Skip to main content

How Did Ransomware Get So Bad?

ransomware

Photo by Michael Geiger on Unsplash

By Arthur Moses Opio and Kyomuhendo Esther Diana

Right now, more than ever, Cybersecurity continues to evolve. With the advent of the Internet of Things (IoT), where power grids, water systems, pipelines, Smart Cameras, etc. are controlled by everything to do with the network and Internet. The risks at hand are also huge but also it presents many individuals, organizations and governments to set up defences for critical systems (Crown Jewels) 

Over the weekend, the Internet was awash with news of a Ransomware Attack that happened on Friday and it forced the shutdown of the Largest oil pipeline in the United states. See more from this link Ransomware attack forces shutdown of largest fuel pipeline in the U.S. (cnbc.com)

Statistics

  • Ransomware perpetrators carry out more than 4,000 attacks daily.
  • 1 in 3,000 emails that pass-through filters contain malware. 
  • On average, organizations pay a ransom of $233,217.
  • There’s a 19-day downtime following a ransomware attack.
  • 95 new ransomware families were discovered in 2019.
  • Ransomware attacks in the education sector rose by 388% between Q2 and Q3 of 2020.
  • In 2021, ransomware attacks against businesses will occur every 11 seconds.
  • The global cost associated with ransomware recovery will exceed $20 billion in 2021.

(Source: SafeAtLast)
 
Ransomware has become a huge problem for businesses because it has been so widely adopted by the bad guys. Why? This is “Game Over” malware, meaning that, at least in the criminal’s eyes, once a user gets infected, there is no recovery option other than paying the ransom. Also, victims actually pay the ransom directly to the criminal, cutting out any need for middlemen or having to sell piles of stolen credit card information on darknet forums.
 
It’s likely that the future of ransomware will include things like blackmail (threats to post trade secrets or company intel online or releasing customer information), more aggressive infection and better target identification—all techniques that we know how to combat. However, while the news of how to stop the malware is spreading, millions of people are still going to get infected because they didn’t get the memo soon enough.
 
What Is Ransomware?

Imagine your precious items e.g., car, land, smartphone, car number plate etc. being held at ransom until you pay a certain amount of money to the perpetrator to be able to get it back. The same applies to the modern-day ransomware attacks.

Ransomware is a form of malicious software that locks devices or encrypts a victim's files.  A demand/ransom notice is shared by the attacker to the victim to restore access to their data upon payment. Instructions are usually shared on how to make the payment a fee to get the decryption key. The costs could range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

What do I do If I am Infected?

Never pay the ransom. When you pay, it encourages the attackers to launch attacks against other victims.

Ensure to shutdown your machine, you could try free decryptors online Ransomware doesn’t mean game over - Malwarebytes Labs | Malwarebytes Labs, you could get some files or all. It is important to also report the ransomware as some research could have already been done on it and solutions could have already been provided on how to deal with it. Companies like NoMoreRansom.org could also be of great help, they don't guarantee to get all your files but there is a possibility of retrieving your files as written on their site.

How Do We Prevent Ransomware Attacks? 

The old saying goes that, "Prevention Is Better Than Cure"

  1. Ensure that your computer/smart device is up to date. Ransomwares take advantage of security vulnerabilities. 
  2. Ensure you are running a Cybersecurity Solution e.g Enterprise Antivirus Solution
  3. Backup and secure your backups on a regular basis
  4. Stay informed. One of the most common ways that computers are infected with ransomware is through social engineering. Educate yourself on how to detect malspam, suspicious websites, and other scams. And above all else, exercise common sense. If it seems suspect, it probably is. The ICT policy mandates that we do awareness and training on Cybersecurity, we are open to teach and share with staff and students to keep you informed, just like we do it through these emails and cyber tips shared on social media forums.
  5. Avoid connecting computing gadgets to the University Network Without Due Diligence on Cybersecurity, Our ICT Policy 2.4.9.2 ICT Services says,  The University reserves the right to audit, without prior notice, any ICT equipment connected to its networks for the purposes protection against exploitable security vulnerabilities

Let us continue to build our human firewall, we are better off safe than sorry.
 

© 2021 All rights reserved - Directorate for ICT Support (DICTS) - Makerere University

Available Office Time: 8:00am - 5:00pm (Monday - Friday)

Service Desk - https://support.mak.ac.ug

Email: helpme@dicts.mak.ac.ug
Phone: 0414 531343/437
Hours: 9:00am - 5:00pm