Experts say that it is one of the most feared cyber threats by companies. We tell you how to prevent it.
Last Sunday, the meat company JBS, one of the largest in the world, reported that some of its servers were the target of a cyberattack. The failure affected the company’s computer systems in North America and Australia and several plants were forced to temporarily suspend production .
Days later, the FBI reported that the attack was perpetrated by REvil, a group of cybercriminals who specialize in ‘ransomware’ and have a platform on which they auction off confidential documents.
Although it is not clear where they operate from, the bureau has indications that its members could be of Russian origin.
Also read: FBI confirms that REvil hackers perpetrated a cyberattack on JBS
JBS was the victim of a scheme that is gaining strength in the world and that has become the headache of companies: ‘ransomware’, a malicious software that seeks to encrypt or block a computer system for extortion purposes .
Its name comes from the English word “ransom”, which means “ransom”, since users, companies and other victims must pay money to recover their information.
“‘Ransomware’ is perhaps the attack that all companies fear most today,” says Ignacio Triana, technology manager for MCA at cybersecurity firm Trend Micro . “They are not only risking their information, but also their reputation, something they try to take great care of.”
How do the attacks work?
According to Triana, with this modality the attackers seek to access operating networks and then encrypt privileged data. The most common method is ‘phishing’ or identity theft through fraudulent emails: almost 90% of the attacks analyzed by the company are carried out in this way.
Malware can also be introduced through popular torrent sites , loaded applications, or through vulnerabilities in smart home devices and routers, such as default or easy-to-guess passwords. “Threat actors are targeting these devices to use employees’ home networks as a stepping stone to corporate networks,” the company notes.
Second phase: understand the network
According to the expert, once the attackers enter the company’s networks, they begin to move between computers and try to go unnoticed while they understand how it works. This process can take months until they find the critical server. However, they are not always easy to detect by companies, so it is recommended that they have adequate security software and vulnerability analysis in emails, networks and servers.
Follow the news of El Espectador on Google News“What we tell our clients is that in each of these layers we can identify situations that are not normal: such as attempts to log in a user from other computers, attempts to connect users outside the country or much more sophisticated processes,” he says. Triana.
It may interest you: Cybercriminals point you to vaccine cold chains
The third phase of these attacks consists of encrypting the critical server and asking for a ransom for the information , which can consist of user data, employees, customer accounts, and so on. “It can also happen that they try to impact the operation of a company, such as blocking a supply chain or the implementation of some artifact. The attack may not only impact the company but also its surroundings ”, adds the expert.
What happens when a company is a victim of ‘ransomware’?
Many of the companies that are the target of these attacks are saved by having backup copies of the most sensitive information , as they can continue with their operations. However, for those who do not have this backup , it all depends on the aggressiveness of the attack and the positions of companies in cybersecurity.
In some cases, they are able to react quickly and deploy solutions with expert signatures, which can detect where the attackers or malicious software are. However, Triana says that there are much more complex attacks that do not even allow the installation of specialized tools to mitigate the impact, making it “practically impossible” to solve .
In fact, last May, Joseph Blount, CEO of Colonial Pipeline, revealed to The Wall Street Journal that his company paid US $ 4.4 million after being attacked under this scheme. The main pipeline network in the United States was closed for five days due to this fact, temporarily putting the supply of fuel in that country at risk.
Blount assured that he authorized the payment because they did not know the extent of the damage and the time it would take them to resume their activities if they did not agree.
To read again: Cyberattack on oil pipeline generates panic at US gas stations.
How can ‘ransomware’ be prevented?
Although it is essential that companies have solution providers that can constantly monitor their networks, many attacks can be prevented if workers have adequate cybersecurity practices.
Here are some basic Trend Micro recommendations for those who work from home:
Avoid giving out personal information. Some malicious actors take publicly available information and use it to gain access to more valuable private information, or use it to deliver and deploy malware on your device. Be careful about the type of information you share online; be sure to provide private information only when absolutely necessary.
Strengthen your password hygiene. Telecommuters should use the best password practices for their email and other accounts: eight or more characters and symbols; avoid repetition, sequences or patterns; and don’t reuse passwords. Since some corporate online tools and portals may also have defaults that attackers can use brute force, it is best to change passwords regularly and implement multi-factor authentication.
Windows users must enable “Show file extensions” . Show file extensions is a native Windows functionality that shows users what types of files are being opened. Sometimes malicious actors use file names that look like two extensions, for example, “photo.avi.exe”. Users should use this Windows feature to check what they are opening and avoid any suspicious files.
Open only trusted email attachments. Ransomware is commonly spread via spam email, and many distributors already know the most effective topic titles to grab the user’s attention. Some actors also use rare files in their spam and rely on users to simply click without looking. Avoid opening suspicious file extensions (such as .EXE, .VBS, or .SCR). Some users can even configure their webmail servers to block these attachments.
We suggest you read: Beware of withdrawals without a card: this is how they use this tool to scam
Disable the internet connection if the computer exhibits suspicious behavior. Ransomware typically needs to connect to a command and control (C&C) server to complete its encryption routine. Without Internet access, the ‘ransomware’ will remain inactive on an infected device. If a user manages to catch you during the early stages of the attack, you can disable internet access and mitigate any damage.
Take advantage of all the security tools and features at your disposal. Many devices and software already have security features built in and constantly updated. Update your home router firmware, as well as operating systems and software on PCs, mobile devices, and browsers to the latest versions. This includes any virtual tools and VPNs from your company. All computers should also be running up-to-date network and endpoint security solutions from a trusted vendor. (This should include anti-intrusion, anti-web threat, anti-spam, anti-phishing, and of course anti-ransomware features.)
