11.15.21

Don’t let ransomware ruin your holidays or weekends

Ransomware attacks are becoming increasingly common worldwide. Businesses large and small are being robbed of their data, money and security. Estimates by Cyber Ventures indicate small businesses in particular are attacked every 11 seconds and make up over half of all ransomware damages worldwide.

But with so many threats, how can you stay protected? To answer that question, first you need to understand the latest ransomware trends.

Attacks are happening at the most vulnerable time

Thanks to a warning by the FBI, we know that hackers are timing their strikes around the holidays and weekends, when offices are usually empty. With fewer people available, there are fewer obstacles in the attacker’s path.

Especially vulnerable to ransomware, according to the FBI, are small and large businesses. Meat supplier JBS, for example, paid over $11 million after a ransomware attack struck their plants on Memorial Day Weekend. The company was forced to briefly shut down operations, per Bloomberg.

Ransomware variants to be aware of

The FBI included in their warning a list of ransomware variants they’ve detected. The top reported threats include:

  • Conti.
  • PYSA.
  • LockBit.
  • RansomEXX/Defray777.
  • Zeppelin.
  • Crysis/Dharma/Phobos.
Protect you or your business from ransomware with these helpful tips.

How to prepare for a ransomware attack

Before you or your organization falls victim to cyber extortion, it’s important to understand the best practices.

Look out for strange behavior

The FBI recommends setting a baseline approach for what normal activity looks like on your network. This way, you can identify any bad actors based on their suspicious activity.

Review your data logs and gather an understanding of how regular performance should appear. Be on the lookout for multiple failed attempts to modify files, heightened disk activity or unusual communications.

Establish stricter telecommuting policies

Many businesses are especially vulnerable thanks to their hybrid workplace. As employees bring their work home, they may leave avenues exposed for ransomware to enter the company network. According to Mass Law Weekly, businesses need written policies that address these cybersecurity threats for all telecommuting employees.

Some workers may be required to address their own home network security, especially if they work from personal computers. Businesses as a whole may need to revise their password requirements for all company logins. At a minimum, businesses need to require immediate reporting when employees suspect there may be a breach in security. The sooner the threat is identified, the safer the network will be.

Know the ransomware playbook

Most ransomware attacks follow similar techniques in order to extort their victims. Familiarize yourself with them and you’ll know how to spot bad actors. Here are those techniques, according to Coveware:

  • Credential Access: This is an attempt to gain entry by accessing account names and passwords. Hackers often try keylogging to obtain legitimate credentials.
  • Lateral Movement: Hackers often try accessing a network by controlling their adjacent systems.
  • Defense Evasion: This involves evading existing security, often by uninstalling it entirely and hiding their malware in the system.

Remember, hackers are liars

Extortionists will say anything if it gives them access. There’s a reason why the average ransom payment from businesses is $140,000, per Coveware. Often, hackers will claim to have accessed privileged information from their target.

In reality, they likely haven’t stolen anything at all. Don’t believe hackers when they hang a ransom over you or your company’s head — they’re probably lying.

For more information about online security, check out our Total Defense Security Blog or contact us to speak with an expert.