Protecting Against Ransomware

Cyberthreats are constantly evolving in order to take advantage of online behaviour and trends. The COVID 19 outbreak is no exception. According to VMware Carbon Black analytics[1], amidst the COVID -19 pandemic, global organisations had seen a 148% spike in ransomeware attacks as attackers are being nefariously opportunistic and leveraging breaking news to take advantage of vulnerable populations.

Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid.  When you are infected with ransomware, your computer is altered as all files in your system are run through an encrypter. You may or may not be aware of what is happening, but as the files are encrypted, the unencrypted files are deleted from your system. The net result is a computer full of encrypted data, with no access without a decryption key.

Ransomware typically spreads through the following:

  1. Phishing emails which lures recipients into clicking on malicious links or downloading malicious email attachments.
  2. By unknowingly visiting an infected website.
  3. Through the use of malvertising, where a user visits a legimitate website that displays third party advertisements only to find that one of the advertisements has malicious code which may aim to exploit an unpatched vulnerability in the user's browser.

The Guyana National Computer Incident Response Team  (GNCIRT) recommends the following tips to enhance your organisation's defensive posture against ransomware attacks.

  1. Update applications and operating systems software with the latest patches. Outdated applications and operating systems are the targets of most attacks as they present vulnerabilities that can be exploited.
  2. Backup your systems on a regular basis. Backup all critical organisation and system configuration information on a separate device and store the backups offline. Verify the integrity of the information and the restoration process. In the event of an attack, you can be assured of having a reliable copy of your critical information.
  3. Use least privilege. Administrators should restrict users’ permissions to install and run software , and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
  4. Provide cybersecurity awareness training for employees. Ransomware attacks often require the human element to succeed. Regardless of what security features are installed on someone’s device, if a malicious link is opened, that device could be compromised Educate employees on recognising cyber threats, phishing and suspicious links – the most common vectors for ransomware attacks. Remind employees of how to report incidents to appropriate information technology staff in a timely manner. For more information on helping employees to recognize cyber threats, visit the Maintaining good Cyber Hygiene during COVID-19 tips on www.cirt.gy.
  5. Scan all incoming and outgoing emails. This will aid in detecting threats as well as to filter executable files from reaching end users. For information on viruses and spyware, visit Viruses and Spyware on www.getsafeonline.gy
  6. Disable macros.A number of ransomware strains are sent as Microsoft Office attachments. When a user opens the attachment, they are asked to enable macros to see the contents of the document. Once they enable macros, the actual ransomware payload will download and execute. Keep macros disabled by default, and make sure employees are aware that a prompt to enable macros can be a red flag.

The Guyana National Computer Incident Response Team  (GNCIRT) does not support the paying of ransom. There is no guarentee that when the ransom is paid that the decryption key will be delivered. Moreover, paying these cyber-criminals encourages them to continue and funds future activities of these adversaries. For more information on ransomware, visit https://www.getsafeonline.gy/

References

  • Covid-19: Ransomware. (2020, April 17). Retrieved May 18, 2020, from https://www.europol.europa.eu/covid-19/covid-19-ransomware
  • Ransomware. (n.d.). Retrieved May 18, 2020, from https://www.us-cert.gov/Ransomware
  • Mitigating malware and ransomware attacks. (n.d.). Retrieved May 18, 2020, from https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
  • Canadian Centre for Cyber Security. (2018, August 15). Retrieved May 18, 2020, from https://cyber.gc.ca/en/guidance/ransomware-how-prevent-and-recover-itsap00099
  • Take the First Three Steps to Resilience Against Ransomware for State and Local Partners. (n.d.).Take the First Three Steps to Resilience Against Ransomware for State and Local Partners.
  • Understanding Ransomware Vectors Key to Preventing Attack. (n.d.). Retrieved May 21, 2020, from https://www.esecurityplanet.com/malware/prevent-ransomware-attack.html
  • COVID-19 cyberthreats. (n.d.). Retrieved May 21, 2020, from https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats
  • Understanding Ransomware Vectors Key to Preventing Attack. (n.d.). Retrieved May 22, 2020, from https://www.esecurityplanet.com/malware/prevent-ransomware-attack.html

[1]https://www.carbonblack.com/2020/04/15/amid-covid-19-global-orgs-see-a-148-spike-in-ransomware-attacks-finance-industry-heavily-targeted/