By: Gabriel Schram
April 27, 2021
Ransomware Prevention Strategies
By: Gabriel Schram
April 27, 2021
Identifying the tactics, techniques, and procedures of modern ransomware attacks is pivotal in securing cyber defense architecture. Recent years have exposed new and more successful variants for this specific type of malware. Ransomware is a type of malware that encrypts the entirety of the target system and demands a paid ransom to restore its data. Figure 1 displays an example of a machine infected by ransomware, specifically the WannaCry variant. For ransomware to be effective, it needs access to the target system; this is often obtained using social engineering campaigns. Moreover, there are several different ransomware variants, which makes defending the system from future attacks more difficult.
Past ransomware variants have caused massive amounts of damage. WannaCry caused an estimated $4 billion in worldwide damages. Furthermore, modern ransomware combines newer and more advanced techniques to increase its effectiveness. Researchers from IBM presented their project DeepLocker at BlackHat in 2018. DeepLocker can be hidden in a benign application while keeping the application's functionality. Subsets of artificial intelligence allow DeepLocker to unleash its payload based on the recognized facial features of the user (Stoecklin, Dhilung, & Jiyong, 2018)
The goal of a ransomware attack is financial gain. Many organizations pay the ransom from their pockets or via cyber insurance. The concept of ransomware has proven to be effective, causing a total of $11.5 billion in damages in 2019. This number increased to $20 billion in 2020 (Ford et al., 2021). Even more concerning are recent ransomware targets such as universities, hospitals, and other critical infrastructures. Therefore, the levity of preventing ransomware is more relevant than it was in previous years.Figure 1. WannaCry Ransomware (Kaspersky, 2017)
Tactics of Ransomware
Cybercriminals using ransomware take advantage of those that are more likely to pay their ransom. These are usually organizations that rely heavily on their computer systems and confidentiality. Institutions are bigger targets if they have a low tolerance for downtime; this makes manufacturing companies the biggest industry hit by ransomware. Furthermore, an organization's reputation is in jeopardy when it is revealed that it has been hit by ransomware. As a result, these organizations are less likely to come forward or report the incident to law enforcement; threat actors are aware of this also. The threat of ransomware has exponentially grown since the start of the COVID-19 lockdown. Many companies and institutions had to shift their operations to an online or hybrid style business model, which led to a higher number of potential targets with an expanding attack surface. Some instances include threat actors stealing sensitive information from their target before the ransom, then using this as a means of extortion if they do not pay.
Ransomware tactics also remain successful because of evolving social engineering procedures. The malware is typically spread via phishing, spear phishing, or infected hyperlinks to malicious websites. Phishing campaigns are growing more sophisticated by offering links to sign up for a COVID-19 vaccine, offering fake stimulus checks, and posing as government agencies or law enforcement. In short, malicious actors know who to target, and they violate user integrity by enticing them to click something that infects the target with ransomware.
Ransomware infections are the result of susceptibility to social engineering. This type of attack exploits its targets through intimidation, urgency, and authority. This is shown through the tactics, techniques, and procedures of recent phishing campaigns. To reduce the chances of a system being infected by ransomware, organizations must be aware of all basic cybersecurity practices. The most crucial mitigation methods concerning ransomware include the following:
- Updates - Ensure that operating systems, antivirus, and other applications are up to date and have the latest patches. This is one of the basic ways to prevent major vulnerabilities.
- Backup Recovery - A data recovery plan is essential in minimizing downtime and protecting critical information. A backup must be isolated from the network and be tested regularly.
- Verify Trusted Sources - Users must be cautious of email attachments and unknown websites. Downloads should only be done from trusted sites, and macro scripts in emails should be disabled.
- Informed Users - Users must be updated and informed on the latest social engineering trends because they are the most exploited ransomware tactics.
These are four basic cybersecurity measures, among many, that can prevent a ransomware infection. Above all other measures, social engineering awareness is paramount. Users should be cautious of any links and attachments outside of their organization; this is how most ransomware campaigns are successful. Threat actors use intimidation and urgency to increase the likeness of victims paying the ransom.
Prevent ransomware infections by reducing an attack surface as much as possible. However, the most secure networks will always be susceptible to social engineering. It is imperative to be cautious and educate users on this course.
In the case of a ransomware infection, isolate the system as soon as possible. It is advisable never to pay the ransom. Paying does not guarantee the return of the victim's data, and it increases the chance of this happening to other people. Ransomware can be expected to continue for quite some time. Recognizing the attack tactics and taking the necessary mitigation actions will reduce the overall damage of these malicious cyber campaigns.
Berkeley Information Security Office. (2020). Frequently asked questions-ransomware. Retrieved from https://security.berkeley.edu/faq/ransomware#t42n1501
Ford, J., Grenga, A., Jon Perez, & Williams, B. (2021). 2020 Was a Bad Year for Ransomware. 2021 Will Be Worse. Barron's (Online), Retrieved from http://ezproxy.utica.edu/login?url=https://www.proquest.com/trade-journals/2020-was-bad-year-ransomware-2021-will-be-worse/docview/2476160243/se-2?accountid=28902
Kaspersky. (2017). WannaCry Ransomware. Retrieved from https://usa.kaspersky.com/resource-center/threats/ransomware-wannacry
Singleton, C. (2020). Ransomware 2020: Attack Trends Affecting Organizations Worldwide. Retrieved from https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/
Stoecklin, M., & Dhilung Kirat, J. J. (2018). DeepLocker: How AI can power a stealthy new breed of malware. Retrieved from https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/