Global ransomware attacks are at an all-time high after steadily increasing over the last few years. The worst part is that the U.S. is the top target in the world for all ransomware attacks, accounting for over 43% of the last 1,900 reported attacks in the last year, according to a report from Malwarebytes.
So why exactly are we the biggest target? What could we be doing wrong that’s making it so easy for ransomware attackers to go after us? I spoke with Steve Stone, head of Rubrik Zero labs, the Data Threat Search Unit at the cloud data management and data security company Rubrik, for more answers on this troubling topic.
What is ransomware and why has it grown so much in popularity?
A ransomware attack happens when a group of hackers encrypts the data on a system, usually of a large organization, and demands a ransom to restore access to the owners or users. The hackers may also threaten to delete or leak the data if the ransom is not paid, so it’s a very serious attack.
What are some of the most notorious attacks?
These attacks come from various sources, but some of the most notorious ones are from Russian ransomware groups, such as Clop, REvil, DarkSide and Conti. These groups operate as ransomware-as-a-service (RaaS) platforms, which means that they provide the ransomware software and infrastructure to other cybercriminals who carry out the attacks and share the profits with them.
What major organizations have been targeted by these cybercriminals?
Some of the major organizations that have been targeted by these groups in the last year include health care, education, energy and transportation sectors. One of the victims was CalPERS, the biggest pension fund in the U.S., which had its data stolen and leaked by Clop through a third-party vendor that was exploited by a zero-day vulnerability.
How can ransomware attacks harm individuals?
Ransomware attacks can affect individuals like you and me. In fact, anyone who uses a computer or a device connected to the internet can be a potential victim of ransomware.
This means that your personal files, such as your photos, videos, documents and emails, could be locked by hackers who demand a ransom for their release.
How ransomware attacks are now carried out?
A few years ago, ransomware attackers had to do a lot more work and spend much more time doing various steps to reach their goals. They had to find the target, follow them, work through negotiations, and a ton more steps, making it a pretty complicated process.
What has truly changed the game now is “Ransomware-as-a-service.” This is when ransomware operators will write software and then hackers will pay to launch attacks using that software.
They don’t need to have any technical skills, they can just pay to have the work done for them so that they can be paid quickly. Plus, tools like ChatGPT can now make this method more accessible to anyone. It’s far less work for a far bigger reward.
And according to Stone, the person or organization they’re targeting doesn’t even matter much to them: “Ransomware actors, they’re looking for something that’s going to return value on their time, so they don’t want to spend a ton of time finding the right target, which really differentiates from government-sponsored efforts… it’s much more about how are they going get paid than the actual specific target itself.”
Why isn’t the government shutting it all down?
It’s not that the government has no desire to do anything. It’s more that the ways to bring down ransomware attackers are very complicated and ever-changing. As soon as we think we’ve solved one issue, the attacker will find five more loopholes to get around it.
I asked this very question to Stone, and he reiterated that the truth of the matter is that the government is working on this every day. Stone said, “This is a forever problem. It’s here to stay. And the sooner I think we look at it that way, we’ll recognize the government will always need to do more. It will always need to do better and so will we.”
GET MORE OF MY SECURITY ALERTS, QUICK TIPS & EASY VIDEO TUTORIALS WITH THE FREE CYBERGUY NEWSLETTER – CLICK HERE
What can I do to protect myself from ransomware?
Ransomware criminals will try to get you to pay money to them to get your files back. However, paying the ransom does not guarantee that you will regain access to anything a criminal takes from you and will only permit them to do it more.
Your best bet is to prevent an attacker from gaining access to your files altogether so that you don’t have to try to fight to get them back. Here are some of my tips for avoiding having your data stolen in a ransomware attack.
Be careful about opening suspicious links or attachments
If you receive an email from an address you do not recognize, don’t open it. If you open it by mistake, avoid clicking any links or opening any attachments within the email. This is a classic method that cybercriminals use to try to trick you into thinking that the message is from someone important to you.
Have good antivirus protection
Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links that may install malware or ransomware on your devices, allowing hackers to gain access to your personal information. Plus, it’s designed to tell you when there is already malware on your device so that you can immediately work toward getting rid of it.
Back up your files on an external hard drive
I highly advise you to create backups of your information on an external hard drive and store it securely in a safe location. This process involves regularly making backup copies from your Windows or Mac computer and then disconnecting the external drive from your computer for added safety. You should store the disconnected drive in a secure place like a fireproof safe or a safety deposit box. By keeping the drive unplugged when not in use, you significantly minimize the risk of unauthorized access to your data by hackers.
Keep software up to date
Regularly update your operating system, antivirus software, web browsers and other applications to ensure you have the latest security patches and protections.
Use strong and unique passwords
Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. This will make it harder for hackers to access your data or infect your devices with ransomware. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
How to Respond to a Ransomware Attack
Do not pay the ransom. Paying the ransom does not guarantee that you will get your data back, and it may encourage the attackers to target you again.
Disconnect your device from the internet and any other networks. This may prevent the ransomware from spreading to other devices or encrypting more data.
Contact law enforcement and report the incident. They may be able to help you recover your data or track down the attackers. You can find a list of law enforcement contacts for ransomware attacks on the CISA website.
Restore your data from backups. If you have backups of your important data, you may be able to restore them to a clean device. Make sure that your backups are not infected by the ransomware and that you scan them for malware before restoring them.
Use identity theft protection: If you are a victim of a ransomware attack, you may want to consider investing in identity theft protection. Identity theft protection companies can monitor personal information like your home title, Social Security number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses.
Kurt’s key takeaways
Ransomware attacks are a serious threat that can affect anyone, anywhere and anytime. The U.S. is especially vulnerable to these attacks because of its high-value targets, and its lack of cyber defenses.
The best way to protect yourself and your data from ransomware is not to click on suspicious links or attachments, back up your files regularly, and use reliable antivirus software. And if you ever become a victim of ransomware, contact law enforcement.
Have a question or suggestion for stories you’d like us to cover? Let us know by writing us here: Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Answers to the most asked CyberGuy questions:
Copyright 2023 CyberGuy.com. All rights reserved.