you need it, we recommend you go to INCIBE, National Institute of Cybersecurity.

If you found this article interesting, you may also like the post in which we talk about icloud computing.