Rapid technological progress, the polycrisis and a tense geopolitical situation: for cybercriminals, the past few months have truly been stellar. Time and again, hackers – including many now very professionally organized gangs – have succeeded in digitally disabling companies and authorities in the Federal Republic. Only last year, a district in Saxony-Anhalt had to declare the first cyber disaster in Germany. According to the BSI, after a ransomware attack, citizen-related services were unavailable or only available to a limited extent for over 207 days. The gateway was probably a security hole in the printer system. Those responsible categorically refused to pay a ransom – specialists and experts from federal and state authorities analyzed and fought the virus on their own.
What is Ransomware
Thousands of companies in Saxony-Anhalt suffer the same fate every year: Cybercriminals gain access to their systems and cripple them with ransomware-type malware. By definition, ransomware refers to malicious programs aimed at blocking the computer system or encrypting the operational and user data. A ransom in the cryptocurrency Bitcoin is then demanded for the release of the data and systems. Experts strongly advise companies not to accept such demands in the event of an attack – also because the subsequent release of the data is by no means guaranteed – and instead recommend using incident response services.
Ransomware attacks: This is what enterprises need to be prepared for in 2023
Like most malware, ransomware is continuously evolving. According to the BSI, the first attacks of this type occurred in 2005. According to studies, more than 623 million ransomware attacks were recorded worldwide in 2022 – the number of unreported cases is likely to be significantly higher. Today, cybercriminals are often organized in almost mafia-like structures and also take advantage of artificial intelligence to constantly develop their perfidious attack patterns. Many now go so far as not only to encrypt their victims’ systems and demand a ransom for decryption – this is known as a “single extortion” – but also to steal sensitive customer and company data and threaten to publish it on the darknet (“double extortion”).
Current threat: Ransomware-as-a-Service
Technological advances are clearly playing into the hands of cybercriminals. “Automated tools are creating new opportunities for hackers to increase the volume and intensity of attacks,” says Matthias Nehls, managing partner and founder of the German Society for Cyber Security (DGC). Ransomware-as-a-service is also gaining in importance against this backdrop. In this criminal business model, ransomware can be used against payment – a software subscription of the underworld. Thus, cybercriminals do not necessarily have to have technical expertise themselves to be able to attack companies.
Consequences of ransomware attacks for companies
The consequences of ransomware attacks for companies are devastating. The encryption of data and systems often significantly disrupts processes and production chains, and upstream and downstream services are also frequently affected. In addition, the company is threatened with massive damage to its image if, for example, customers have to fear for their sensitive data or patents fall into the hands of competitors. The costs incurred by such a disaster are almost impossible to quantify. What’s worse, if CRITIS companies such as electricity and water suppliers, military facilities or hospitals are affected, human lives could even be at risk in the event of an emergency.
In the case of the ransomware attack on the German county cited above, the scale of the attack was such that many payments and citizen-related services could not be carried out for weeks, or only to a very limited extent.
Ransomware recovery: how to recover from an attack
“With the right measures and preventive measures, attacks can be averted or their extent limited,” says Matthias Nehls. If a company falls victim to a ransomware attack or observes anomalies in its IT, fast action is required. Experts distinguish between short- and medium-term measures that the company can take itself and external expertise that usually has powerful software and extensive know-how to quickly put a stop to the cybercriminals and minimize the damage caused. Of course, lessons learned from the current attack situation are also taken into account so that the company is even better protected in the future and can act preventively.
Detect Ransomware: Here’s what you and your employees should watch out for
Studies by Microsoft have shown that 97 percent of ransomware attacks infiltrate the attacked systems within four hours. The perfidious thing about ransomware, however, is that the data encryption initially happens in the background. As a result, affected companies often do not even notice it at first. Depending on the type of ransomware, it can happen after “successful” encryption that the computer screen suddenly goes black and the device no longer responds to mouse and keyboard input. This is often followed by a threatening text in which the attackers demand a ransom or threaten to delete or pass on the encrypted data.
1. Backups of your data
Experts recommend regularly making backups of data and systems – and storing them externally, for example on USB sticks or external hard drives. Important: Once the backup process is complete, the storage medium should be disconnected from the computer immediately.
2. Virus scanner and content filter
Companies are strongly advised to use virus scanners and content filters for their mail servers. The advantage: By using the professional email and web security tools, attachments, websites and files can be scanned for malware and potentially dangerous advertisements and social media sites without relevance can be blocked.
3. Update apps and operating systems regularly
Operating systems and applications should also be updated regularly to prevent ransomware and other malware from entering your devices. This is the only way to ensure that the latest security updates from the manufacturers are always available and that any security vulnerabilities that may have already been fixed do not serve as gateways for cybercriminals.
4. Do not download apps from unknown sources
One important tip that all employees should take to heart is the commandment to never download apps from unknown sources. Good to know: The use of so-called application whitelists can prevent the unauthorized downloading and execution of applications.
5. Install reliable antivirus software
Reliable antivirus software can at least protect systems from known malware. Again, regular updating of antivirus programs, intrusion prevention systems (IPS) and anti-malware tools for devices and networks is essential.
6. Divide network into security zones
Experts strongly recommend dividing your own network into security zones. This segmentation, in which particularly sensitive systems are outsourced to specially secured network zones, ensures that one infected area cannot easily spread to another.
7. Encryption at home according to the WPA3 standard
Encryption of wireless networks in accordance with the current WPA3 standard is also expressly advised. This applies in particular to home office networks, where the boundaries between private and business communication are often blurred and security standards are generally not monitored as closely as they are in the company itself.
8. Be careful with email attachments or links
Again and again, experts warn not to open attachments from e-mails from unknown senders under any circumstances. There could be hidden programs in them that are executed automatically without the users even noticing.
9. Create and maintain access rights
Not every employee must and should be able to access all systems. To keep the security risk as low as possible, the creation and adherence to access rights is an important measure. This is the only way to ensure that as few users as possible can infect business-critical applications.
10. Conducting regular security awareness trainings
Unfortunately true: The “human factor” remains the weakest link in any security chain. Regular security awareness training can significantly increase the security awareness of your employees. Participants are made aware of the dangers and the need for prudent user behavior through numerous examples and up-to-date information.
Prevent ransomware attacks with a strong partner at your side
When it comes to optimal protection against ransomware and other cyberattacks, the measures outlined can form a good basis for prevention. But external expertise in the form of a renowned IT security service provider like DGC also pays off. The advantage: The experts know the attack patterns and can react quickly in an emergency. In the event of a specific attack, the Incident Response Service is available around the clock – inquiries are answered within 30 minutes.
In order to meet the individual needs of companies, DGC also offers various modular cyber security partnerships. Included is basically the vulnerability scanner cyberscan.io®, developed in Germany itself, which detects current cyber risks and can minimize the impact of IT vulnerabilities. Regular penetration tests – simulated hacker attacks – and the aforementioned security awareness training also contribute to fully comprehensive 360-degree protection.