Share your valuable feedback, comments or suggestions on Ransomware
The cybercriminals nowadays reached the new level of maturity and menace and are organized. They are using malware which encrypts files and folders of hacked computer or server. Fearlessly they demand bitcoin as ransom, to release the system under their control and if not paid, would delete ransomed data.
Companies who refused to Pay Ransomware
According to information via Right-to-know request by a local reporter from TribLive, Pennsylvania Senate Democrats paid $703,697 to Microsoft to help rebuild IT systems and infrastructure after the March 2017 ransomware incident. On March 3, 2017, the organizations entire IT systems including web servers went down a the hands of un-revealed ransomware strain. The 28 bitcoins nearly $30,0000 were demanded to decrypt and unlock of ransomed data, which was declined by officials. Finally, they restored the data from backups and rebuilt the entire IT system from scratch.
Few more examples decided to rebuild the entire system instead of paying ransom like Atlanta city computers, the Colorado Department of Transportation which got hit twice by SamSam ransomware in February and March 2018. Similarly done Erie County Medical Center in Buffalo in 2017. The reason behind that was there was no guarantee of recovered data, and also anyway they have to rebuild the systems avoid future headaches. Also, the old systems would get exploited repeatedly until system administrators deploy proper fixes.
Is Ransomware Salient?
In 2017, the volume of Ransomware attacks grew by over 400%, which came drastically down in 2018. Possibly the cybercriminals moved to crypto jacking to mine cryptocurrency. Another reason that they have moved towards massive network-wide breaches by variants such as SamSam, BitPaymer, and Dharma over publicly exposed remote desktop services. That is why the Internet Crime Complaint Center (IC3) has released a security alert about attacks targeting exposed remote desktop services.
(September 28, 2018) The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, issued a security alert regarding Remote Desktop Protocol (RDP) Attacks for corporate theft, installation of backdoors, or as a launching point for other attacks.
- Regularly backup data offline locally on some device or on the cloud.
- Keep Windows operating system updated with new releases and patches. The WannaCrypt was designed to exploit unpatched Windows 7, Windows Server 2008, and earlier version like WindowsXP.
- No More Ransom website launched collaboratively by Europol and Dutch National Police with cybersecurity companies like Kaspersky and McAfee. The site provides decryption tools for ransom variants.
- Install Security software like antivirus, which could effectively block the threat through spam and provides layers of protection. Harden network that decreases the exposure to the threat.
- Businesses should train employees of social engineering tactics used in spreading ransomware. Make them wary of emailed attachments and links, especially from untrusted senders.
- In June 2017, South Korean web hosting company paid a one million dollar ransom to cybercriminals. They fall victim to a Linux variant of the Erebus. A rare case as the vast majority of ransomware targets Windows.