Ransomware - catching ransomware extortionists now
Blog

Beware of Ransomware! How to stop ransomware attacks

Prevention and countermeasures for high-risk ransomware attacks
4 minutes
March 27, 2024

In October 2023, 72 local authorities in southern Westphalia, Germany, suffered an IT meltdown. During the night, hackers attacked the communal IT service provider using ransomware. In addition to the administrations, the systems at schools also failed. Trade fair company Messe Essen suffered a similar attack, also threatened by ransomware:  Cyber criminals hijacked the ticket store and stole personal data such as addresses and emails. An effective security network can take the fear out of serious ransomware attacks.

Ransomware - the definition?

Its name already explains what makes ransomware so dangerous: this malicious software (malware) blocks access to computer systems or files until a payment (ransom) is made. The software normally encrypts the files on the victim’s device so that they are no longer accessible. In order to get the decryption key for the captured information back, companies, authorities or organizations have to pay the hackers a ransom.

What makes ransomware so dangerous?

According to the German Federal Office for Information Security (BSI), there were more than 2,000 vulnerabilities in software products in 2023. This is an increase of 24% compared to the previous year. 66% of all spam emails were hidden cyber attacks. According to the BSI, ransomware is the top threat for companies and authorities in particular. On average, 775 emails containing malware were intercepted in German government networks every day during the reporting period. In addition, an average of 370 websites had to be blocked from access every day due to malware.

It is the mixture of financial motivation and destructive power that makes ransomware so dangerous. In addition, hackers are constantly developing ransomware attacks and increasingly sophisticated techniques are being used, including new encryption methods, anonymous payment systems such as cryptocurrencies and social engineering. You need to be prepared for these risks:

  • Data breaches: Sometimes attackers threaten to release sensitive data if a ransom is not paid. This can lead to data breaches, fines and legal liability for the affected company.
  • Financial damage: Ransomware attacks can affect individuals, companies and organizations financially, as they are often forced to pay a ransom to regain access to their files. Caution: There is no guarantee that the decryption key will be released or that the decryption will actually work, even if the ransom is paid.
  • Disruption and loss of time: Ransomware attacks can significantly disrupt operations, resulting in downtime, loss of productivity and image reputational damage.
  • Rapid spread: Ransomware can spread fast across networks and devices, infecting multiple systems within an organization or between different companies. It can affect companies, countries and critical infrastructures worldwide and cause widespread disruption.

Some examples of how ransomware infects computers are malvertising (malicious advertising on legitimate websites), phishing emails (with dangerous links or attachments) or exploit kits that automatically exploit vulnerabilities in software, operating systems or network services. There are also drive-by downloads (compromised websites that automatically download ransomware onto the systems of website visitors).

What types of ransomware exist?

There are various forms of ransomware that differ in the nature of their attack vectors and behaviors:

  • Locker ransomware: With this lock screen type, access to the computer or special functions of the operating system is blocked.
  • Encrypting ransomware: Files are encrypted on the infected system using strong encryption algorithms.
  • Master Boot Record (MBR) ransomware: It infects the MBR of a computer, which can lead to the operating system no longer starting properly.
  • Mobile ransomware: This malware targets mobile devices such as smartphones and tablets. It can distribute itself via infected apps, malicious links or drive-by downloads, encrypting personal data and blocking access.
  • Network ransomware: It spreads within a network and infects multiple computers or servers. Shared network resources, vulnerabilities in network protocols or unsecured remote desktop connections are the gateway for hackers.
  • Dox or leakware: Attackers threaten to publish stolen or encrypted victim data if no ransom is paid. This form of ransomware aims to blackmail victims by publishing sensitive information instead of just denying access to files.
  • Ransomware as a Service (RaaS): Cyber criminals even offer ransomware kits as a subscription. Using ready-made tools, even technically inexperienced people can initiate ransomware attacks.

How do you identify and combat ransomware?

Early detection of ransomware is crucial to minimize the impact on your system and your data. You should pay attention to the key points here:

  1. Use reliable antivirus and anti-malware software!
  2. Use behavior-based detection: There are behavior-based detection techniques that identify ransomware based on its actions rather than its signature. This includes monitoring system behavior for unusual file encryption patterns or attempts to change system settings.
  3. Educate employees about the risks of ransomware and sensitize them to report suspicious activity on their systems. This will enable IT and security teams to respond more quickly to potential ransomware infections and reduce the impact.
  4. Use mechanisms to identify anomalies. This could be a sudden increase in file encryption activity, unauthorized access attempts or unusual network traffic patterns.
  5. Use file integrity monitoring tools to track changes to files and directories.
  6. Analyze network traffic for signs of ransomware communication, such as connections to known command and control servers used by ransomware operators. Intrusion Detection and Prevention Systems (IDPS) help to block suspicious connections in real time.
  7. Monitor user activity on your network to identify unusual actions.
  8. Deploy Endpoint Detection and Response (EDR) solutions that provide real-time visibility into endpoint activity and enable rapid response to potential threats.
  9. Implement SIEM solutions that collect and analyze security event data from multiple sources across your network. SIEM platforms can be used to correlate events, identify potential security incidents and facilitate response to ransomware attacks.

Information: The German Federal Office for Information Security (BSI) has published some tips on how to defend against ransomware attacks. The key aspects that companies should cover in their security strategy include patches and updates, remote access, measures for emails and macros, the execution of programs, virus protection, administrator accounts, network segmentation, backups and a data protection concept, network drives and an emergency plan for the "worst-case scenario" (all systems in the network are encrypted and a blackmail letter has been received).

The Cyber Chronicle Newsroom
We keep you posted with the latest news, data & trend topics
Cloud Platform Security
Microsoft Entra: Porträt einer vielseitigen Produktfamilie
Learn more
Identity & Access Management
Identity meets Resilience
Learn more
NIS2
NIS2 & Penetration Tests: Getting Grip on NIS2-compliant Technology
Learn more
Identity & Access Management
Resilience by Identity
Learn more
Identity & Access Management
Identity & Access Management
Getting a Grip on Cryptography
Learn more
Microsoft Sentinel as Azure SIEM - Benefits & Costs
Learn more
AI
Fighting AI attacks: How to protect data and systems
Learn more
Assessment & Advisory
ISO 27001 Certification without delay
Learn more
Assessment & Advisory
Managed Services to counter the shortage of manpower
Learn more
Security & IT Solutions
Workload Security with SASE, this is how it works
Learn more
Cloud Platform Security
DevOps security: Stress test for culture and technology
Learn more
Identity & Access Management
Biometrics - better security without passwords?
Learn more
Cyber Defense
Threat Intelligence - Knowledge is power & security
Learn more
NIS2
NIS2 & ISO/IEC 27001:2022: New controls to fulfill both standards
Learn more
Identity & Access Management
How Privileged Access Management increases security
Learn more
Assessment & Advisory
vCISO - more IT Security through customizable support
Learn more
We’re here for you
Fill in the form and our experts will get in touch.

You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information