What are ransomware attacks?
Ransomware attacks are a type of cyber-attack in which a hacker infects a victim’s computer with malware that encrypts the victim’s files, making them inaccessible. The hacker then demands a ransom payment in exchange for the decryption key. The payment is usually demanded in a cryptocurrency, such as Bitcoin, from the victim in exchange for the decryption key needed to regain access to the files. These attacks can cause significant disruption and financial loss for individuals and organizations as the attacker’s goal is to make the victim’s files inaccessible until the ransom is paid. These attacks can be initiated through various means, such as phishing emails, exploit kits, and vulnerable software.
There are several ways that a ransomware attack can be carried out. Some common methods include
- Phishing emails: Attackers send emails with malicious attachments or links that, when clicked, infect the victim’s computer with ransomware. This is a highly used method by attackers to spread ransomware.
- Watering Hole attacks: A watering hole attack is a type of cyber-attack in which an attacker targets a specific website or group of websites that are likely to be visited by their intended victims. The attacker then infects these websites with malware, which is then delivered to the victims’ computers when they visit the compromised website. The attack aims to gain access to the victims’ networks, steal sensitive information, or launch further attacks. Watering hole attacks are typically used to target specific organizations or individuals and are considered highly targeted and sophisticated cyber-attack.
- Remote Desktop Protocol (RDP) attacks: Attackers gain access to a victim’s computer by guessing or stealing login credentials for RDP.
- Exploit-Kits: Exploit kits are tools that are used by cybercriminals to automate the process of identifying and exploiting vulnerabilities in software. These kits typically include a collection of exploit code, which can be used to exploit known vulnerabilities in popular software such as web browsers, plug-ins, and operating systems. Once a vulnerability has been exploited, the exploit kit can install malware or redirect the victim to a phishing website.
- Supply-chain attacks: Attackers infect software or updates with ransomware distributed to multiple victims through a software supply chain.
Now, after knowing what a ransomware attack is and the possible ways one can become a victim of a ransomware attack, it becomes important to understand what one should do & what should not be carried out during ransomware negotiations.
Do’s of Ransomware Negotiations:
- Keep all communication with the attackers professional and cordial.
- Take the time to evaluate the circumstance and seek professional assistance, as such attacks are technical and complex.
- Ensure that the attacker provides proof of their ability to decrypt the data after payment, also called ‘proof of life,’ where professional negotiators require the attacker to decrypt a test file for proof.
- Keep a record of all communication and data related to the ransomware. This information can be helpful for law enforcement agencies to take any action against the attacker.
- Establish a backup and recovery system for all critical data before negotiating with the attacker.
- Assess the risks associated with paying the ransom and determine if it is worth the cost.
- Determine the attacker’s demands, including the ransom amount, payment method, and other conditions.
- Negotiate the amount the attacker asks; threat attackers may be willing to pay a lower amount.
Don’ts of Ransomware Negotiations:
- Do not show any sign of desperation or urgency, as it can lead to you making hasty decisions.
- Please do not pay the ransom until all negotiations are completed, as it encourages the attackers and may not guarantee that your files will be unlocked.
- Please do not offer to pay the full amount in one go; pay a portion of it first, then ask for the decryption key, and then pay the full amount.
- Don’t communicate directly with the attackers. This can be dangerous and give them more information they can use against you.
- Please don’t ignore the attack, as ignoring it will not make it go away and can further damage your systems.
- Don’t forget to report the attack; notifying law enforcement and other relevant parties can prevent others from falling victim.
Preventing Ransomware attacks:
- Keep software and operating systems updated with the latest security.
- Be cautious when opening emails or clicking on links from unknown sources.
- Limit the number of users with administrative access to a network or computer.
- Use a firewall to block incoming connections from suspicious IP addresses.
- Use endpoint detection and response (EDR) solution to detect and respond to malicious activities in near real-time.
- Regularly back up important data and keep it stored offline or in the cloud.
- Train employees on recognizing and avoiding phishing scams and other social engineering tactics.
Ransomware is malware that encrypts a victim’s files and demands payment in exchange for the decryption key. It can cause significant financial and operational damage to individuals and organizations. It is important to have strong backups, keep software and security protocols up-to-date, and be cautious about clicking on links or opening attachments from unknown sources to protect against ransomware attacks.
Additionally, it is not recommended to pay the ransom as it encourages the attackers, and there is no guarantee that the attacker will provide the decryption key. But suppose there is no option left with the victim. In that case, the above-mentioned do’s and don’ts during ransomware negotiations should be kept in mind to avoid further mistakes, as no single system is there to protect from such attacks. It depends upon the user’s response mechanism in such scenarios.
Author: Ms. Sakshi Singh, Intern, CyberPeace Foundation