MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Mitigating Malware and Ransomware Attacks

ransomware

about the author

Share on linkedin
Share on twitter
Share on facebook

Ransomware is a type of malware that has become highly successful. This insidious form of malware uses various tactics, including social engineering and phishing, to infect networks to steal and encrypt data.

Once the data is encrypted, it becomes unusable and causes businesses to stall. This fact and threats to reveal the stolen data are used as leverage to extort money from the organisation. 

Ransomware infections continue to trend upwards. Some sectors, such as healthcare, have seen a staggering 94% increase in ransomware infections in 2021-2022.

Phishing continues to be the preferred method for delivering malware, including ransomware. However, this human-centric cyber attack can be mitigated using employee education.

What’s the Difference Between Malware and Ransomware?

Malware is a portmanteau of two words, malicious software. There are many types of malware: malware that steals data; malware that captures login credentials as you type them in; malware used to mine cryptocurrency, and so on.

Ransomware is a type of malware that performs actions on a computer or other devices to cause business disruption. Ransomware typically locks a device so it becomes unusable or encrypts data across a network so that work cannot be carried out.

Once the device is locked or the data encrypted, the ransomware displays an on-screen ransom note. The note will typically request payment in a cryptocurrency, usually bitcoin, to access a decryption key. However, payment of a ransom is no guarantee that data will be decrypted or returned; a Sophos report found that only 65% of the encrypted data was restored after the ransom was paid.

Ransomware Attacks

Ransomware attacks plague all industries and affect companies from the smallest one-person business to international enterprises. In the first half of 2021, the U.S. Treasury Department reported that companies in the USA suffered from $590 million in ransomware-related costs.

In recent weeks, ransomware has hit the headlines again: the NHS became a target for ransomware gangs with an attack on the NHS 111 service, causing patient delays and general havoc. The NHS is no stranger to ransomware attacks, with the 2017 WannaCry attack causing widespread shutdowns.

Other industries suffer from ransomware too. The financial sector, retail and manufacturing all have come under the watchful eye of ransomware attackers. Banking, utilities, and retail were the three most targeted sectors in 2021.  

Ransomware attackers changed tactics from a pure encryption approach to malware infection to a double-extortion attack. New ransomware infections involve stealing data before encrypting it on a network. This way, the cybercriminals can use the stolen data to threaten the company with data exposure if they don’t pay the ransom. A Cisco report has found that 70% of ransomware attacks now use this double-extortion method.

Ransomware is now a highly sophisticated and concerted criminal endeavour. Attackers regularly change tactics and approaches to avoid detection. A recent advisory from Sophos highlights a new tactic that involves multiple attacks where several different hacking gangs choose a target and attack either simultaneously or concurrently. Sophos notes that companies should see a ransomware attack as not “if, or when – but how many times?

Why Not Just Use Ransomware Decryptors or Anti-Virus Software?

There are lots of ransomware and other malware variants. So many, that commercial ransomware decryptors generally only deal with specific well-known ransomware variants. The website NoMoreRansom holds a list of decryptors for each type of ransomware type.

However, ransomware actors are clever and work diligently to evade software tools by bringing out new variants regularly. Anti-virus software or anti-ransomware security tools have a similar problem in keeping up with the changes in software code and mechanisms used by malware.

Using security software tools and having secure backups for data is essential. Still, the critical factor in preventing a malware or ransomware infection is stopping it before it gets installed on a device. This is where training employees come in. Phishing simulations and Security Awareness Training are equivalent to having a human firewall around your organisation and its devices.

Five Things to Prevent Malware and Ransomware

Empowering employees through education is a vital security measure and fits into a holistic malware and ransomware prevention model. Employees are increasingly manipulated by ransomware actors via phishing emails or taken advantage of through poor security habits.

Here are five things that your organisation can do to help your employees mitigate malware and ransomware attacks:

Teach Good Security Habits

Help employees understand their role in keeping your organisation secure. For example, use Security Awareness Training packages with modules on what malware or ransomware is, how it infects a device, and the damage it can do. Make sure that these awareness training packages are interactive and use point-of-need learning experiences to help train employees on how to mitigate malware infection.

Phish Your Employees

Use a simulated phishing platform to send all employees out realistic looking, but spoofed phishing messages. Use a platform that offers many templates and tailor them to reflect typical phishing messages containing malware or ransomware threats.

Keep Remote Employees Safe

Remote employees are at high risk of phishing and other cyber attacks. Ensure all employees, particularly remote and homeworkers, use a secure VPN to securely access websites and securely transfer data and credentials.

Engage Your Employees in Active Malware Prevention

Encourage all employees to inform your IT team or line manager about any suspicious activity. This should include suspected phishing emails and text messages. This allows time to respond to a ransomware or malware threat to prevent it from becoming an incident.

Be Socially Aware

Social media is an excellent place for cybercriminals to find out information about an employee and a company. Many cyber attacks begin with a social engineering attack that is fed by information gathered through various channels, including social media. Teach employees about the dangers of oversharing personal and corporate information

Cybersecurity Ventures report highlights that global ransomware damages will likely cost $250 Billion (£207 billion) by 2031. No organisation can feel safe from malware or ransomware infection without having the entire company onboard to prevent malware infection.

Well-trained employees provide a way to stop malware infection at the first hurdle and ultimately save your company from the distress caused by malware. 

Mitigating Malware and Ransomware Attacks

you might enjoy reading these