5 Steps Involved in a Ransomware Attack

February 2, 2022

COVID-19 isn’t the only virus that has spread and mutated throughout the world over the last few years. With the shift to remote everything during the pandemic, cyberattacks have also been on a steep rise. Just one bad click is all it takes for ransomware to cascade throughout your organization. Recent polls among IT decisionmakers reveal that security threats have become a major challenge for businesses of all sizes. According to figures compiled by the Unit 42 security consulting group, the average ransomware payment has climbed 82 percent since 2020 to a record $570,000 during the first half of 2021.

Obviously, you want to do everything you can to prevent the downtime and expense of these cyberattacks. Once you’ve made sure all endpoint devices are secured (don’t forget your printing infrastructure), employee vigilance becomes your last line of defense. Why? Because hackers rely on an unsuspecting user to provide the click that starts the chain of events that leads to disaster. Here’s what typically happens:

  1. Access—Most ransomware arrives through phishing emails – messages that are designed to trick someone into entering their credentials or interacting with malicious content. It could be an Excel file with macros that release ransomware when enabled, a hidden executable file, or a link to a malicious or fake website.
  2. Infection—Once it’s released, the virus installs itself on the targeted machine and attempts to gain access to any data, resource or system it can on your network. This includes access to keys on your network, important documents or even built-in security measures that could impede the virus’ progress.
  3. Spread—Ransomware is specifically designed to spread. It infects any machine it can. It will find out as much information as it can about your infrastructure. And it will identify and spread to network shares, smart devices and any other resources it can access.
  4. Encryption—Once the virus has spread and gained access to a significant part of your infrastructure, it will “activate” and encrypt all the files it has accessed – which is usually the first time you realize there is an issue.
  5. Demand—After compromising and encrypting, the virus then sends its victims a message that makes a ransom demand. This could be an ask for payment with the promise to release and return all the files, a warning that sensitive information will be published online or a threat to sell data on the dark web. In a frightened panic, victims often pay the ransom. And instead of solving the problem, the payment encourages more cybercrime and provides no guarantee that the criminals will release the hijacked data.

You and the rest of your employees had to scramble when the pandemic sent people home to work remotely. In that rush, your first challenge was most likely making sure people could access their tools and data. Your next concern was probably security, especially with strict workplace device policies morphing to a mixture of company and personal devices. But in their urgency to get the work done, employees likely haven’t put your security procedures first. And all this work-from-anywhere multiplies the cybersecurity risks to your organization, ranging from phishing emails and iffy apps your employees may be using, to extremely disruptive and expensive ransomware attacks – all of which are on the rise.

Now it looks like remote work will be a permanent part of doing business. So if you haven’t taken the time yet to circle back on security – including performing basic endpoint hygiene and connectivity performance checks on computers and other endpoint devices – don’t wait any longer. Ask your person in charge of IT these three essential questions.

  1. Have we reviewed and adjusted the security settings of our cloud access points as well as our organization’s internal network?
  2. Have we made sure that the security settings and measures for remote users are appropriate for our current and foreseeable levels of usage?
  3. Is our team – including all users (onsite and remote) and IT staff – aware of all the latest security threats, or do they need additional education to bring them up to date?

Remote workers are now the core of your organization’s productivity, and are your business’s allies in protecting your IT. Their devices can no longer exist at the fringes of your security plan – they are dead center and must be treated as such. The mixing of company and personal devices demands separate practices and elevated levels of control. This means much more than the basic antivirus and antispyware protection, it means multi-factor authentication (MFA) and onboard endpoint detection and response (EDR) capabilities.

Your remote workers should not only be aware of these new measures, but the tools and safeguards you use to attain and remain at a new level of endpoint and data security by deploying them. With the world rapidly – and permanently – changing, now is the time to partner with a solutions provider that lives and breathes security best practices.

Without considering these crucial questions, you can’t be sure each endpoint meets security policy requirements. Make sure you have the right tools to track and enforce policy on all devices and with employees everywhere, while delivering easy user onboarding and

offboarding. All Covered’s IT Services portfolio can help. Learn more online.

All Covered Experts