How to recognize a ransomware attack

How to recognize a ransomware attack

What is a Ransomware attack?

According to the Threat Landscape 2021 report by ENISA, the European Cybersecurity Agency that identifies the main threats to cyber security, the Ransomware attack is an increasingly frequent occurrence. It was the most used tool by cybercriminals between April 2020 and July 2021. One of the most recent and important Ransomware attacks occurred on March 23 last year and hit Italian railway services by blocking the sale of tickets both at ticket offices and through self-service.

The annual Cyber ​​Risk Management Survey 2022 by The Innovation Group, an independent market research and consulting firm, also shows an intensification of the phenomenon. In fact, at least 1 in 4 companies have experienced a cyber incident caused by Ransomware. Today, 28% of companies perceive the probability of a Ransomware attack as “High” or “Very High”, while a further 48% say it is “Medium”.

This means that no reality is immune from this threat, as evidenced by the Clusit 2021 Report on ICT security in Italy and in the world, by the Italian Association for Information Security. The association lists Ransomware among the most common attacks against the corporate Supply Chain.

What is a Ransomware? It is a type of malware (short for malicious software) that cybercriminals use to take control of a digital device (pc, tablet, smartphone, smart TV) and block access to all or some of its content (for example : photos and videos) and then demand a ransom to restore them. Generally, the payment request appears in a window that opens automatically on the device screen and the ransom payment must be in cryptocurrencies, such as Bitcoins.

The Sophos Threat Report 2022 also offers an interesting insight into the topic. The report analyzes the most significant change in the phenomenon, namely the transition a “vertical” model in which hackers attack organizations directly, to a Ransomware-as-a-service model (RaaS). The latter sees cyber criminals develop a malware which then other cyber criminals rent for their attacks. These criminals are experts in virtual infiltration, and have specific skills that differ from those of the malware creators.

Recognizing a Ransomware attack: types and vectors of attack

There are two common forms of ransomware attack:

Recognizing a Ransomware attack: types and vectors of attack

There are two common forms of ransomware attack:

  • Locker – This malware blocks the basic functions of the infected device. For example, it can deny access to the PC desktop or partially disable the mouse and keyboard. In this way, the victim of the cyber attack can only interact with the window containing the ransom request and make the payment. Generally, the goal of the malware locker is not to violate files but to block access to them, so complete data destruction is unlikely;
  • Cryptor: cryptor-ransomware encrypts files in the device (documents, photos, videos) without interfering with the functionality of the device. It is the most aggressive form of malware and the ransom note is often accompanied by a countdown after which, if the victim does not pay, the files are permanently deleted.

Ransomware can be installed on the device through refined forms of cyber attack, such as remote control. However, these malicious software are mainly spread via email (phishing), text messages or other types of messaging. These messages:

  • seem to come from known and reliable subjects (eg telephone operators) or from trusted people, such as work colleagues;
  • contain attachments with often a request to open them “urgently”, or links or banners to click to check information or receive alerts.

In other cases, the Ransomware can be downloaded to the device when the user:

  • clicks links or banner ads on websites or social networks;
  • surfs on specially hacked websites (drive-by download, which literally means “downloading without knowing it”);
  • downloads free games and programs for pc through software and apps.

Furthermore, malicious software can spread through device synchronization, cloud sharing and contact list on a smartphone that cybercriminals use to send messages containing infected links and attachments to others.

However, paying the ransom is only apparently the easier solution. In fact, there is no guarantee to get the files back. On the contrary, there is the risk of ending up on “payers’ lists”, potentially subject to periodic cyber attacks. The best solution is to contact specialized technicians. They are able to unlock the device and report the violation to the proper authorities.

How to protect yourself from a Ransomware attack? CyberExpert the Namirial solution

Namirial has always been active in IT security. Moreover, in recent years it has significantly increased its investments in Cyber security R&D.

Thanks to the know-how and experience, Namirial has created CyberExpert, the digital platform for cybersecurity that scans for cyber threats. This allows a correct risk assessment and to activate suitable countermeasures.

The results of the analysis phase are fundamental. In fact, they measure the effectiveness of security systems, highlight weaknesses, and make it possible to prioritize investments in the Cyber security.

Here are the main advantages of CyberExpert:

  • No software to install: CyberExpert is a ready-to-use web platform, which leads to significant savings in time and investments;
  • Easy to use: you can plan the analysis and then CyberExpert sends the report directly to your email address;
  • Intuitive Reports: Cyber ​​Expert reports are comprehensive and easy to understand. They highlight the vulnerabilities of the information infrastructure, report the presence of your data on the deep web, data breaches, malware and guide you in law enforcement actions;
  • Available APIs: Are you a reseller? You can integrate the Cyber ​​Expert platform into your online shop through the APIs that Namirial makes available. Your customers will be able to access the platform directly from your website.

Furthermore, Namirial’s CyberExpert allows SMEs to fully comply with the General Data Protection Regulation of the European Union, better known as the GDPR.

Articolo precedenteWhat are the pillars of Project Management
Articolo successivoESIGN Act: the US Electronic Signatures in Global and National Commerce Act