How to Protect Your Data from Malicious Encryption?

By David Balaban Reprint | | Print |

The writer is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation.

A person browsing through social media on a laptop computer (content blurred to protect privacy). Meanwhile, a group of UN-appointed experts called for a moratorium on the sale of surveillance technology, warning against the danger of allowing the sector to operate as “a human rights-free zone.” August 2021. Credit: World Bank/Simone D. McCourtie

AMSTERDAM, the Netherlands, Aug 18 2021 (IPS) - Ransomware is deploying its encryption right on your computer. The malicious process runs in the background as you continue your everyday activities suspecting no cyber disaster ahead.

Out of the blue, a message appears reading something like this:

“Your files are encrypted. Don’t worry, you can get your files back. If you want to have your data decrypted, send 0.5 BTC to the following wallet: [Wallet address].

Once you pay, send the payment details to [email].”

How are you going to respond to such an attack? To pay or not to pay? That is the question. You may resort to negotiating a paid decryption with the ransomware operators or run a data recovery campaign.

The latter is preferable and should involve enough IT security skills. Industry professionals have been fighting ransomware for quite a while. Their key suggestion is that victims should never panic and learn some basics on the threat they face instead.

Encryption for ransom is on the rise

Ransomware evolved to a top threat back in 2013 as the hackers figured out they could apply sophisticated yet quite accessible encryption and collect a good deal of money for the decryption key.

According to CNBC, in 2020 the cybercrooks operating encryption campaigns collected $350 million from their victims.

Ransomware deploys two basic scenarios. One targets the files that are the most critical for their holder. This saves time avoiding early detection.

The other does not bother with any selection encrypting all the files it can reach. This takes time but ensures all your important data get locked.

Once the ransomware completes its encryption, its removal does not help in recovering your data. All your business processes may get stuck if critical data is inaccessible.

Ransomware common infection vectors

The extorters keep on refining propagation methods for the malware that encrypts computer data for ransom. The majority of the tactics leverage a deception whereby the users get lured into enabling ransomware installation.

That is to say, they use social engineering scams. Other techniques resort to vulnerabilities in the software and OS and require no human intervention at all.

Phishing messages

Email attachment is a common source of encrypting ransomware. A spoofing email looks like a routine message. A user does not suspect any fraud and either downloads the content attached or follows the link included. This entails ransomware installation that executes its encryption payload and comes up with its demands.

Highly targeted phishing campaigns are the most popular among these scams. Also known as spear phishing, such fraudulent practices avoid spamming and mass-mailing. They target specific persons while impersonating somebody they know or would trust.

To increase the credibility of their messages, the phishers use data available through open-source inelegance (OSINT). LinkedIn, Facebook, and other social accounts tell a lot about their owners, and the hackers take advantage of that. On the other end, the attackers draw up their email as if it were dispatched by your current counterparty or client.

Encryption-for-ransom coming from the pages you visit

Certain pages host a malicious script that exploits your browser and other software vulnerabilities or use a variety of drive-by download tactics enticing users to enable the ransomware installation.

The misleading letters circulated by the fraudsters may contain links to such websites. Your browsing also gets redirected to the corrupted web pages as you click hyperlinks, banner ads, or pop-ups.

Vulnerabilities in data sharing and networking

Not a single operating system is flawless. Bugs and security breaches in cyber environments and software provide a range of options for viruses and trojans to propagate without user participation.

A recent example is Qlocker ransomware exploiting vulnerabilities in QNAP apps to compromise NAS devices.

Impacts and scale of vulnerability-based attacks are critical. A malicious executable can spread across computer systems and networks infecting a great number of devices in a very short time.

Best practices of preventing ransomware

Ensure your staff members acquire security skills and awareness.

Drive-by downloads and other prevailing methods of ransomware propagation exploit a human factor. A rule of thumb is to provide security training to your personnel that would include insights into encryption-for-ransom.

The key point is to teach every person in your company to verify and examine contents and links in the emails and on the websites before opening them. Pay special attention to training your staff on dealing with the letters that look like spam or sent by persons unknown to them.

This will help to mitigate the risks of ransomware attacks originating from contaminated email attachments and spear phishing.

Update your apps and OS in time

Did you know that the most successful extorters exploited the same security flaw in Windows back in 2017? Their ransomware campaigns distributed NotPetya and WannaCry encryption viruses. They affected the greatest number of computers at the end of the spring and the beginning of summer.

Meanwhile, the patch for the vulnerability was made available already in March. The businesses affected had two months to apply the patch. That only required them to allow Windows update, but they ended up with multi-billion losses.

So. the best practice here is to not reinvent the wheel. Just enable automatic updates for your apps and OS. Yes, I also hate those update alerts and forced relaunching. This is but a slight annoyance compared to the damages this routine prevents.

Keep your data backed up

Maintaining backups is a sure way to avoid any fund transfers to ransomware accounts even if they encrypt every bit of data on your computer. Some items that you would love to retain might remain beyond this measure as backing up all the data bulk is not feasible.

So, make sure you secure your critical files at least. These usually are the files that your business cannot operate without.

Restrict your staff data access privileges to what is required

People tend to underestimate the impacts of this routine. Meanwhile, it can reduce the exposure of your business to encryption dramatically. If there is no truly critical data to encrypt, there is no truly critical encryption.

Even if you have your data available in backup copies, restoring all the files might take too long and still result in significant outages and losses.

Does this particular employee need all the data available for the account? Perhaps, you can restrict the amount of data available at times while most of the staff members would not even notice that. They will still be able to do their job without any inconvenience.

Dealing with encrypting malware and conclusions to be made

You will recover from ransomware in no time if you have your data backed up and response measures implemented.

Upon eliminating intimidate impacts of the attack, it’s time to learn your lessons. Let’s figure out why and how the malware managed to infect your system and encrypt your data. Have your staff members handled an infected message without due caution?

Or maybe one of your employees visited a website that contained a malicious redirect? Have you checked your software for bugs and vulnerabilities? This checklist is not exhaustive. In any case, apply the best practices laid down above to avoid further instances of successful ransomware attacks.

In most cases, the malware manages to encrypt files due to the user’s oversight or lack of awareness. That is why cybersecurity training is a must-do.

Do not try to blame it all on a particular person. Even if there is one, the key reason is the lack of IT skills and information provided in a way that meets each employee’s skills and behavior. Scapegoating is a bad idea as that would not let you duly review the accident and derive valuable conclusions.

Where you deal with a human factor behind the encryption scam, notify your employees of the mishap, and invite cybersecurity experts to redesign and maintain the IT infrastructure of your business.

Follow @IPSNewsUNBureau