fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How Does Ransomware Work? Examples and Defense Tips

How Does Ransomware Work? Examples and Defense Tips

how does ransomware work
If you are asking ‘how does ransomware work’ and proactively defending your systems against possible cyberattacks, you are on the right track.

With working from home already a norm, the world has also seen quite a surge in ransomware attacks. The State of Ransomware Report indicates that cybercrime damages are expected to hit US$6 trillion this year, with the attacks increasing and becoming more complex and disruptive.

In Singapore, roughly 61 reports of ransomware attacks were received by the Cyber Security Agency of Singapore in 2020, which was almost double the number reported in 2019. Needless to say, ransomware is booming and is definitely rising through the ranks to become a global security threat. Vulnerability in the cyberspace is a glaring reality.

Thankfully, governments and other international initiatives have been working relentlessly to pursue those who are responsible for these malicious attacks. Still, it behooves the system owners – organisations even – to educate themselves on ransomware and what they can do to prevent and mitigate it.

How does ransomware work? Let’s define what it is.

Ransomware comes in the form of malicious software and is also known as malware. It blocks the normal access to a system or compromised files, and is kept this way unless the victim pays the determined ransom amount. Upon payment, the victim receives a key that can decrypt the blocked system and restore it to normal.

There are many ways ransomware can get into a computer system:

  • through infected email attachments
  • removable storage media, such as portable thumbnail drives, that have been infected
  • downloaded software
  • seemingly harmless links in email, social media websites, or instant messages

Usually packaged with installation files in the guise of legitimate software updates, ransomware is put out there as updates for the likes of Adobe Acrobat or Java. These misleading ads are especially common in unknown websites like torrent sites.

Also Read: How to Choose a Penetration Testing Vendor

At the onset of ransomware, encryption is done on the data, a process similar to how passwords can secure an account to prevent unwanted access. The moment ransomware compromises a system, the threat actor encrypts all data, preventing the victim from accessing that data. Once encryption is done, the victim will not be able to access any of the affected files without the decryption key coming from the threat actor, in exchange of course for whatever ransom amount demanded by the assailant.

What are ransomware examples?

How does ransomware work? For one, it has countless types across thousands of variations, and below is an overview of some of the most prevalent attacks active today:

  1. REvil – infamously responsible for a third of all ransomware incidents, REvil is a Ransomware-as-a-Service (RaaS). It is also known as Sodin or Sodinokibi. It spreads in many ways, which include unpatched VPNs, exploit kits, RDPs and spam emails.
  2. Ryuk – when a healthcare organization is attacked, the culprit is most probably Ryuk. It is typically spread by other malware such as Trickbot, or via email phishing attacks and exploit kits.
  3. Robinhood – this variant usually gains access via a phishing attack or other weaknesses in the system’s security. They can then hold a computer or computer system hostage.
  4. DoppelPaymer – this variant is notorious for targeting enterprises via access to admin credentials, their gateway for propagating the infection across the whole Windows network.
  5. SNAKE – this variant targets the industrial sector and is responsible for 6% of all ransomware attacks in 2020. What it does is disable ICS processes, freeze VMs and steal admin credentials so it can further infect and encrypt files across the network.
  6. Phobos – similar to REvil, this variant is a RaaS. It gains illegal access to a network through exposed. RDP ports.
how does ransomware work
How does ransomware work? Traditionally, ransomware spread via emails or unknown websites. These days, however, ransomware has evolved, even exploiting the popularity of social media platforms like Facebook to spread malware.

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

Defending your system against ransomware

Now that we’ve tackled ‘How does ransomware work?’ let’s dive in to tackle how you can defend your system against ransomware.

1. Protect

Backup is your friend. It is recommended that you keep three copies of your data on 2 different types of media: one version is kept off-site and one version cannot be modified. If, by any unfortunate circumstance you get hit with ransomware, keeping secure offsite versions will help you recover more easily.

2. Secure

It should be noted that ransomware is prevalent in Windows OS. This is because apparently, most malware is built to infiltrate Windows systems. On your end, look into locking down role-based instances to perform only what they are supposed to do, and nothing more.

3. Test

You will be on the winning end if you perform regular testing of the viability of your backup as well as disaster risk management. Part of your data protection protocol should be to test automated recovery to rule out potential factors that may hamper successful recovery when ransomware does happen.

4. Identify

The earlier you discover ransomware in your system, the faster your recovery can be. Learn how to work with your data protection officers and pen testing service providers to do the necessary studies. Arm your system with security tools that can recognise potential attacks and immediately alert personnel of any unusual fluctuations of data.

So how does ransomware work? It will always catch you unaware, hiding behind legitimate updates, innocent-looking messages, and the like. Be sure to remain vigilant and follow the defense components to help you keep your business safe against threat actors.

Conducting regular penetration testing could also help ensure that threat actors are at bay as it searches for available vulnerabilities present in your system for you to acknowledge before bad actors can exploit them. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us