Ransomware is malicious software, also known as malware, that can encrypt an organization’s critical data, denying access to entire systems, including databases, files and applications. Quite literally holding this information hostage, as the name would imply, enterprises then must pay a ransom in order to regain access.

Designed to paralyze an organization, quickly spreading across private networks, this growing threat is predicted to cost organizations $20 billion this year.^[1] These types of attacks have grown this year by 64%. It only takes one employee opening an email to compromise an entire organization and once hit, many enterprises aren’t able to recover.

Ransomware attacks usually gain access to a computer through a phishing campaign, where a victim opens an email and downloads malware mistakenly through an email attachment or a link. An attack vector then establishes itself on the device. If the exploit is successful, it can attach a malicious application to the infected system. The application can then search for valuable files. Word documents, database files and images are some of the the most sought after, once they’ve been found, they encrypt them. Some of the most dangerous attacks exploit a system and its network vulnerabilities, causing it to spread across entire organizations. Using asymmetric encryption, a pair of public-private keys are created to encrypt and decrypt a file. Created by an attacker for each victim, the private, decrypt keys are the only way to access the files and is only given once the ransom is paid. Victims are usually given 24-48 hours to do so, or the files will be lost permanently. If a data backup isn’t available or it was encrypted as well, organizations must pay the ransom to get the files.

Ransomware variants are constantly evolving and because it’s straightforward to execute, has become more prevalent. There’s always new techniques being used to try and get access to data, hackers just have to look around for organizations without strong network security protocols.

There are many different types of ransomware, these include:

• CryptoLocker: One of the oldest and most destructive forms of ransomware, it uses strong encryption algorithms and is almost impossible to decrypt an infected computer or network without paying the ransom.
• WannaCry: One of the most widely known variants, in 2017 this attack spread to over 150 countries. Exploiting a Windows security vulnerability, it exposed the issue of outdated systems.
• BadRabbit: In 2017, this ransomware used an insecure website to run the attacks. Users visited a website, unaware that it was compromised by hackers, and asked to run a fake adobe flash installation that infected their computers.
• Locky: Posing as an invoice, this ransomware makes the victim enable macros to read the document. Once they do, it begins encrypting multiple files types.

Preventing Ransomware Attacks

To help prevent ransomware attacks some best practices to employ are:

• Staff awareness: Raising awareness is a baseline security measure, but trainings can help prevent an attack.
• Block specific files types: Some malicious files have an executable mime type, filtering them will help from being delivered to employees.
• Update systems: Make sure software, operating systems and applications are regularly updated to help close security gaps.

Full Visibility Incase Of An Attack

Opengear devices aren’t cyber security solutions but when a breach does occur, they provide enterprises with full visibility. Lighthouse Enterprise enables organizations with the ability to control every part of a network through a central hub.

During a breach, it allows organizations to:

• Disable access to impacted network equipment via the console port, isolating the incident
• Shut down access to servers to protect private data until the breach has been remediated
• Disconnect the WAN connection to isolate an effected branch
• If an engineer can’t regain control of network assets, they can power off via remote PDU control
• Reconfigure devices to factory default and rebuild the configuration via the console port

When a ransomware attack occurs, many organizations aren’t able to reestablish themselves. Paying a ransom doesn’t prevent attackers from attempting to hit an organization again or necessarily ensure a successful recovery of data. The vast amount of enterprises that have been targets of these attacks have experienced significant impacts, including loss of revenue, damage to brand reputation and have been the cause of workforce layoffs.

A recent research report found^[2]:

• 66% of organizations reported significant revenue loss
• 35% of businesses paid up to $1 million in ransom demands
• 29% had to perform layoffs due to financial losses from an attack

Opengear provides enterprise-grade security for core and edge sites. To decrease disruptions and safeguard customer information, our solutions have the most stringent encryption features built-in to ensure the latest compliance standards are met. Be ready for any threat with a resilient network.

[1] https://www.cybereason.com/blog/report-ransomware-attacks-and-the-true-cost-to-business
[2] https://purplesec.us/resources/cyber-security-statistics/ransomware/