Ransomware: How it works, the threat you face, and how you can prevent it

Ransomware is currently one of the biggest threats facing your business, and if you've been keeping up to date with the cyber security news headlines you'll be aware of the financial destruction that it can cause.

So, what is ransomware?

In summary, ransomware is a malicious software that encrypts a victim's files and demands a ransom in exchange for a decryption key - not only denying the victim access to their critical data, but also inflicting severe harm to individuals, businesses, and institutions. As one of the largest concerns in cybersecurity, combating ransomware requires a proactive approach that involves comprehensive protection in all areas of your IT ecosystem.

How does ransomware work?

Criminal organisations, such as ALPHV/BlackCat, REvil and LockBit, are always seeking new targets to infect with their advanced ransomware technologies.

Ransomware attacks begin in various forms, from phishing emails to exploited software vulnerabilities, but will always involve finding a way to either download or execute malicious files onto your systems. When the ransomware is triggered, it will quickly spread through your network - modern cyber criminals leverage their own advanced technologies - identifying and encrypting files, documents, images, and databases. This can render your entire ecosystem inaccessible, completely paralysing your critical business operations. Once the encryption process is complete, the ransomware will generate a unique decryption key and a ransom demand in the form of either a message or a notification. In the ransom note, attackers will usually promise to release the encryption key upon payment - this is never a guarantee, and paying the ransom can end up doing more harm than good.

As an example, US Energy Services organisation BHI Energy recently disclosed how threat actors from the Akira ransomware gang breached their network on the 30th of May this year, using stolen VPN credentials from a third-party contractor. This allowed the threat actors to gain entry to BHI's internal network and deploy the Akira ransomware - encrypting all files on all devices. Fortunately, BHI had a cloud-based backup solution in place and were able to restore their network, but only after the threat actors had managed to steal 690Gb of company data. The Akira gang's foothold in BHI's network was finally removed on the 7th of July - over a month after the criminals initially gained entry.

The threat you face

If you're unlucky enough to suffer a ransomware attack, you can expect severe consequences. Not only will you suffer immediate financial losses from being rendered unable to conduct business operations, but you'll also have to bear the significant long term costs that result from recovery operations and any potential regulatory penalties. Without secure backup solutions in place, you'll also face the risk of losing all of your critical data - presenting an indescribably serious challenge to the continuation of your business operations post-attack.

If you're able to successfully recover business operations, the challenges don't stop there. Publicly disclosed ransomware attacks can seriously harm a business' reputation, and shred customer trust - meaning you'll continue to suffer in the long term.

Entertainment and gaming giant MGM recently suffered a suspected ransomware attack from a group known as Scattered Spider. The cyber incident forced MGM to shut down several hotel and casino IT systems and left customers unable to make card payments, use cash machines, and even access their hotel rooms. MGM have since reported to the US Securities and Exchange Commission that the incident will cost them over $100 million, which could end up making it the most expensive ransomware event on record - and with the casino operator facing numerous federal lawsuits, the costs could still rise.

What you can do to combat ransomware

Modern ransomware operations are persistent, sneaky, and incredibly fast. If you aren't protected, you'll only know that the attack is underway once it's too late.

The only way to ensure your protection is a comprehensive and proactive cyber security strategy.

The first element that you need to consider is implementing an Endpoint Detection and Response solution. EDR safeguards individual endpoints (such as laptops and servers) within your network, monitoring them for malicious activity. Should the worst happen, EDR solutions can isolate any infected devices, preventing spread of the infection and making them a dynamic piece of your strategy.

You can further reinforce your EDR with a SIEM solution. Acting as your organisation's digital CCTV, SIEM (Security Information and Event Management) constantly monitors your IT ecosystem in real time, alerting security teams to any suspicious activity on your network and enabling a quick response. With AI and automation, SIEM solutions can use machine learning and threat intelligence to detect the most novel threats, meaning that even the sneakiest of cyber criminals will have a tough time breaking in unnoticed.

In order to make sure that your strategy has no weak points ripe for exploitation, Attack Surface Management is invaluable - in short, it helps you to understand and reduce your digital attack surface, minimising the number of entry points available to be exploited by threat actors. The attack surface management solutions also include continuous monitoring and review, so that your cyber security strategy and controls constantly adapt to the ever-evolving strategies employed by cyber criminals.

Unfortunately, today its a case of when, and not if, you'll be impacted by cyber crime. When the worst happens, an Incident Response plan is essential to ensure a swift, controlled response. Not only does having a well defined response plan mitigate the financial and operational damage that attackers can cause, but it also alleviates compliance headaches, and can help to manage the PR fallout and resulting reputational harm. To summarise, cyber security Incident Response plans mitigate both the short term and the long term fall out from ransomware.

A final word

A proactive strategy is always better than a reactive one.

Ransomware is a serious, evolving, and persistent threat to your business. Your critical data hold massive financial incentive for cyber criminals, and they are always looking for ways to get their hands on it. It's a case of when, not if, you suffer a cyber incident.

Combined, the aforementioned cyber security solutions provide a powerful defense against all cyber crime, including ransomware. A comprehensive approach is the only way to stay protected from cyber crime - minimising the routes that attackers can take to get into your systems, and deploying a rapid response in the event that they do break in.

If you're concerned about the growing threat of ransomware, then get in touch with Celerity today to speak to one of our cyber security experts and learn how our Managed Cyber Security Services portfolio can help to reinforce your cyber defences and mitigate the risk of an attack.