The earliest known ransomware attack was from 1989 and was distributed at the World Health Organisations AIDS conference. The virus was handed out on 20000 floppy disks to people at the event. The virus would trigger once the floppy disk had been booted up ninety times causing the names of files to be encrypted and a message popup asking victims to send $189 to a PO box in Panama.
Ransomware was becoming more popular by 2016 which led to the creation of Ransomware as a Service (RaaS), this had the dramatic effect of lowering the bar for entry. Before these services existed, malicious actors would have to invest large amounts of time and expertise to develop effective Ransomware, whereas now anyone could hire these services one such service was Stampado which was available for just $39.
More recently ransomware has been progressively getting more advanced and complex, it has come a long way since the 1989 incident. Before 2018 the ransomware once it had infected your systems would encrypt files preventing access and try to force the victim to pay for the infected files to be decrypted. This process changed in January 2018 with the emergence of GandCrab this behaved as the older ransomware would and decrypted files hoping that victims would pay for them to be decrypted however it was also packaged with another malware Vidar that was able to steal information and files from the infected systems. This gave further leverage to the malicious actors as they could threaten to release sensitive information if the ransom wasn’t paid.
As a general piece of advice, it is suggested that ransomware demands should not be paid the reasoning for this being that there is no guarantee that you will regain access to your data, the infected device will still be infected, and it could increase the likelihood of you being targeted in the future.
Some simple steps can be taken to reduce the likelihood and impact of ransomware attacks;
- Probably the most effective step would be to take regular backups and if possible, store them offline so that even if you are targeted there’s no way these backups can be affected. It’s also important that once you have backups you test them to ensure that it is possible to recover from them without issue. If you do fall victim to a ransomware attack and your backups are not stored offline, you should scan them for malware before recovering from them to ensure a safe backup.
- Mail filtering could be used to restrict the type of files that can be sent over email to those that are expected.
- Enable Multi-Factor Authentication (MFA) this is especially important for privileged/admin accounts as these will have greater access to systems and will often be targeted because of this.
- Use an antivirus on endpoint devices as this will help against all types of malware including ransomware. It’s also important to ensure that any updates to antivirus systems are applied as soon as possible as these often contain new information that will help to detect new malware that is actively being used.
- Having an incident management plan on how you should respond to an attack like this that covers the steps needed to successfully respond to and recover from a ransomware attack. It’s also important that if you do have a plan, you conduct a trial exercise to ensure that it is working as intended.
Make sure your company’s cyber security is up to speed, click here for more information.
Our active fundraising for Air Ambulance is found here we appreciate any donation.