Beating the sophisticated tactics behind targeted ransomware
Targeted ransomware is a type of cyberattack where cybercriminals specifically target a particular individual, organisation, or industry with the intent of encrypting critical data and demanding a ransom for its release. Unlike opportunistic ransomware attacks that affect random victims, targeted ransomware attacks are tailored to exploit vulnerabilities within a specific organisation’s systems and infrastructure. At an individual level, this means that a hacker will focus on getting a person to make a simple error that will get them past network defences. Once they are inside a network, they can move through different layers of protections and passwords until they strike gold.
How Targeted Ransomware Attacks Work
- Bad actors obtain the personal details they need to launch a targeted ransomware attack. They follow social media accounts, obtain personal details such as the names of friends and family, addresses – anything that will make you think you are engaging with someone trustworthy. Company websites often include employee names and designations, and email address formats can be spoofed. Stolen credentials can also be purchased on the dark web.
- They use this information to gain unauthorised access to the network through various means, including phishing emails and business email compromise (BEC).
- They may also exploit software vulnerabilities or use stolen credentials.
- Once inside the network, the attackers identify valuable data and encrypt it using strong encryption algorithms, making it inaccessible to the organisation.
- After encrypting the data, the attackers demand a ransom payment in exchange for providing the decryption key. The ransom demand is typically accompanied by threats of data leakage or further damage if the ransom is not paid. According to Cyanre Digital Forensics Lab, the average South African ransomware demand is currently around R20 million.
- Victims are often given instructions on how to make the ransom payment, usually in cryptocurrencies like Bitcoin, to maintain anonymity.
- If the ransom is paid, the attackers provide the decryption key, allowing the victim to recover their data. However, there’s no guarantee that the attackers will honour their promise, and often victims may not receive the decryption key even after paying the ransom.
- Alternatively, victims do receive the decryption key, but the data is still exfiltrated and sold on the dark web anyway.
8 Ways to Protect Yourself from Targeted Ransomware
Understanding what to do and what not to do during a targeted ransomware attack is crucial for minimising the damage and protecting yourself from falling victim. Here are eight ways to ensure you aren’t the reason a hacker steals your data or slips into your organisation’s system:
- Back up your data regularly: Regularly back up your important files and data to an external hard drive, cloud storage, and follow company back-up policies. This ensures that you have copies of your files in case they are encrypted or lost during an attack.
- Keep your software updated: Keep your operating system, applications, and antivirus software up to date with the latest security patches. This helps protect your devices from known vulnerabilities that ransomware may exploit. If your system tells you an update is available, do the update. This includes any apps on your machine or devices.
- Use strong, unique passwords: Use strong, complex passwords for all your online accounts and devices. Avoid using common passwords or reusing passwords across multiple accounts. Remember the dark web marketplaces we mentioned? These can be used to bombard systems with email and password combinations (called a brute force attack) until one combination works. How does this happen? It’s generally the result of people using the same passwords across multiple platforms.
- Be wary of suspicious emails and links: Be cautious when opening email attachments or clicking on links, especially if they are from unknown or suspicious senders. Verify the sender’s email address and look for any signs of phishing.
- Enable multi-factor authentication (MFA): Enable multi-factor authentication wherever possible, especially for sensitive accounts like email and online banking. MFA adds an extra layer of security by requiring a second form of verification in addition to your password.
- Monitor your systems for unusual activity: Regularly monitor your devices for any signs of unusual activity, such as unexpected file encryption, changes to file extensions, or unusual traffic.
- Disconnect Infected Devices from the Network: If you suspect that a device has been infected with ransomware, disconnect it from the network immediately to prevent the infection from spreading to other devices.
- Seek help from your Cybersecurity team: If you suspect you may have become a victim of a ransomware attack, immediately seek help from your company’s Cybersecurity team. They can provide guidance on how to respond to the attack and potentially recover your files and monitor the system to prevent the attack from going any further.
5 Things to AVOID During a Ransomware Attack
- Don’t Panic: While a ransomware attack can be alarming, it’s essential to stay calm and focused. Panicking may lead to hasty decisions that could worsen the situation. If you’re worried you’ve clicked on something you shouldn’t, or anything seems suspicious, let IT know immediately.
- Don’t click on suspicious pop-ups or ads: Avoid clicking on suspicious pop-ups, ads, or banners, as they may lead to malicious websites or initiate the download of ransomware onto your device.
- Don’t disable antivirus software: Keep your antivirus software enabled and up to date. Disabling antivirus protection exposes your device to greater risk of infection.
- Don’t delay reporting the attack: If you suspect that your device or network has been infected with ransomware, don’t delay reporting the attack to the IT department. Prompt action can help contain the attack and prevent further damage.
- Don’t share personal information: Never share personal or sensitive information with unknown or untrusted sources, as it may be used against you in future attacks or scams. It is wise not to overshare on social media or public platforms either.
Conclusion: Saty vigilant, stay informed and stay safe
By following these dos and don’ts, you can better protect yourself and your devices from targeted ransomware attacks and minimise the potential impact on your data and privacy. Remember, common sense is your best defence. Stay vigilant, stay informed, and stay safe online. Sasfin provides regular security tips on how to stay protected from cyber-attacks visit our Cybersecurity resources for more updates.