What is ransomware? What you need to know to protect yourself from ransomware

1. What is ransomware?

Ransomware is a type of malware or malicious software attack that cybercriminals use to encrypt a victim's data, making it inaccessible to the victim until a ransom payment is received.

When ransomware infects a system, it encrypts the user's data. To decrypt the data, the user needs a decryption key. The decryption key is often held by the cybercriminals, who demand a ransom in exchange for the key. A ransomware attack can target both individual users and businesses.

Ransomware infects a victim's system and demands a ransom

2. How does Ransomware work?

Ransomware typically infects systems through phishing emails, malicious websites, or infected removable storage devices. Ransomware attacks often result from involvement across multiple vectors, such as social engineering schemes, watering hole attacks, phishing emails, seizing control of servers via remote desktop protocol, malicious advertising networks, and unpatched software vulnerabilities.

Usually, victims introduce ransomware into their own devices by clicking on a seemingly harmless yet malicious link. Once infected, ransomware immediately starts identifying and encrypting target files, potentially spreading or transmitting over networks to expand its scope, ultimately leading to severe consequences.

Ransomware aims to deny access to data and files in exchange for restored access at a fee—all made possible through encryption technology. Ransomware manages to access a computer with an integrated list of file extensions and then checks for file types as it operates within the system. If the list of extensions and files match, the ransomware software replaces the original file with an encrypted version and thoroughly deletes all original records from the system.

How ransomware works

3. Types of Ransomware

- Crypto Ransomware: This is the most common type, encrypting crucial data and demanding a ransom for decryption. This attack can cause significant loss without data backups.
- Locker Ransomware: Primarily locks the user's screen and demands a ransom to unlock it. While it doesn't encrypt data, it completely disrupts computer usage.
- Scareware: Generates fake computer issue notifications to trick users into downloading malicious software. This is essentially an intrusion from "within."
- Malvertising: Uses online ads to install malware on computers without prior user notice.
- Human-operated Ransomware: This is a new trend, targeting organizations by infiltrating and deploying ransomware across enterprise networks. These are often well-prepared and carefully planned attacks.
- Ransomware as a Service: Provides attackers with ransomware "services," making it convenient to conduct attacks without deep technical knowledge.

4. Notable Ransomware Attacks

- DarkSide: The most notable attack causing chaos in the U.S. energy supply chain, compelling Colonial Pipeline to pay a $4.4 million ransom.
    - EvilCorp/CryptoLocker - Attack on CNA Insurance: Inflicted severe damage by encrypting over 15,000 devices, including remote employees' computers.
    - REvil/Sodinokibi - Attacks on Quanta, JBS Foods, and Kaseya: Demanding large ransoms, resulting in significant consequences for major companies and the food industry.

    5. Preventing and Containing Ransomware

      - Use cloud-based protection tools: Cloud-based backups to safeguard data and facilitate quick restoration when needed.
        - Train employees in cybersecurity: Educate staff on ransomware prevention methods, emphasizing the identification of malicious emails.
          - Regular system updates: Update software and systems frequently to prevent security vulnerabilities.
            - Use secure email: Implement secure email solutions to block harmful file attachments.
              - Offline data backups: Ensure offline data backups to protect against ransomware.
                - Implement robust identity security measures: Employ identity security measures to enhance resilience against ransomware.

                  6. What to Do When Attacked by Ransomware?

                  - Identify infected systems: Locate and isolate affected devices to halt the spread.
                    - Prevent further spread: Immediately disconnect networks and infected devices to stop the spread.
                      - Assess damages: Determine the impact on systems and data.
                        - Check backups: Restore data from previously created backups before the attack.
                          - Report the attack: Report the incident for support and better post-attack management.

                            7. Ransomware Prevention Solution from Yubico

                            Yubico offers a ransomware prevention solution through the use of YubiKey - a passwordless authentication device. Ransomware typically encrypts system data and demands a ransom for decryption. Combining YubiKey with robust authentication systems is an effective way to counter this type of attack.

                            Reused passwords, weak passwords, SMS, OTP, or weak multi-factor authentication solutions based on applications are often the root - or at least a considerable contributor - to ransomware attacks. Strong phishing prevention solutions like hardware-based authentication provided by YubiKey can help organizations avoid using easily tricked authentication methods for any accounts.

                            The best defense against ransomware starts with modern phishing-resistant protocols like FIDO2/WebAuthn and FIDO U2F. YubiKey not only supports new authentication protocols but also integrates with legacy authentication forms like One Time Passwords (OTP), enabling organizations to transition easily without entirely overhauling their current infrastructure.

                            With nearly 30 years of experience in IT, HPT is an official partner of Yubico in Vietnam, supplying genuine YubiKey products. This is a robust authentication method that enhances security and minimizes the risk of ransomware attacks. The combination of the powerful authentication solution YubiKey and HPT's deployment expertise promises safety and reliability for organizations in preventing and mitigating these harmful attacks.

                            HPT - Yubico's official partner in Vietnam, provides a range of genuine YubiKey products

                            Source: Quoted from information provided by Yubico partner

                            >>Learn more about the YubiKey passwordless authentication solution here

                            HPT is a leading partner offering YubiKey products. Contact HPT now for expert guidance.

                            Contact information:
                            Email: info@hpt.vn
                            Phone: 028 38 266 206