The 2020 Guide to Ransomware PreventionAugust 25, 2020
The term “Ransomware” should not come off as strange to any regular Internet user. Ransomware falls in the category of malicious software – one which viruses and spyware belong to. Ransomware is a form of malware that encrypts a victim’s files and prevents access to them until some ransom is paid. In the 1980s, when this form of attack was initiated, the ransom was usually paid via snail mail. These days, however, credit cards and cryptocurrency – especially the latter have made it easy for anonymous payments to be received without the fear of being tracked by law enforcement agencies.
Influx of Attacks during COVID-19 Pandemic
Cybercriminals are always looking for an avenue to execute a wide-spread attack, and the Coronavirus pandemic gives them just the perfect opportunity to strike. A report released by Beazley Breach Response (BBR) Service stated that there’d been a 25% increase in ransomware attacks this period, and there are indications that this figure will continue rising.
These ransomware attacks are orchestrated under the guise of spreading valuable information relating to the use of facemasks, hand sanitizers, and potential cure for the virus. In popular cases, these ransomware attacks are conducted through financial scams purported to be relief funds from the government, and as expected, a lot of people will fall for these scams.
Susceptibility of Cloud Computers to Ransomware Attacks
This particular form of malware is directed a lot at cloud platforms because of the vast amount of data and ransom the attackers look to make if their hack is successful. In this period, where remote work has become quite a thing, many workers have to connect with cloud servers from their various homes for collaboration and file sharing. It is a no-brainer that these home connections cannot be as secure as an office network, thereby possessing higher chances of being infected.
Once an employee’s device is infected with a properly encrypted ransomware, the moment they connect with their cloud server, this malicious software makes its way into the server and hijacks its operations. One example of popular ransomware is WannaCry. This software affected about 230,000 computers, spread over 150 countries, and ran individuals and corporations into losses running into $4 billion.
Ransomware Attacks in 2020
New ransomware called CryCryptor was masqueraded as the official COVID-19 contact tracing app released by the Canadian government. This software explicitly attacks Android users by encrypting specific files on their device and leaving a readme file containing an email address that should be emailed to facilitate the decryption of encrypted files.
Another ransomware hidden in an Android application is CovidLock ransomware. The app provides a clean UI displaying a map tracker for Coronavirus cases but is ridden with malware, which seizes users’ data and phone contacts till a ransom is paid. Hospitals and healthcare databases are the worst hit by these attacks because, at the moment, they are mostly focused on saving lives and finding a cure to the virus, making them pretty unbothered about their IT security.
3 Surefire ways to Stay Safe from Ransomware Attacks
For individuals and corporations, it is pertinent that they keep a safe ecosystem during these periods. To do this, they can:
- Backup their data: The most effective solution to staying secure against ransomware attacks is to consistently backup your data. This way, even if a ransomware attack strikes, there is some form of assurance that the documents hijacked can be retrieved. An encryption software must be used to protect further the backed up data.
- Using Security Software: Besides using antimalware software to detect and remove any malicious software, downloading a VPN for protection would also go a long way in securing devices and networks. VPNs secure all traffic between your device and the internet. This way, your data is protected from any kind of snooping or interference,
- Staff and Personnel Education: It is or should be a standard company policy for staff to get constant orientation and boot camp training on best practices to be enforced when used on the Internet. These practices include avoiding emails from untrusted senders, using strong and different passwords for personal and corporate accounts, and ensuring they have their security software up to date.