* Lucas Cavalcante
With the automation of business processes and with the increasing digitization of information systems, several organizations have become dependent on computer systems and information to produce and generate profits for their business. However, in the same proportion as the institutions and organizations seek to automate their processes and maximize profits, malicious people develop several types of cyber attacks in order to seize inside information, using this information for their own benefit, being able to sell this information to a competitor, or even encrypt all the data and systems of a company.
According to the study on the current global threat landscape of 2019, conducted by Smart Protection Network gives Trend Micro, Brazil was in 2nd place in the world ranking among the most infected countries by the type of cyber attack named Ransomware. According to the article, 10,75% of the attacks are concentrated in the country, second only to the United States, which suffered 11,05%. Subsequently, India is in third place, with 10,32% of the cases, Vietnam, in fourth with 8,21% and finally, in fifth place, Mexico with 3,79%.
Given the numbers shown in the survey, it is important to know this type of attack, because by understanding the operation of it, you can avoid putting your company at risk. In this article we will deal with the type of attack Ransomware and how this malicious software can impact your business.
What is Ransomware and how does it work?
Ransomware it's a kind of software malicious, which infects systems with the aim of encrypting and hijacking data, and only unblocking access through payment, often carried out in cryptocurrencies, as this type of currency helps threat agents (attackers) to escape tracking.
According to a publication by the information security company Kaspersky, there are basically two types of Ransomware:
Crypto ransomware: This kind of ransomware encrypts sensitive files on a mobile device or computer so that the perpetrator, through extortion, withdraws money from its victims.
Locker ransomware: Unlike the Crypto ransomware, encrypts sensitive files, the Locker ransomware blocks the victim's access to the device, making it impossible for them to use their devices, in order to demand a ransom in return.
A new model of ransomware has been gaining popularity among cyber criminals, the Ransomware as a service (RaaS), is a type of franchise contracted by miscreants who sell or rent software that allows novice and inexperienced attackers to succeed, in addition to reducing the need to develop malware and allow malicious people to make money quickly, easily hire the subscription on dark web.
When a company or organization is infected with some type of malware, your systems or data are encrypted. In view of this, many institutions are forced to turn off and disconnect all devices and computers, until the problem is fully resolved, which happened to companies in the Spanish radio and technology consulting segment, an event that has caused incalculable damage to companies already. that, in addition to the redemption of data and the impact on business continuity, generate a financial loss, the image of the companies was also negatively impacted. Another example that we can use are Brazilian companies and city halls that were infected in 2019, the institutions had their data encrypted and some automated processes were performed manually, to minimize the impact on business continuity.
What are the entrance vectors of a Ransomware?
What many people do not know is that most infections Ransomware are performed due to user actions, we can often find people who click on a link that came through a spam email, or when browsing websites malicious users are infected. Some cases of proliferation of this type of malware can occur through drive-by downloads, which is a type of download which does not require user interaction for the attack to be successful.
Another very common input vector, are organizations that do not have an information security policy or technical measures to block USB ports on corporate computers, due to this, it allows employees to intentionally or unintentionally infect the organization's network, given that a user can plug in a pen drive that was infected outside the company and bring that malwareaccidentally to the work environment.
In view of the facts mentioned in the course of this article, companies and organizations that want to remain competitive in the market, or do not want to have their operations interrupted, need to adopt security measures so that, in case an event similar to the ones mentioned above happens, an action plan can minimize impacts.
In case of attempt or, in fact, an infection, is your company prepared for cyber attacks?
It is recommended that organizations adopt layered security measures, train their employees to make them aware of how to avoid clicking on links, or open email attachments with unknown senders, back up important data, keep them in an external location of the company, as in servers in the cloud to improve security, or in units in other locations, to keep the systems updated due to the bad guys scouring the networks for known flaws, installing smart tools to detect and remove ransomware, such as a anti-malware and if possible, hire services from an information security company that offers strategic solutions and partnerships geared to your company's needs, such as [SAFEWAY] Consultoria.
* Lucas Cavalcante is SOC Analyst | [SAFEWAY]
