Ransomware attacks
Ransomware
This time we will talk about one of the most known cyber-attacks; Ransomware.
Since the beginning of the Pandemic, Cybersecurity has taken on special relevance due to the numerous cyber-attacks that have been increasing in number, which are seriously affecting citizens and above all companies.
And what is Ransomware?
Compound word derived from English, which means “Data Hijacking”, it is a malicious program that infects our computer, blocking the operating system and preventing access to the information stored on the device.
When we try to access our files, photos, documents, etc., a note is displayed asking for an economic ransom in exchange for the release of our information.
Access to information is prevented by encrypting it, by means of mixed encryption algorithms, encrypting PDF documents, Word (.doc), Excel (.xls), Photos (.jpg), etc., etc., which can be easily identified as they appear with the extension “.encrypted”.
When the victim pays for the cyberattack, the attacker provides him with a simple program that, when executed, will use the recovery key and decrypt all infected files.
Currently, ransom payments are requested in cryptocurrencies, because unlike bank accounts, they cannot be traced by law enforcement agencies.
What form does ransomware take to appear harmless?
It usually arrives by means of e-mails that may include attachments such as PDF, Word, photos, etc., of the type: “invoice attached” or “payment settlement”, “pick up your package”, as well as including links to malicious websites, with information about prizes, attractive and economical travel, even participation in contests with spectacular prizes consisting of filling out a simple form with personal information, which in addition to infecting our computer, we provide our personal data for malicious purposes, which is called phishing.
But not everything is in appearance, because these attacks could come from acquaintances, even from people you trust, such as friends, co-workers, suppliers, customers, etc., and not because they are aware of the situation, but because their email is tapped and thus managed to send these malicious emails to their entire contact list.
And yes, it is possible that your email is tapped and you don’t even know it until your acquaintances tell you that they are receiving strange emails from you and that they have already infected them. One way of tapping a computer would be by receiving a call from your company’s IT team or an external service that, in order to solve a problem on your PC (e.g. removal of malware), asks you for access keys to your email that they will then use to tap it. Or the common practice of visiting an unknown website and authenticating or logging in to some services with our Facebook or Google account, since this makes it easier to fill in forms, but we are also giving our credentials to the malicious website.
The infection could also come from program downloads from unofficial websites, unknown or unknown external devices, such as external USB memory sticks, external hard drives, etc., which, when introduced into our computer, run a malicious program, which is called baiting.
Implications for a company
The implications for any company are incalculable, so let’s try to calculate the damage that a cyber-attack would have on a reputational level:
What will my customers think when I inform them that their data is unavailable or we cannot work for days?
What image are we conveying to our collaborators, workers, etc.?
But there is more:
Will the bailout be affordable for my company?
What economic impact will it have on my company?
Don’t go away, we still have more:
Can this cyber-attack cause us to be sanctioned?
Let us not forget that one of the fundamental points of a Security Plan is regulatory compliance and in this case, failure to comply with the European Data Protection Regulation(RGPD), as in the case of Air Europa, could result in a sanction.
And if our entity deals with health data, sexual orientation, political, religious, among others, i.e., special category data, we must take into account that this cyberattack could violate the rights and freedoms of the affected persons.
How to protect yourself from Ransomware attacks
The first step is to assume that we will surely be attacked by a cybercriminal and that it is mandatory to adapt our business to the Data Protection it is obligatory to adapt our business to the Data Protection Regulation (RGPD + LOPD GDD).
Subsequently, measures must be implemented to avoid being attacked or at least minimize the effects of Ransomware if preventive measures have not worked.
An antivirus will be the first barrier against Ransomware, but it must be effective against these attacks, therefore it is necessary to consult its characteristics or have a cybersecurity expert offer assistance.
Another measure that will help us in case of infection, is to make backup copies and if possible in the cloud, because the cloud means that our information is hosted on external servers, whose company that provides the service is an expert and therefore, will have applied the most advanced security measures possible, which will prevent a ransomware attack or infection.
The backup, therefore, will allow us to recover all the information. Therefore, the frequency is also relevant, recommending that it is daily and automatic copy so that it does not take time away from us.
Another interesting security measure is to use external servers where the information is hosted and that the employees have to access it with credentials.
In case of remote connections to servers hosted in our facilities, for example due to telecommuting or labor mobility (sales, installers, technicians, engineering, etc.), it is to use VPN connections that require users and passwords and installation of a high security Router and a Firewall (hardware and software) that filters incoming and outgoing connections to our information system.
The most advanced in terms of security is the connection by means of FTTH fiberconsisting of a private fiber network, installed exclusively for our company from the initial access point to our offices. It is a line that is not shared with other customers of the telephone company on duty.
Let’s remember that the main victims of Ransomware are companies and organizations, see the SEPE case for example, in which it has taken more than 6 months to solve the attack. Therefore, the awareness and training in cybersecurity and data protection of staff is vital, as it is of the personnel is vital, since it is the main access door to cyber-attacks.
Another widespread option is to take out a cybersecurity insurance policy. cybersecurity insurance which covers the effects of a ransomware attack, among others. In addition to being a great option, it is quite economical if we take into account its coverage.
In short, your cybersecurity expert will provide you with these and other measures included in the Security and Continuity Policies, which you should implement in your organization to avoid being a target of cyber-attacks.
We help you
Business Adapter® is an expert consultant in Data Protection Law and Cybersecurity solutions. Do not hesitate to contact us without obligation.