The ransomware is a virulent malware that it usually sneaks into computers via malicious emails and encrypts files critical and poses a relevant threat to companies, but also to workers who, with the pandemic they have improvised workspaces in their homes.
The change in work settings due to the pandemic has forced many employees to create makeshift offices using home networks and unsecured shared spaces. People who work from home are more susceptible to these attacks, which take advantage of daily routines such as opening several emails, as warned by the cybersecurity company Trend Micro.
Successful ransomware attacks are debilitating because malware can spread to other computers on the same network, jumping from one device to another and rendering them useless. So the cyber attacker usually demand a high price to decrypt all files and allow the user or company to resume their operations normally.
The risks of this threat are various. On the one hand, if the affected user does not have a backup, it could completely lose all your files. On the other hand, if you decide to refuse to pay the ransom, then you may be a victim of the so-called ‘double extortion technique’, in which they also threaten to expose the data.
part of the data loss, the stoppage of operations due to the inaccessibility of the machines greatly affects the results of the company. Not to mention, devices may need to be reinstalled or replaced if damaged by the attack.
How Attacks Work
As explained from Trend Micro, ransomware actors seek big targets, such as the corporate network of a company, to spread through it and steal and encrypt the data. The worker who connects to it from home through a virtual private network (VPN) or the cloud-hosted systems that it uses to work or share files are the gateway.
The ‘phishing’ -Impersonation of a legitimate source- by email is the most common method used by ransomware distributors, but they can also scan specific tools and then try to guess the password (known as brute force).
Both methods target work email accounts, remote desktop tools (for example, Microsoft Remote Desktop or RDP), and to networks or cloud-based storages to deliver the full payload of the ransomware.
Cyber attackers can also direct malware to the VPN or remote desktop software. Phishing is again a popular way to do it, or they can hide it in popular software on torrent sites or in ‘apps’ uploaded to app stores. A third way consists of target smart home devices and routers via vulnerabilities, default passwords, or easy-to-guess passwords.
Ways to prevent it
Avoid giving personal information publicly in digital services, which cyber attackers can use to their advantage, and have a strong password that is difficult to guess and different for each service, or with a password manager, are two of the simplest and most common ways to mitigate the risks posed by ransomware.
Additionally, Trend Micro researchers advise Windows users to enable the function of displaying file extensions, which allows you to check what is being opened, as malicious actors sometimes use file names that look like two extensions, for example “photo.avi.exe”.
In relation to this, it is convenient to open only attachments from trusted emails. Ransomware is commonly spread via spam email with malicious attachments, and many distributors already know the most effective subject headings to grab the user’s attention.
They also often send malicious payloads in common file types: jpegs, Word documents, Excel sheets, and other attachments that are commonly used by most offices.
And in case the computer starts showing suspicious behavior, you have to disable internet connection. According to Trend Micro, ransomware often needs to connect to a command and control (C&C) server to complete its encryption routine. Without internet access, this malware will remain inactive on an infected device.
Another protective barrier stars it security solutions. Many devices and computer programs already have integrated and constantly updated security functions, although Trend Micro recommends updating the firmware of the home router, as well as the operating systems and software of the computers, mobile devices and browsers to the latest versions. This includes any virtual tools and VPNs from the company.
All devices must also run network and endpoint security solutions updated from a trusted providersuch as Trend Micro Maximum Security, capable of blocking web threats like ransomware and helping you avoid malicious phishing emails.