.
Brazil occupies a far from honorable position in the ranking of the countries most affected by cyber threats, according to the “Fast Facts” report by the digital security company Trend Micro.
But among the different pests, one has produced more devastating consequences – ransomware.
In 2019 until 2022, Brazilian users have always figured in the top 10 positions of countries with the most victims.
What it is and how to protect your files from this threat, that’s what we’ll see today.
What is ransomware?
We have an article on what ransomware is and “everything” you should know about it.
Briefly, ransomware is a type of malware that encrypts files, making them unusable by users. To decrypt them, a key is required, which is only provided upon payment of a “ransom”.
However, the malware “industry” is becoming more sophisticated and if until recently this type of threat was produced only by cybercriminals with specific knowledge, it currently requires virtually no skill and experience in the matter.
The reason for this change and the alarming increase in the incidence of ransomware is what is known as RaaS (Ransomware as a Service) or “ransomware as a service”.
In other words, everything needed to carry out a ransomware attack is provided as a service, on the Deep Web or Dark Web.
Ransomware operators no longer need advanced knowledge to infiltrate your network. Now, hackers – crackers, really – can offer their malicious techniques as easy-to-use products to less experienced or novice hackers, in the form of a franchise or an affiliate program model.
What is important to know about ransomware?
It is not necessary for users to be experts on the subject, having some information about it can be decisive and avoid major headaches. It is even reasonably agreed that information is an essential preventive measure.
Therefore, those responsible for the IT area must make sure that all users with access to the Internet and who have access to sensitive content are duly informed about:
- The first point is the already mentioned growth, which appears as one of the most frequent digital threats today;
- The second is that if the user does not surround himself with a series of measures and becomes a victim, there is no solution. Therefore, the few associated security measures are preventive and must be adopted before the malware acts, which we will discuss further ahead;
- Depending on the set of files that were encrypted, the business model and the dependence on this content for the business to run, there are companies that are simply forced to shut down their operations;
- Although in different degrees and probabilities, the most diverse devices (Macs, iPhones, iPads, Windows PCs, Linux and Android devices) can suffer ransomware attacks;
- There are many forms of dissemination, but the most common is using the Internet, either by email, or through links on malicious sites, using phishing and which consists of creating an attractive “bait” that induces the user to click on it. , installing the harmful program or even having it run – without installation – on the user’s device. Therefore, knowing how to recognize phishing techniques is essential;
- There are attacks that affect not only the infected machine, but the entire computer network of which it is part, which is the case of NotPetya ransomware. Therefore, it only takes one user for an entire company to be affected;
- Paying the ransom is no guarantee that the key to decrypt the content will be provided. Remember that even though it is a digital offense, it is still a criminal behind the action.
How to protect your files?
When it comes to digital threats, prevention is always the best alternative and it starts, as we said, by making users aware, especially those who have access to sensitive files, either locally stored in their computers, or those with access to the company’s network or to the intranet.
1. Data security policy
Adequate protection of the company’s digital assets starts with a comprehensive and comprehensive security policy that should cover a number of aspects, such as:
- Use of devices – there must be guidelines regarding the use of personal devices, whether devices (notebooks and smartphones), such as media (external HDs, pendrives, etc.), which, as they are used outside the exclusive scope of the business, increase the chances exposure to harmful content;
- Access – which users have access to the network, to the intranet, which access levels (permissions), etc;
- Internet – controlling access to the Internet, as well as downloading and installing content from it, also needs to be considered, since, as mentioned, phishing is often an instrument for ransomware. Even installing a browser extension can be the gateway to this and other types of threat;
- Credentials – the authentication processes, the use of passwords, as well as multi-factor authentication (MFA);
Still talking about security policy, given its importance, the following aspect deserves a separate chapter…
2. Backup
Backup, which may even have its own policy, represents the most important pillar of data security. When all other measures are not enough, he is the one who will ensure the restitution of company data
And it’s not just in the case of ransomware. Any problem and that can even be the physical failure of a disk or in the event of a disaster, an extensive backup policy is capable of restoring the data.
Therefore, backup routines – especially of sensitive data – must take into account the lowest possible periodicity, safe storage on media in different physical locations, redundancy and integrity of stored data.
3. Systems
Part of the security of the company’s environment necessarily involves the security of the systems used. Some of the variants that produced the most victims made use of flaws in operating systems or those that were not properly updated.
Cases of exploitation through software are also not rare, be it pirated software that can be a vector of malware infection, be it software without safe origin or that contain security flaws.
Thus, the IT team or the professional in charge needs to ensure that the machines are properly updated and that any and all programs used on them have a safe origin.
4. Anti-Malware Solutions
Anti-malware solutions, also known as anti-virus programs, are an important barrier.
Although not all of them are able to detect and block 100% of the variants, especially the recently released ones, not having one means being 100% exposed.
Furthermore, the most robust solutions are based on more efficient technologies to detect even the most aggressive types, especially in their paid versions. Therefore, it is sometimes convenient to consider them over free versions.
The most complete are able to identify the many situations that represent a threat, such as a suspicious link, a malicious download and various actions that may be associated with phishing.
In this segment, there are “specialized” solutions that work together with the most popular antiviruses, such as acroniswhich in addition to using a mechanism specially dedicated to identifying behaviors associated with ransomware attacks, also has an integrated backup of sensitive content.
In addition to being able to have it installed and operating in parallel with your “official” antivirus, there is also a free version with up to 5Gb of data backed up.
5. Windows
The most used operating system in the world, it also offers some features that can be useful in this important battle.
It is important to highlight that the following measures do not exempt from adopting everything that has been presented so far and should serve as additional measures.
The first action is a native feature that is disabled by default. This is the security setting known as “Protected Folders”.
To access it, the path is: Settings > Privacy and Security > Windows Security > Virus and threat protection > Virus and threat protection settings > Access to controlled folders.
By checking the option, it is possible to manage all the folders that will be supervised for access by trusted and standard applications, in such a way that applications that are not included in the list are prevented from making changes to files inside protected folders.
The second procedure consists of enable OneDrive Personal Vault.
Every Windows user with an account set up has 5Gb of cloud storage on Microsoft’s OneDrive service. The Personal Vault is nothing more than a protected area within OneDrive, which requires two-factor authentication to gain access.
The amount of space covered by the service can be extended according to the service’s paid plans.
When configuring the second method using for example the Microsoft Authenticator of the smartphone, the malware cannot reach the content stored in the Personal Vault due to lack of authentication.
Conclusion
Brazil’s position in the ranking of ransomware victims requires users to surround themselves with a set of measures to protect their files.
.
