Ransomware: global threat requiring prevention and support from cybersecurity experts

Covid-19 contributed to the spread of ransomware, a digital pandemic that today affects people, companies and government entities around the world. Factors such as mandatory confinement, the adoption of teleworking, increased network connection time and the loosening of security measures have generated vulnerabilities that have facilitated its growth.

This cybercrime works on the basis of malware, or malicious software, capable of infecting computers, tablets, cell phones, external storage units and Internet of Things (IoT) devices, until it reaches corporate networks.

It spreads by means of social engineering techniques through: emails, text messages, websites, misleading advertising, social networks and mobile applications.

Each of these options facilitates the download of a virus. This is how cybercriminals take control of information and proceed to encrypt certain files. In this way, although the data remains on computers and servers, its users no longer have access to it. This is a kidnapping and gives way to the demand for a large ransom payment for the information.

The damage is enormous

In the case of companies and organizations, a ransomware attack can paralyze their operations, generate large economic losses and seriously damage their reputation. In the case of official institutions, the functioning of services such as health, sanitation, energy, transport and telecommunications is affected, endangering people’s lives.

According to a report by the Latin America and Caribbean Network Information Centre (LACNIC), the rise of teleworking contributed to an increase of more than 300% in ransomware attacks in the region in 2020.

Meanwhile, Adriana Jiménez, Innovation Leader at IFX Networks, considers that the absence of a solid cybersecurity culture has favored the action of much more specialized criminal groups, the use of new types of malware and the advancement of ransomware as a service (RaaS).

It is in this context where it becomes increasingly important for companies and organizations to have the support of expert providers in the supply of security services. Taking this alternative allows them to dedicate themselves to the development of their business, while specialized companies are in charge of designing, executing and supporting a complete information security strategy.

As a Communications and IT Managed Services Provider, IFX Networks serves more than 3,200 organizations in 17 countries in the region. One of its business lines is: IFX Security Solutions, which includes:

  • IFX SOCaaS: Security Operations Center as a Service. Its objective is to comprehensively protect the technological infrastructure of organizations, thus preserving the confidentiality, integrity and availability of information. To this end, it prevents, detects, evaluates and responds to cybersecurity threats and incidents, while ensuring compliance with legal regulations related to digital assets managed by companies.
  • IFX Close Protection 360, a service that protects the perimeter network and information efficiently and securely through a centralized high-availability solution that optimizes the Internet channel, ensures business continuity and access security.
  • IFX Server and Endpoint Protection: tools that guarantee the protection of servers and end devices against threats such as ransomware, malware, zero-day attacks and exploits, among others.

How to deal comprehensively with ransomware?

Based on its knowledge and experience over 22 years, IFX Networks believes that success in neutralizing threats is based, first and foremost, on effective prevention. That is: a solid commitment that goes from top executive officers to all staff members in order to avoid mistakes that can generate serious consequences.

In this context, the company proposes to implement the following recommendations:

User awareness. Human beings make mistakes and measures must be taken to mitigate them. That is why the design of information, education and prevention campaigns is the basis of an integral safety strategy. Objectives: to become aware of the existence of cybercriminals, to know their ways of acting and to be prepared for different options of attack attempts.

Extending cybersecurity policies to mobile devices. With teleworking, the use of laptops, smartphones and tablets to access corporate networks became increasingly common. In this scenario it is essential to extend security policies to each of these devices.

Keeping backups up to date. New ransomware families can eliminate backup copies. Hence, it is necessary to make copies on files, hard disks or network storage systems other than the computers that can be infected. This includes external media not connected to the network. This is the case of a hard disk for copies and the cloud. The latter by disabling persistent synchronization.

Data encryption. It is important to encrypt the most sensitive information so that cybercriminals cannot make it public. As a complement, the password or certificate required to decrypt it should be stored on an external storage device, which should be kept disconnected from computers that could be attacked.

Use of strong passwords. The easier it is to crack a password, the easier it will be for criminals. It is clear that the use of strong passwords and the configuration of lockout policies for a certain number of unsuccessful attempts to access the system should be required.

Today, more than ever, technology is advancing and systems will never be 100% secure. That is why it is important to activate an integrated and effective security strategy to prevent cybercrime, concludes Adriana Jiménez.