There’s a rise in ransomware attacks, and they’re becoming deadlier and more dangerous than ever! A report by Cybersecurity Ventures predicted that businesses in 2021 would fall victim to a ransomware attack every 11 seconds! The total cost of ransomware to businesses would top USD 20 billion this year. Quick Heal Threat Report Q1 2021 detected 0.35 million ransomware threats in the period.
The COVID-19 coronavirus pandemic has also contributed to a rise in ransomware attacks. Threat actors used the pandemic as an attack channel for ransomware attacks, taking advantage of the millions of people who started working and learning from home. The last year has seen a rise in many types of specific ransomware, which all work in very different ways but are equally dangerous. Here at Quick Heal, we have analyzed these threats and how they operate, such as the Dharma ransomware variant, the MAZE variant, which became a significant threat, Cyberpunk 2077, and SARBLOH, a unique type of ransomware that did not demand money.
The rise of ransomware-as-a-service has made it much easier for malicious threat actors to pull off these types of attacks. Anyone can carry out attacks with ransomware available for sale on the dark web to the highest bidder. Ransomware is preferred as it is a quick and easy means for cybercriminals to earn vast amounts of money; according to the World Economic Forum, the average ransomware demand is USD 170,000!
How does a ransomware attack look like?
While none of us would want to be the victim of a ransomware attack, it is a good idea to understand the signs to be prepared. The main stages of a ransomware attack are:
- Infection – You can get infected by ransomware by downloading a malicious file or by clicking on a malicious link. Phishing emails can contain links that take you to websites which download ransomware on your system.
- Encryption – Once the ransomware is downloaded on your system, it will silently scan your system and encrypt all your files, including key system files. The newer variants of ransomware even go to the extent of encrypting your backup files to put you even more at risk.
- Threats & Extortion – Once the encryption stage is complete, now is the time for the ransomware to announce itself to the world. You might find that your system is hanging, has slowed down and you are not able to access your files. Then, you will see a message pop on your platform telling you that you have become the victim of a ransomware attack. It will warn you that all your files will be encrypted and if you do not pay the ransom in a specified period of time, you will lose access to them forever.
- Decryption – Once the ransom is received, the threat actors will provide the key required to decrypt your files. This is a matter of chance and there is no guarantee that you will get your files back on paying the ransom – it is all in the hands of the attacker.
So how do I fight ransomware?
Good question. There are some easy steps you can take to secure your system from ransomware:
- Regular backups – Ensure your data is safe by backing it up regularly. Don’t just have one source of backup but have multiple, including both physical and cloud backups. That way, even in the worst-case scenario, you still have access to your data.
- Ensure you have the latest patches & updates – Ransomware targets exploits in systems. You can take a step ahead by ensuring that the setting for downloading automatic updates is on so that you are updated at all times.
- Stay safe online – Apart from email, you can unknowingly get infected by ransomware by browsing on the Internet. So be mindful of which websites you visit and the links you click on. The only download trusted and verified applications on your system.
- Have strong passwords – As mentioned several times, using strong and tough passwords can be a big help in handling malware such as ransomware.
- Install a strong security solution – Ensure you have a strong security solution on your system which can detect and block these attacks. Quick Heal Total Security is equipped with Ransomware Protection which uses Behavior Detection Technology to block ransomware attacks in real-time.
But I’ve already been infected with ransomware! What do I do now?
Stay calm. Panicking is not going to help get your files back. Consider taking the following steps:
- Disconnect your system – If your system is connected to the Internet or any other more comprehensive network, disconnect it immediately to ensure the ransomware doesn’t spread.
- Inform the Authorities – Don’t try to tackle the issue alone. Inform the relevant authorities around you, such as the Cyber Cell or the police.
- Capture proof – Capture as much proof as possible of the ransomware infection. It may help you identify a way to get your files back.
- Think very carefully about paying the ransom – You might feel desperate about getting your files back by paying the demanded ransom but think about it carefully. There is no guarantee that you will get your files back, even after paying.