transfer
transfer

Ransomware, the malware that blocks thousands of companies annually

share post


Definition

The fight between cyberattacks and cybersecurity does not stop, which is why cybersecurity can never lag behind hackers.

To start understanding what Ransomware is, how it works, its types, etc, we want to start with a brief definition.

So what is Ransomware? It is a type of malware, or malicious software, that hijacks files and sometimes entire computers or mobile devices.

We can define it according to this behavior: hackers request a ransom payment in exchange for decrypting your files and thus giving you back access to them.

When an organization is attacked, it will immediately realize that, due to how it acts, access to the infected device(s) will be cut off and, normally, the documents chosen by the attacker will be encrypted.

After realizing it, you will probably not be able to access vital data and even the privacy of workers may be affected. The cybercriminals will contact the company representative to put their demands on the table.

They usually promise to unlock the affected computer or documents if a ransom is paid. 

Only in the last year this type of Malware it has grown more than 700% if we compare it with the data collected in 2019, according to the cybersecurity company Kaspersky.

Why is it called that?

Ransomware is formed by joining the words "ransom" (from English, ransom) and "ware" (product or merchandise, in English). 

Once the criminal encrypts the data, he demands a ransom from the victim, via a message or pop-up window, performing a virtual hijack. 

This threatening-tone message warns the victim that the only way to decrypt their files, recover their system, or avoid possible information leakage is to pay a ransom. 

They usually include a time limit to pay, before the total destruction of the hijacked files occurs, their publication or an increase in the value of the ransom, if it is not paid on time. Generally, the ransom is requested through some cryptocurrency (virtual currency) such as bitcoins. They often use "mules", which are intermediaries who transfer the money 

In exchange for payment, cybercriminals promise to provide the mechanism to unlock the computer or decrypt the files. However, this does not guarantee 100% that cybercriminals comply with the agreement; for this reason, it is recommended not to pay the ransom to prevent the proliferation of such threats. 

Bailout in cryptocurrencies, why?

Cryptocurrencies are virtual currencies that allow almost anonymous payment between individuals, which makes it difficult to trace them.

They are accessible from the anonymous Tor network; There, the funds from different portfolios are mixed, carrying out a kind of laundering of the cryptocurrency that makes it difficult to follow the trail of transactions. This makes it easy for cybercriminals to extort money from their victims without the police being able to immediately track them down. 

How does the infection occur?

As with other types of malware, cybercriminals use one or more of these routes to infect the victim; They take advantage of security holes (vulnerabilities) in computer software, operating systems, and applications. 

Types and action

Each type of Ransomware acts and penetrates security differently, although they are all based on the same characteristic. From minor to major importance we can classify them in: 

Hoax ransomware: It simulates encryption using social engineering techniques to extort money from the user, demanding payment to recover their files or prevent them from being deleted.  

Scarware: uses the lure of fake software or support. It usually appears in the form of a pop-up ad reporting a suspected virus infection and provides a quick and easy solution by downloading a cleaning program that is almost always malware. 

Screen lockers: They prevent the use of the device by displaying a window that occupies the entire screen and cannot be closed. Two types of messages may appear in the window: on the one hand, the file encryption and the procedure to recover them are reported, but the files are intact. On the other, a message from the security forces appears indicating that illegal activities have been detected and a penalty is requested to unlock the computer. It is also known as the police virus.

Encrypting Ransomware: considered the most dangerous of all. Its main objective is the encryption of information to demand a ransom. Cybercriminals make use of the latest advances in encryption from 2 Ransomware.

Within this variant there is a call wiper, it doesn't return access to the files, it just deletes them.

There is also the variant doxware that uses a technique known as "doxing", this consists of threatening the user with making the extracted personal data public. 

Prevention / Think like a hacker:

Many experts affirm that the best prevention for Ransomware is to put yourself in the shoes of hackers and think as they would. To prevent and anticipate it is necessary to put on the mask. For many companies it is not a shame to hire ethical hackers or ex-hackers to improve the security of their company.

    1. Awareness and training of employees and users.
  • Updated antivirus.
    1. requests dangerous pop-up installation.
  • Click on links.
    1. downloads of applications of unknown sources.
  • Backups.
    1. Update of the operating system and applications.
  • Control of privileges.
    1. anti phishing solution for email.
  • action plan

With this real-time map created by Kaspersky, all kinds of attacks (including Ransomware) can be observed in real time. 

Awareness is the first step to prevention, which is why Ransomware is not one of the largest cyberattacks numerically, although seeing the increase per second is shocking.

Spain is the 9th most attacked country according to the graphs obtained by Kaspersky. With this graph we can also see the global need for cybersecurity.

Do I have to pay the ransom?

From an objective point of view, the requested ransom should never be paid, since due to the payment, which is usually in the millions, the progress of the organizations that are generating these attacks is being financed. 

In addition, paying a ransom is falling into the trap of cybercriminals since no one can guarantee that the information will be recovered and even the extortion can continue after the payment. Even so, there are many companies that decide to pay the ransom. 

The European Union is considering the implementation of a new law, prohibiting and sanctioning companies that pay the requested extortions.

In the event of being attacked, the best way to recover business activity and data is by going to a professional or specialist in cyberattacks so that they can advise you.

Most of the ransoms are paid with the famous cryptocurrency Bitcoin (BTC). 

This modus operandi has been established among hackers because cryptocurrencies allow the anonymity of the recipient and can easily disappear with the money.

Why is it important not to pay the ransom?

The reason is because paying does not offer a guarantee of data access recovery. In addition to this, by agreeing to pay the ransom you will probably become the target of other attacks, since cybercriminals already know that you are willing to offer your financial resources.

Attack response plan:

It is very important to have a plan of action or response to incidents.

The first thing we must take into account is who has to manage incidents within the company, then where is the necessary documentation on the systems and networks used in the organization. 

It will be necessary to define what is the normal activity that allows us to detect suspicious activities that are indications of incidents. 

It is also essential to know who we will have to contact in the event of an incident. For example, in the case of outsourced services, the supplier is responsible. 

In this type of situation, every second counts, so if we have a well-structured plan with all the necessary information, we can move quickly.

Recent attacks:

Kasey:

On Friday, July 2, 2021, the Ransomware attack on the Kaseya software distributor occurred. This not only affected the company, but also some 1,500 companies that worked with it, as sensitive data from all of them was leaked.

The attackers demanded a ransom of 70 million dollars through the Bitcoin cryptocurrency. Kaseya claimed through her networks that she refused to pay the ransom, taking three weeks to figure out where the vulnerability was on her system, in this case a universal decryptor from a third party.

The fact that Kaseya, a pioneer in its sector, has not paid the ransom in the face of the hackers' intended consequences should serve as an example of how to deal with these situations for companies.

Colonial Pipelines:

Another attack that occurred this year 2021 was on the Colonial Pipeline. 

It is a company that the United States depended on because of reduced refining capacity in the Northeast for oil and gas. 

This organization transported three million barrels of fuel a day from Texas to New York over more than 8,800 kilometers.

The hacker organization that attacked the pipeline is the so-called DarkSide who asked for 4.4 million dollars in ransom.

figures 

According to ITSM 4U through a survey of more than 5000 IT managers in medium-sized organizations in 30 countries around the world, it reveals that the 37% of organizations experienced a ransomware attack in the last 12 months. The same report reveals that the financial impact of these attacks has increased going from 700,000 dollars on average during 2020, to $1.85 million in 2021.

The average cost of recovery from a cyber attack on Spanish companies has doubled compared to previous years, going from 260,000 euros in 2020 to an average of 500,000 euros in 2021; according to ISTM 4U.

More than 1 million licensed users

More than 5 million recipients 

Contact us for more information: [email protected]

More articles

Kawaru Consulting

New Partnership with Kawaru Consulting

Tranxfer se asocia con Kawaru Consulting para expandir la distribución de soluciones innovadoras de transferencia de archivos Tranxfer, líder en la creación de soluciones para la transferencia gestionada y segura de archivos, se complace en anunciar una nueva asociación estratégica con Kawaru Consulting. Kawaru es una firma de consultoría de negocio líder en tecnología y transformación digital, comprometidos en acompañar a sus clientes en todo el transcurso del proyecto a realizar. Esta alianza estratégica representa un paso adelante en el compromiso de Tranxfer de ofrecer nuestras soluciones a una base de clientes global. Kawaru Consulting, conocida por su experiencia en la implementación de soluciones tecnológicas de vanguardia, se unirá a Tranxfer como distribuidor autorizado de nuestras innovadoras soluciones. ¿Porqué Kawaru Consulting? En Kawaru tienen foco en el lado humano de la tecnología, con su módulo de consultoría personalizada para cada cliente «Slow 5«, que permite adaptarse a las necesidades, o en el seguimiento de proyecto posterior al despliegue de la solución, para mejorar y automatizar los procesos. Esto permitirá a las organizaciones aprovechar al máximo nuestras soluciones y mejorar así sus procesos de trasnferencia de archivos. Esta asociación estratégica refleja el compromiso continuo de ambas compañías con la seguridad, la innovación, la excelencia operativa y la satisfacción del cliente. Juntas, Tranxfer y Kawaru están preparadas para impulsar el éxito empresarial de sus clientes en un mundo digitalmente interconectado. Para obtener más información sobre Tranxfer y sus soluciones líderes en el mercado, visite nuestra página web. Para conocer más sobre Kawaru Consulting, visite su página web en kawaruconsulting.com.

Read More »
Cybersecurity Bank & Government

We are Sponsors of Mtics Cybersecurity Bank & Government

Nos complace anunciar que somos patrocinador destacado del ‘Cybersecurity Bank & Government’ en Chile. Un evento programado para el 12 de marzo en el hotel Sheraton Santiago y organizado por Mtics Producciones. En esta 12º edición, nuestra directora comercial, Eli Bernal, presentará un discurso sobre las ‘nuevas regulaciones y cumplimiento normativo para el intercambio de archivos’. Invitamos a los líderes empresariales a unirse a nosotros para explorar las últimas tendencias, desafíos y regulaciones, en el intercambio de archivos. Con esta ya son 12 años consecutivos del espacio de encuentro esencial en el que se dan cita innovadores, tecnólogos y líderes empresariales de la Ciberseguridad de Bancos y Gobiernos en América Latina, Centro América y Caribe. La finalidad del evento es ayudar a proteger las redes y activos en un entorno cada vez más digital, complejo y hostil.  ¿Cuándo y dónde? Esta edición del Cybersecurity Bank & Government tendrá lugar el 12 de marzo, en el Hotel Sheraton Santiago, en Santiago de Chile. Ya ha sido el punto de encuentro de más de 30. 000 asistentes en ediciones anteriores y está bautizado cómo el máximo y único evento de ciberseguridad en Chile. Siendo conscientes de la importancia de este evento, dónde se reúnen las personas y empresas más influyentes del sector, no nos hemos querido perder la oportunidad de ser parte de ello, y poder dar a conocer las soluciones de Tranxfer a todos los asistentes. Y, como patrocinadores, tenemos el privilegio de poder hacer un discurso sobre las nuevas regulaciones y cumplimiento normativo para el intercambio de archivos, en la que nuestra compañera Eli Bernal hablará de las nuevas normativas que afectan al sector, y que soluciones tienen las empresas para cumplir con dichas regulaciones. Regístrate y ven a conocernos Si estás interesado en el mundo de la ciberseguridad, te invitamos a registrarte al Cybersecurity Bank & Government, para asistir de manera presencial al evento. Si, por alguna razón, no puedes asistir en persona, se ha habilitado una plataforma virtual para que puedas seguir el evento. Esta plataforma te permitirá acceder a las charlas y actividades de manera remota, podéis acceder a toda la información en la página web del congreso

Read More »
Security challenges

The 4 main challenges of transferring files with external parties and collaborators

La transferencia de datos y archivos en línea se ha convertido en una práctica común para las empresas que buscan mejorar la eficiencia y la colaboración en la nube. Sin embargo, este proceso presenta desafíos significativos en términos de seguridad de la información. Aquí presentamos los cinco principales desafíos que se encuentran las empresas al transferir datos en la nube, ya sea con colaboradores, clientes o externos: La transferencia de datos con externos a la compañía presenta varios desafíos para las empresas, desde la seguridad y el cumplimiento normativo hasta la gestión de accesos y permisos. Para abordar estos desafíos es fundamental dotar al empleado de las herramientas necesarias para poder hacer su trabajo. Tranxfer ofrece varios productos para cubrir las diferentes necesidades que presenta el mercado, si quieres saber cómo podemos ayudar a tu caso de uso, ponte en contacto con nosotros aquí

Read More »