Ransomware: complete guide on this cyberattack (and what we should never do if we are victims)

The ransomware It has become one of the most used cyber attacks by criminals. This type of malware “hijacks” the victim’s information and ends up asking for a “ransom” within a period of time. How much can it cost individuals, companies and government entities to recover that data?

In interview with TradeÁlvaro Santa María, general manager of IBM Peru, indicated that “ransomware has democratized cybersecurity”. “They can do it to you on your personal computer or they can do ransomware to a client, a very large company”, he assured. In other words, anyone can become a victim of this type of cyberattack.

The most resonant case in recent years is that of Kaseya, a Florida company that provides information technology management software, in July 2021. According to The Guardian, this cyberattack affected between 800 and 1,500 companies, but researchers believe that the number could be as high as 2,000. “The Kaseya firm hack, which is already being branded as ‘the biggest ransomware attack on record‘, has affected hundreds of businesses around the world, including supermarkets in Sweden and schools in New Zealand.”, the newspaper noted.

LOOK: WhatsApp: how to know if someone else has logged in with my account on another device?

What happened? Kaseya systems are used by small businesses that don’t have the funds to run their own IT departments. “Kaseya regularly sends updates to its customers to ensure the security of their systems. But in this case, those security features were subverted to deliver malware to customer systems”, assured the British newspaper. Even the Republican National Committee of the United States was affected by this cyberattack.

Affiliates of the Russian hacker group REvil claimed that it was responsible for the cyberattack. Furthermore, they asked a payment of US$ 70 million (more than S/. 265 million approximately) to release the universal decryptor with which they could unlock all affected systems.

According to SonicWall’s 2022 Cyber ​​Threat Report, they were recorded in 2021 more than “623.3 million ransomware attacks globally. This total has been an increase of 105% compared to 2020 and more than triple the number seen in 2019. In other words, this form of cyberattack is becoming one of the weapons most used by cybercriminals.

LOOK: Instagram: NGL, the app for questions and answers can put your personal data at risk

How exactly does ransomware work?

According to Martina López, cybersecurity researcher at ESET, in an interview with this Daily, is a malicious program that belongs to the malware family. “The aim of the ransomware is that, for the victim, the files are inaccessible, but for the cybercriminal, not”, he assured.

To achieve this goal, cybercriminals block access with algorithms. “They usually do this by placing encryption algorithms. That is, very complex mathematical algorithms that, with a sufficiently long and secure password, allow access to be blocked. There will be certain files that cannot be read, such as photographs, texts, videos, audios, databases (in the case of companies). The only way to undo that action, that encryption, is by having the key that the cybercriminal generated when he executed precisely this actionLopez added.

For this reason, it is called “ransom”, an English word whose meaning is “rescue”. “The only person who has the ability to unlock those files is the cybercriminal. Over there, he blackmails the victim, tells him that with a payment he will return his filesand that’s why it’s the word ‘ransom’”, stated the researcher.

LOOK: Play Store and App Store: What should we check before downloading any app?

Ransomware: how much does it cost to pay the “ransom” of our information?

According to Lopez, there is no exact amount or an approximate amount. “It very much depends on the target and the cybercriminal gang itself. End users may be asked in the order of hundreds or thousands of dollars”, he indicated. This “ransom” is usually requested in cryptocurrencies and not in bank movements that leave a trace.

“The threats that we are going to find, perhaps more frequent in users, are going to be those that are in fraudulent downloads, in cracks, in supposedly free programs, when their official versions are paid. And in those it is likely that the amount will not exceed US$ 10,000 (approximately S/. 38,000)a little below that”, assured the researcher.

In addition, he indicated that for companies, this amount is usually increased considerably. “Now when we are talking about companies, the amount obviously amounts to thousands or millions of dollarsLopez assured.

A case of payment for ransomware is that of Travelex, a currency exchange company, in January 2020. According to The Wall Street Journal, the company paid US$ 2.3 million in bitcoins (more than S/. 8 million approximately) to REvil to have their systems reactivated after two weeks of inactivity. The group used Sodinokibi, a highly evasive and up-to-date ransomware that encrypts files and removes the ransom request message after infection. This informs the victim that they must pay a ransom in bitcoin and that if it is not paid on time, the demand will double.

The “rescue” of the information is usually requested in cryptocurrencies. (Pixabay/)

Another is that of the University of California, which paid US$ 1.14 million (more than S/. 4.3 million approximately) in June 2020, according to Forbes. The cyberattack, which was carried out with Netwalker (a strain of Mailto), was directed at the School of Medicine of the university.

However, there are cases where companies managed to stop the attack or simply did not believe the cybercriminals’ threats. For example, the Manchester United club was also the target of a ransomware attack in November 2020. But according to their spokespersons, the personal data associated with its fans and customers was not violatedaccording to The Guardian.

The same month, the Superior Court of Justice of Brazil also suffered a ransomware attack, according to UOL. This cyberattack prompted IT staff to shut down the court network to prevent malware from spreadingbut several Brazilian government agencies were also affected.

LOOK: Cybersecurity: 66% of parents do not know if their children have been victims of cyberattacks

What should we do if we are victims of ransomware?

According to the researcher, it is best not to make any type of payment. “Avoiding all contact with the cybercriminal and avoiding any payment is the best we can do. The reality is that there is nothing that guarantees the victim that the cybercriminal can unlock the files after payment. That is, the criminal could easily disappear with the money. There are cases where the files have been returned and cases where they have not.Lopez assured.

He also urged common sense, because after all, the victim would be dealing with a cybercriminal. “He is a cybercriminal. Relying on the good will of a person who is already committing a crime is not a good idea.”, added the researcher.

LOOK: Facebook: how to recover my account if I have forgotten the password or I have been hacked?

On the technical part, López gave some advice. “Reset the computer to factory. That is, to be able to do a total cleaning. Obviously, do not continue to interact or remove any files from the computer because we don’t know if it has the threat inside or not. In addition to encryption, the cybercriminal may have left some kind of duplicate threat so that if we decide to extract the information with a memory stick and plug it into another computer, we could be replicating the infection ourselves. And it’s something we don’t want“, he claimed.

On whether this situation could be reversed, the ESET researcher pointed out that it is not something common. “There are very few cases in which a ransomware attack is reversible. There are certain programs that can reverse the encryption of files, but they are very few, and many companies take advantage of victims to ask for payment for alleged decryption. Always be wary of those types of posts that mention that they will return the files to you in a jiffy”, he asserted.

LOOK: Cryptocurrencies: they detected almost 50 thousand theft attempts towards virtual wallets in April alone

How can we prevent a ransomware attack?

López indicated that we should not get carried away by a free offer on the internet. “Let’s be careful with the downloads we make. Although a free program, when its version is paid, can attract a lot of attention and can be very attractive, we must bear in mind that the consequences can be found when downloading programs whose origin we have not verified”, he assured.

The researcher also stated that the emails could contain this malicious software. “Let’s be careful with what we open when receiving documents. Not only do not download them from sites where we do not know the origin, but they can also come attached to emails, for example. They can be contained in any type of communication, under the excuse that it is the Government that is sending us a fine, or that they pretend to be the bank that sends us an invoice.”, he added.

Namely, ransomware not only arrives as such, as it can often arrive disguised as phishing. This modality works with the cybercriminal posing as a person or entity trusted by the victim, in order to steal personal information or install malicious software on their device.

LOOK: Google will encrypt passwords on your device: how do I activate this feature?

For this reason, López assured that it is important to have a backup of our information. “Let’s have some kind of solution, have a backupeither in the cloud or in applications like Google Drive, for example, where we can make a copy of important files that we cannot lose, or do not want to lose”, he indicated.

In the case of companies, this type of prevention requires more planning, in addition to having any type of security. “In the case of companies, it is already a bit more complex because we don’t have just one person to monitor. This is where the solution becomes much more multifactorial”, pointed out the researcher.

“We have from the technological side, set up some kind of tool that has an anti-phishing or anti-spam filter it will be the first. These will probably eliminate the bulk of this type of communication, since by detecting a malicious file that comes along, or a URL that is already marked as malicious, they will automatically filter the emailsLopez added.

LOOK: WhatsApp: the most common (and dangerous) scams that we can suffer when opening any link

Therefore, the second step is staff training. “We cannot stop there, because it is probable that some of these threats are smart enough to be able to evade some of these controls. That’s where user training comes in.”, stated the researcher.

López also specified that this involves all workers and that it must be frequent. “Not only to the collaborators who enter as new, but also to those who are already, because these types of threats are constantly changing”, he asserted.

In addition, the researcher urged companies to make backups of their information. “The company cannot lose the flow of performing backups every certain amount of time. This way you can get back to trading as quickly as possible if you experience any of these attacks”, he concluded.

Source: Elcomercio