The Ultimate Ransomware Safety Guide in 3 Parts

by | | Ransomware, Security, Tips

Ransomware has spread to this woman's computer

There has been a lot of talk from us about ransomware lately, and this ransomware safety guide will be the only guide you need for 2021. We’ll go over everything from the basics, like what is ransomware? To something a bit more complex, why is it more successful than other viruses?  And then we’ll wrap things up and ask, are you tired of it yet? 

So that you know, we’ll be updating this post throughout the year with new security solutions and tactics to keep hackers at bay. We hope that this, along with our recent articles regarding ransomware, can teach you more about keeping your company protected and your data secure. Our goal is to make it so you don’t have to worry about hackers stealing your company’s information (or your customers) – resulting in numerous legal fees, data breaches, and even identity theft.

 

But why are these ransomware attacks more successful than other previous campaigns (like conversation hijacking and email phishing campaigns)? Well, we’ll dive into that for you quickly.

 

More than 25% of companies out there that end up being cybersecurity victims of ransomware end up paying the ransom. They feel that they have no other choice. Give in to the demands of the attackers. Most of the average ransom amounts can range anywhere from the hundreds to the millions of dollars.

 

Ransomware Safety Guide Part 1:  Never Give In

Should you or should you not pay the ransom to unencrypt your files? That is the question.

 

According to many government and law enforcement agencies, one of the biggest mistakes you can make is paying a ransom. Many people think that just because they get the decryption key that they’ll get their data back. Unfortunately, only about 50% of the time do the companies get their files decrypted, but what’s even worse is that your data’s probably already being sold on the “black market” of the internet. More often than not, there are good things that you get if you are a victim.

 

The 3/4 companies that don’t pay the ransom end up stepping up their cybersecurity to make sure this never happens again. Some of these companies (more than 66%) end up increasing their cybersecurity staffers or hiring a managed service provider for IT support. The ones who pay often don’t do anything to increase their security and are just looking for a quick fix. This enables them to become a victim again later.

 

Why Does This Work Better?

Hackers are now gaining remote access to your computers and controlling them remotely

 

When the internet first boomed around the new millennium, it wasn’t uncommon for some of the most dangerous viruses out there to attack people’s computers. However, things have gotten a lot more serious, and people aren’t just at risk of having their computers getting fried. More importantly, most people who end up paying for the ransomware are the same people who wouldn’t click a scam or spam email link as they would have in 1999. Email campaigns are tough to fall for in most cases these days. Therefore, hackers have developed other means of exploiting systems and remotely controlling them.

See also  The Cyber Warfare Top 10 List of Worst Offending Countries

 

Think Like a Business Operator

Botnet zombies are on the rise.

 

In the olden days, it was nothing new that cyber attackers would literally steal data for themselves to use in defrauding their victims. Such isn’t the case anymore. Now, some people act as middlemen in such cases. They’ll exploit the systems, then sell those systems on the botnet. These computers are called “zombies,” and they are sold over the dark web auction sites so that hackers and cybercriminals can steal data, and identities, and even steal your money. Some of them even end up installing malware on your computer themselves so that your information becomes encrypted (this is what ransomware is). By paying a ransom, you’ll supposedly get to unlock your files.

 

Can You Unlock Files Any Other Way?

You might get lucky with a decryptor

There is a slew of unlockers and decryptors out there. Unfortunately, many of these viruses don’t last more than a few months before a decryptor is made, and then the code for them is modified so that there’s a whole new strain out there. Some websites have decryptors for some of the most widely used botnet malware and ransomware viruses. Some of the most common companies that have released decryptors are:

 

  • Kaspersky
  • Trend Micro
  • Emisoft
  • Avast
  • McAfee
  • Michael Gillespie – The Decryption Superhero

 

The last one is not just a shameless plug to the man who has ended up creating decryptors for millions of people. He’s made it somewhat of a hobby to help people restore their files, but he’s helped millions of companies and people get their data back to normal with his software creations. He’s the creator of the ID Ransomware project.

 

Ransomware Safety Guide Part 2: Ransomware Gangs

Ransomware gang member

Scammers and ransomware have been running rampant in the past year since the pandemic caused cases to soar not only in the light of COVID cases but also cyberattacks. However, there’s one team that’s been being used since August by certain ransomware gangs. While we highly recommend many of our past posts not pay the ransom, many companies still do. This is primarily because of cold calling tactics that the ransomware attackers are using to scare their victims into paying.

 

Cold Calling?

ransomware hacker smiling

Yes, ransomware teams have been calling their hacked company to restore their data from backups or format their devices. The downside to this is that you are literally being scammed, to begin with, and then they enhance this by calling you. Outsourced call centers work for the same ransomware teams and use templates and scripts that are very tedious and similarly written. They’ve seen that many of these threats appear to be the same no matter the installed ransomware.

 

Many of the callers are not of English descent or American and often have very strong foreign accents. They often tell you they know that a third-party IT company is working on your network. Then they state that they are monitoring you and know you’re installing SentinelOne antivirus on all of your computers (even if you aren’t). They tell you that this won’t help and that if you want to get your data back this week, they will discuss the situation with them on a private chat network, or you will continue to have issues from the ransomware group.

 

Is this real? Well, of course not. This is just a tactic to get the ransomware victims to pay for any data they have stolen or data that they’ve encrypted but haven’t been able to steal. They threaten to leak your documents and files if a company doesn’t pay. However, unlike before, this is the first time that these hackers are actually threatening people with cold calls.

See also  The 10 Best WFH Tools To Stay Ahead Of The Pack

 

Should I Answer?

should i answer

Whatever you do, you need to realize that many cases are stopped immediately when you have ransomware installed on your computer. Often, there isn’t even any data collected by the attackers. Therefore, though you should assume that this is a possibility, you should never give in. Do not allow these hackers to get any information out of you. It’s just like if they call you and ask you for your social security number–you don’t do it.

 

Why? Because if it’s something that’s not your own bank or a company that already has it, you should never give your social to anyone. The same goes for your company’s information—don’t give any information that they can use to incriminate you further. Many companies say they have the info and that you need to confirm it. Just don’t do it.

 

Another thing you can do is not answer the call at all. Many of them are finding out that your phone numbers are real, and then you end up having a ton of robocalls that end up following because of it, which can cause even more problems. Some fraudulent groups pretend to be government officials, making it even worse because many older people are susceptible to falling victim to these scams.

 

Government offices won’t directly call you (such as the IRS or Social Security Administration). You will almost always get a legitimate letter in the mail first, requiring you to call them.

 

Ransomware Safety Guide Part 3: What Happens When Ransomware Goes Undetected?

powershell

A new ransomware tool that hackers use these days is not detected by popular antivirus software. What’s worse, this new malware allows people hacking you to execute commands via your command line or PowerShell remotely, and even in a hidden window that you can’t see.

 

What does this mean? It means that attackers can use remote desktop protocols and Windows 10 exploits that are common to avoid being detected by your antivirus software. While some software solutions allow you to stay protected and catch it, others are bypassed, even AVG (among other antivirus programs).

 

Why This is Extremely Dangerous

malware alert

By using the PowerPepper malware, hackers can not only get remote access, but thanks to the security team at Kaspersky Labs, these malware strains allow the hackers to install even more malware on your computer, access files, and install ransomware as well. This specific software used by the hacker group known as DeathStalker has been used since 2012, but it’s gaining popularity, and that it can evade detection from some top antivirus apps throws a red flag.

 

How Can I Stay Protected From Invisible Ransomware Attackers?

security team

Of course, having a solid network solution in place and frequent local and cloud backups of your data is extremely important to protect yourself. You want to use solutions that can provide antivirus, malware removal, and even endpoint protection for your business and computers. To do so, you may need to talk to a service provider and have things monitored closely–especially during these tough times.

 

How Does PowerPepper work?

mac address

The hacking group’s method allows sandbox execution on Windows by using different things that people don’t even notice. It can be as simple as detecting mouse movements and figuring out MAC addresses and finding out what antivirus products are installed on the system.

See also  What is Voice Cloning and How Can It Affect Your Business?

 

They then use and spread the malware with email attachments or by providing links to documents containing bad Visual Basic macros (such as those installed on Word or Excel files, as we’ve mentioned in previous posts). This allows the program to be run on the infected machine, the mouse movements to be detected so the hacker can turn off or disable antivirus, and more.

 

Further Protection Measures Are Important

cyber security

As per instruction from many cybersecurity teams, having the best antivirus software that can stop attackers before they can get through the door is extremely important, but you also need to train your employees to use cybersecurity tactics properly. This means not opening up suspicious email attachments and much more. It’s also important that you practice cybersecurity these days, even on your VoIP phone systems.

 

This may be troublesome for some customer service representatives, though, because you may have to answer all calls coming in. However, with the right training, you will provide some security by ensuring you know what to say and what not to say. It’s also important that you don’t fall for scams brought out throughout the past months and years.

 

What About My Remote Employees?

remote workers

These days, many companies have remote employees due to the pandemic, but having your systems updated regularly and having special cybersecurity measures in place for these work-at-home devices is also important. You want your employees to keep their families safe as well.

 

What Do We Think and How Can I Protect Myself?

 

If you want the best security, you need to have some of the best on the market. Fortunately, all of our phone systems are best rated in the country and have not been breached by cyberattacks and exploits. We also offer a full-service security solution so that everything from your own data all the way to your customer’s data is protected and safe so that hackers will be stopped before they can wreak havoc on your system.

 

Fortunately, increasing your network security is the best way to avoid a ransomware attack at all, so you don’t end up being one of the victims that forks over their cold hard converted cash (most ransomware payments are made with bitcoin). Therefore, you can avoid all of this hassle by having a good team of IT professionals do the job of increasing and building your security. They can even help you with storage solutions, network solutions, as well as VoIP solutions so you can end up having the highest amount of service-connected cybersecurity that any small business could have. And you don’t have to worry about paying them for vacation time, sick leave, additional taxes, and more.