6 myths about ransomwares
Streamscan's cybersecurity incident response team regularly helps companies manage the impact of ransomware attacks. Here are 6 common myths about ransomware, based on our years of field experience, that could be putting your networks at risk.
Myth 1: Nobody wants to harm us, we won't be victims of ransomware
Although high-profile ransomware cases such as Colonial Pipelines or Kaseya may suggest that we’re typically dealing with targeted attacks, most ransomware attacks are random crimes of opportunity. In fact, in 99% of the cases, the attacks start with bots that scan the Internet 24/7 looking for accessible entry points (Remote Desktop Protocol servers, VPNs, etc.). If you have a vulnerable system that appears on the radar of these botnets, chances are you’ll be a target.
When you consider that it takes between 4 and 5 mins for a new piece of equipment connected to the Internet to start experiencing cyber attacks, it's easy to see why everyone is at risk without consideration for size or industry. Botnets have no emotions, whether you are big or small, well funded or struggling, ethical or not, you will be a target.
Myth 2: The best way to recover data is to pay a ransom.
According to Sophos' State of Ransomware 2021 report, the number of organizations deciding to pay a ransom after falling victim to ransomware is increasing - up from 26% in 2020 to 32% in 2021. This isn’t necessarily the best move since paying a ransom doesn’t guarantee that you’ll get access to your data. In fact, according to the same report, only 8% of organizations that paid the ransom were able to recover their data with the decryption key the hacker provided.
So you pay the ransom at your own risk and in 92% of the cases, you won’t be able to recover your data as this article in FORBES points out. In our experience, sometimes hackers disappear after receiving the ransom, sometimes the decryption key doesn't work or the data is corrupted during the encryption process.
Myth 3: There is no way to decrypt your data without paying a ransom
It is common to hear that the only way to decrypt your data is to pay the ransom. This isn’t necessarily true. You should know that there are organizations that maintain decryption keys for ransomware. For example NO MORE RANSOM or the Crypto Sheriff project.
You can also talk to antivirus or EDR vendors. They can often help you get access to a decryption key.
Even if the first instinct is to sulk or blame them, you should not hesitate to talk to your antivirus vendor in case of ransomware. The solution to your problem could come from them.
It’s also preferable to get help from a cybersecurity firm with recognized expertise in ransomware, such as Streamscan which has handled dozens of such cases and has already collaborated with the authorities to dismantle a ransomware distribution site in the USA (article in french). These firms will perform the necessary verifications and they understand the subtleties of ransomware remediation. This will be critical to the success of your incident management.
Myth 4: There is no connection between crypto-currency buzz and ransomware
Ransomware payments are typically made via crypto-currency which limits traceability. As long as this is the case and crypto-currencies keep increasing in value, cases of ransomware will only increase.
Myth 5: We use multi-factor authentication (MFA), we’re protected
MFA will only protect you from attacks looking to guess credentials for your network or email solution in order to take control of it. The hacker will usually use a tool that rapidly tests multiple password variants hoping to find a valid one in your network (brute-forcing). With MFA, this becomes very difficult because, in addition to the password, the hacker needs access to your smartphone to connect to your network or email.
But there are other methods of distributing ransomware in networks including infection via a website or a malicious document attached to an email, etc. In the case Streamscan handled, in connection with the authorities, the ransomware was distributed via a malicious website that was considered trustworthy.
Myth 6: Just make backups and you don't have to worry about ransomware
Even if you have up-to-date backups, recovering from ransomware is expensive. You’ll have to rebuild your infected systems from scratch, reinstall applications, restore the data and make test everything to make sure everything works as expected. We’ve seen data restores that have taken over a week!
And return to production can range from a week to several months in our experience, which explodes the costs of the incident. According to a CPOMAGAZINE article, the average cost to remediate the impacts of a ransomware incident (taking into account downtime, employee wages during the shutdown, ransom paid, etc.) was $1.85 million USD in 2021 compared to $760,000 in 2020.
Need Help? StreamScan is Here.
Whether you need help conducting a security audit, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with years of experience in the manufacturing sector who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.