A farmer selling her eggs and tomatoes at the market is probably not threatened by ransomware, but all other businesses are. And the threat is acute. That's because ransomware targets file storage - and all businesses have at least one of those.
Why Is Ransomware So Dangerous?
Cybercriminals use ransomware to gain access to files. If they succeed, three steps typically follow:
- the captured files are encrypted.
- the cybercriminals demand a ransom for the data to be made accessible again.
- the cybercriminals threaten to publish the files.
Christian Olbrich, encryption expert at Boxcryptor:
The threat level is serious, since the range and opportunities for attack are increasing. One reason for this – especially now – is the increase of home offices.
Fortunately, there are proven strategies to protect against ransomware. These strategies are based on the IT structure, meaning they are effective no matter the specific type of malware. Here’s where cloud storage for corporate data plays a crucial role.
Robert Freudenreich, CTO at Boxcryptor:
Companies shouldn’t wait until it’s too late. Unfortunately, we have often experienced companies coming to us only after falling victim to a ransomware attack.
How Can Companies Protect Themselves Against Ransomware?
Warding off ransomware is almost impossible due to the wide variety of programs and attack targets. However, it is possible to prepare in such a way that the impact is minimal. The most important components for this:
- Cloud storage with versioning, allowing files to be restored to the time before the attack.
- In-house encryption of files, preventing the attackers from publishing the data.
Implementing these simple protection mechanisms into existing IT structures is relatively straightforward, and measures can be upgraded at any time. Considering how grave of a problem ransomware poses for the German economy, upgrading protection is urgently needed. According to the status report for 2021 from the German Federal Office for Information Security (BSI), the threat situation is rated as tense to critical. Major damage is caused by business interruptions and ransom demands. On top of that, businesses have to deal with loss of trust from their customers as well as conflicts with the GDPR. Losing control over one's own files has dramatic effects. Unfortunately, these are not isolated incidents – almost daily, successful ransomware attacks make the news.
Learn More About Ransomware on Our Topic Pages
An effective ransomware protection is to store data in the cloud. Unfortunately, many companies still have reservations about cloud storage, fearing a loss of control. The concerns involve outsourcing of the data center to a service provider, on whose success one is dependent, and data transfer to other countries.
In reality, cloud storage can be secure and GDPR-compliant - if combined with end-to-end encryption. Thanks to the cloud storing not only your files but also their versioning, you kill two birds with one stone: ransomware protection and data protection. These are the key features making cloud storage the ideal protector against ransomware.
The moment the malware encrypts files, a new version is created in cloud storage - since encryption is technically an editing operation. Once the ransomware is detected and the time of encryption is known, the version from before the moment of malicious encryption can be restored. Ransomware protection is therefore primarily protection from the effects of ransomware.
In our expert talk, you can find out which cyber risks you can insure against. Ralph Günther, founder & CEO of exali dispels the myth about cyber insurance being sensible only for large companies.
In fact, large corporations are often more resilient to major failures than small businesses, which quickly run into trouble in the event of a cyber attack. Cyber insurance protects against the financial risk, typically covering three broad areas: Costs necessary to keep the business running, ransom, and IT forensic costs.
Unfortunately, many businesses underestimate ransomware. But attacks are on the rise, making it probable for someone to click on a malicious link in an email, or opening an attachment with a malicious program disguised as a resume. Cyber insurance allows everyone involved to sleep more soundly. Besides, a good cyber insurance policy also includes a 24-hour emergency number - another important plus factor.
Business Continuity Management
In addition to the organizational and financial challenges posed by a ransomware attack, business interruption is also a major risk. As more and more processes are digitally controlled and/or monitored, IT issues directly impact production. Therefore, companies need strategies for business continuity management (BCM for short).
Data protection plays an important role in BCM – protecting it from unauthorized access and destruction must be a top priority. Many challenges in business continuity management can be overcome with a well thought-out cloud strategy. Conveniently, BCM measures regarding cloud strategy are often identical to those limiting the impact of malware.
Aside from keeping IT systems up and running in the event of damage or attack, other key areas need to be addressed as part of business continuity management. Hazard analyses, for example, are an important component. In addition, there are emergency plans with instructions for action for those responsible and a prioritization of objectives.
The risk of a ransomware attack keeps growing due to increasing digitization (more data being stored = more attractive targets for cybercriminals), political entanglements (see cyberwar – politically motivated ransomware attacks target even companies in non-involved countries) and increasing IT vulnerabilities due to home office workplaces (especially in companies that have made the switch in a hurry).
Measures against the spread of ransomware in your company and files are comparatively simple, as they limit the threats at a structural level. Versioning systems, backup copies and access restrictions can in most cases be inserted into existing IT structures. Ransomware attacks will not decrease as a result, but the impact can be significantly mitigated.
Discuss within your company what actions need to be taken in case of a ransomware attack. Experts can provide you with tailored contingency plans for this. Investing in training will pay off sooner or later, since malware attacks are not going anywhere.
A trick that works on everyone sooner or later is malware being introduced by an employee opening a file they mistakenly considered trustworthy. Detecting ransomware, is the only way to fight this. However, cybercriminals are becoming more sophisticated, spoofing the identity of a boss ("Urgent: pay the invoice attached!") or disguising the ransomware in a fake job application. The methods are many and varied.
Email providers are working to automatically detect ransomware and block file attachments with certain formats. This certainly helps but should not be the only measure.
The best way to detect ransomware is to develop a certain basic skepticism about unsolicited files. If there’s slightest doubt, verify the source and double-check. After receiving an unexpected mail-attachment, call the sender to confirm. If the person hasn’t sent a file, you can be sure that you have just detected ransomware and averted an attack on your IT systems.
The Vipasana Ransomware
We took a closer look at the Vipasana ransomware, which has been circulating since at least the end of 2015. The name Vipasana comes from an earlier version of the ransomware that used the email address firstname.lastname@example.org as a way to contact the attackers. As one of the first ransomware versions that did not require an Internet connection to carry out the attack, the malware was considered innovative at the time.
Vipasana makes itself noticeable on your device by changing the desktop background suddenly and without any action taken. A strange and chaotic collage is now your wallpaper, with a warning in a lime green font and an email address in bright red. At this point, Vipasana has already encrypted all of your data, and it is no longer possible to access the data.
Another unique feature of Vipasana ransomware is its encryption algorithm. Using so-called stream encryption, first, a stream of bytes is generated that has the same length as the plaintext that is to be encrypted. Then, the characters of the stream are combined one by one with the plaintext. The Vipasana algorithm keys are encrypted using RSA so that the data can only be accessed by the attacker.