It’s no secret that ransomware is one of the biggest security concerns for organizations around the world. The scariest part is that hackers are even savvier than they were in the past which makes legacy systems and other deprecated technologies vulnerable to their efforts.
What Is Ransomware?
Ransomware is a subsect of the malware family that blocks its victims’ files through encryption. When the target organization attempts to access its information, business managers and employees are unable to do so.
Instead, they are met with instructions that request a ransom be paid to release the encryption hold. Users are typically shown how to pay the ransom to obtain a decryption key. Typical ransomware amounts range anywhere from a few hundred to a few hundred thousand dollars.
Hackers often request to be paid in Bitcoin since its centralized blockchain technologies shield their identities from being revealed.
The best example of this type of exploitation lies within the recent, high-profile attack that used ransomware technologies known as Ryuk.
What Was the Ryuk Ransomware Attack?
Ryuk made its first appearance by jumping onto the radars of information security professionals in August 2018. It affected three organizations during its first two months of deployment while attackers made off in more than $600,000 in ransom dollars.
What made the Ryuk attack so fascinating is that it contained features that are not common among ransomware categories.
For example, Ryuk was able to automatically detect network resources and encrypting them while simultaneously removing back-ups for shadow copies on the back end of a network. These techniques are next-level, and business owners are wise to be wary.
How Did the Ryuk Infection Spread?
Ryuk was able to spread across three organizations by acting as an intermediary payload using botnets known as Emotet and TrickBot.
For non-tech geeks, the term ‘botnet’ is a portmanteau of the words ‘robot’ and ‘network.’ They are primarily used to take control of information systems and infect devices across an internal network of bots that hackers control remotely.
So, here is what happened in the simplest terms possible: the Emotet botnet infected the user endpoints, which then caused it to spread through the entrance network while launching a spam attack across the board.
Not only did it accomplish the seemingly impossible feat of gaining network access, but it also deployed additional malware scripts to users on the same or different locations. This resulted in both devastating time and money losses.
What types of businesses are being targeted with ransomware in Canada?
The types of businesses in Canada that are being heavily targeted with ransomware attacks include Financial institutions, accounting firms1, hospitals and medical clinics2, and industrial and energy firms1.
Measures Business Owners Can Take to Protect Themselves
Now that you have a solid understanding of what ransomware is, how it works, and what happened during the Ryuk attack, we can now shift focus on what really matters: solutions!
For your business to effectively defend against network attacks, such as the example seen in Ryuk, you need to deploy specific technologies that are conducive to your needs and operations. Take into consideration the following aspects of a robust solution, including:
- Antivirus scanning
- Human review and analysis
- Host intrusion prevention
- Personal packet firewall filtering
- Application security
- Device management
As you can see, there are several considerations that business owners must make when it comes to defending against ransomware attacks.
These efforts are often more than most small and medium-sized businesses can handle. Therefore, you should enlist the help of a trusted IT professional that understands your business’s framework.
1 https://www.carbonblack.com/wp-content/uploads/2019/09/Canada-Threat-Report-FINAL.pdf
2 https://www.cbc.ca/news/technology/ransomware-ryuk-ontario-hospitals-1.5308180