How businesses can deal with ransomware attacks

Russian linked cybercrime hackers REvil on July 7 infiltrated a Florida based information tech firm in the USA causing massive data theft, and a ransom demand of more than $ 70 million (Shs248 billion).

The ransomware has been described by Huntress Lab, a cybersecurity firm in the US, as one of the biggest in modern times, which affected close to 2,000 businneses across 15 countries.

Following the attack, cybersecurity teams across the world are scrambling to regain control of the stolen data.

To acknowledge the gravity of this situation, one needs to first understand what a ransomware is.

According Emmannuel Chagara, a cybersecurity expert and the chief executive at Milima Technologies, a ransomware, is a form of malicious software that encrypts a computer’s files and directories and demands a ransom, most often cash, in return for a decryption key.

This means the malicious software is designed to block access to a computer system and data until a sum of money is paid.

“More organisations and individuals are falling victims to ransomware attacks with many victims willing to pay the ransom to avoid losing their highly important information,” Chagara opines.

With more companies ready to pay, it has in turn given the hackers confidence that ransomware attacks can be a strong business model.

A case that explains the increasing rampant ransomware attacks globally.

Milima Technologies, a cybersecurity firm operating in Uganda is closely following the recent ransomware attack.

Chagara says money tops the charts for motivations behind ransomware attacks.

“Hackers always take advantage of existing vulnerabilities in IT systems to deploy and take hostage the systems,” he share.

In the case of Kaseya, Chagara has discovered that they had a major flaw in their system that the hackers got to know about and this is how they became victims.

The ransonaware attack on Kaseya was carefully planned with one major discovery already showing that the hackers gained access to the system’s update features and used this component to distribute infected updates to all subscribed organisations.

REvil is a Russian based hacker group has of recent been responsible for high profile ransomwareattacks including a major hack on an American meat processing company called JBS in June just before executing another attack on Kaseya in July 2021.

 REvil just like other hacker groups have developed a business model commonly called “Ransomware-as-a-service.”

With this model, a hacker group takes 20 per cent of the ransom payout while the affiliate groups take 80 per cent. For instance, JBS is known to have paid $11m (Shs39 billion) to regain access to its systems.

 So far, several cybersecurity research groups have taken on the task of developing a kill-switch, software code to deactivate the ransomware) and a decryption key.

Uganda at risk

With the world being a global village, Chagara reveals it only takes a second for the ransomware to take down IT systems in Uganda.

“Everytime we see such incidents happen at a distance, we should not sit back and think this an American problem,” he reveals.

All businesses are vulnerable to ransomware attacks and overall cyberattacks.

Whereas financial institutions top the list of most targeted institutions, other sectors and small businesses have equally continued to register losses.

In this recent ransomware attack, it is reported that most of the users of Kaseya’s managed services software were small businesses. One such business is a coffee shop in Sweden which failed to access their online cash register hence closing down for almost a week.

The most important activity post any cyberattack is to contain the threat and minimise the spread.

During the recent ransomware attack, the Federal Bureau of Investigations (FBI) released a statement, and advised all businesses to shut down their VSA servers immediately.

Chagara shares a similar view from the FBI, and offers key tips to withstand such cyber attacks. He says the most effective way; is to disconnect the infected computers from the overall network, in case it is in a local area network setting or disconnect from the internet.

 “Here, you avoid any evolution of the threat within your network environments,” he notes.

Abusiness should call a reputable expert or organisation to assess the extent of damage.

An expert may advise on system restoration from an old backup, extraction and deactivation of the ransomware, if decryptors are accessible or overall cleanup of the system. An effective and swift return to normalcy is what is pursued.