The Fear of Ransomware: It’s Not Someone Else’s Problem Anymore!
Recently, there was news that Kojima Industries, a subcontractor of Toyota Motor Corporation, was hit by a cyberattack. Are you aware of this?
Against the backdrop of the situation in Ukraine, cyberattack damage is also reaching Japan.
This isn’t something that doesn’t affect small and medium-sized enterprises. You must always prepare for external attacks, or it could lead to serious problems.
To take countermeasures, it’s important to first know your enemy. This time, we will explain “ransomware,” which is representative of cyberattacks.
Table of Contents
- 1. What is Ransomware
- 2. Difference from Malware
- 3. Types of Ransomware
- 4. Where Does Ransomware Infect From?
- 5. What Kind of Damage and Impact Does it Cause?
- 6. Examples of Actual Ransomware Damage
- 7. How Should You Take Countermeasures?
- Summary
1. What is Ransomware
Ransomware is a malicious, unauthorized program that disables an infected computer or encrypts files to make them unusable, and then demands a ransom.
“Ransom” means “ransom,” and the word “Ransomware” is a coined word combining it with “software.”
Generally, it refers to malicious software that demands a ransom.
In many cases, the ransom has a deadline. If you do not pay within that deadline, the data cannot be recovered permanently, or the ransom will increase.
However, there is no guarantee that you will always be able to recover your data if you pay the ransom. It is dangerous to accept the request easily, so be careful.
2. Difference from Malware
A word similar to ransomware is “malware.”
Malware is a coined word that combines “Malicious” and “software.”
There are various types of malware, such as making it impossible to start the computer used by the user or secretly acquiring personal information.
Malware basically refers to “malicious unauthorized programs.”
Therefore, ransomware is a type of malware.
3. Types of Ransomware
There are two main types of ransomware.
3-1. File Encryption Type
As the name suggests, this type encrypts materials and images on your computer, making them unusable.
This applies not only to your own computer, but also to the data in the database linked to your company’s services, if any.
If customer data is encrypted, users will not be able to use the service as usual, which will cause enormous damage. This is a very dangerous type that can lead to a sharp drop in trust in your company’s services and a decrease in sales.
3-2. Terminal Lock Type
This is a type of ransomware that makes it impossible to operate the computer at all.
Even if you can operate it, it is only to turn the power on/off. Even if the power is on, only a screen requesting a ransom is displayed.
4. Where Does Ransomware Infect From?
According to the “10 Major Information Security Threats 2021” published by IPA (Information-Technology Promotion Agency, Japan), the most common attack on companies and public organizations was “damage from ransomware.” It jumped from 5th place the previous year to 1st place at once.
Reference: https://www.ipa.go.jp/security/vuln/10threats2021.html
Why is the damage spreading like this? Here are the infection routes.
4-1. From Email
An email is suddenly sent from a malicious person, and you become infected when you open the file attached to it.
Be careful when opening attachments.
4-2. From Websites
This is a method of falsifying an existing website to make it look like reliable software and downloading fake ransomware.
4-3. Directly via Network
With network settings, you can filter (narrow down) accessible communications.
However, if you do not set this up, they may exploit the vulnerability and send it directly to infect you.
5. What Kind of Damage and Impact Does it Cause?
If you are infected with ransomware, you will not only be unable to operate files or the computer itself.
It can also spread to computers throughout the organization via the network.
The point that you will be troubled by is that they will shake you by weighing the very important “funds” and important “information” such as customer data at the company.
Even if you accept the request and pay, there is no guarantee that such malicious people will always restore it. They may even make further demands.
Furthermore, they may steal the data before encrypting it and threaten to “publish this data to the world if you don’t pay.”
This is called “double extortion.”
In order to avoid such a situation, it is necessary to take measures in advance.
6. Examples of Actual Ransomware Damage
From here, we will introduce examples of actual ransomware damage that occurred in Japan.
6-1. June 2020
Automobile company Honda suffered a cyberattack and caused a system failure.
Production and shipping were suspended at factories in Japan and overseas, which had a major impact.
When the ransomware used here was analyzed, it was found that it was designed to only work within Honda Motor.
Damage from ransomware targeting specific companies like this is also emerging.
6-2. November 2020
Game company CAPCOM was illegally accessed. Approximately 390,000 pieces of important in-house data, including customer and shareholder information, were stolen. They did the aforementioned “double extortion” and demanded a ransom of 1.15 billion in exchange for canceling the file encryption and information leakage.
After that, they cooperated with external specialized companies and the police to proceed to a solution. They did not pay the ransom, but the personal information of more than 10,000 people was confirmed to have been leaked.
Leaking important data can lead to major problems. Ransomware poses a risk of not only money and information, but also loss of trust as a company. I hope that the importance of countermeasures has been better conveyed.
7. How Should You Take Countermeasures?
So, how can we prevent the dangers of ransomware?
Specific countermeasures are as follows.
7-1. Install Antivirus Software
If your budget allows, we recommend purchasing and installing a paid package.
Also, always update to the latest version to deal with new attack methods.
7-2. Keep Your OS Version Up to Date
Keep the OS version of your computer up to date.
Security patches, which are programs that deal with viruses, are also updated regularly in the OS.
However, please note that updating to the latest OS may make the software you are currently using unusable.
7-3. Be Careful of Files Attached to Received Emails
Be very careful of emails from senders other than business partners. Even if the email is from a business partner or someone you know, we recommend checking the file name and extension when opening an attachment.
And, if information is leaked or if you are infected with ransomware, there are things you can do to reduce the damage as much as possible.
7-4. Encrypt Data When Exchanging It
Even if important materials are leaked, you can prevent information leakage by encrypting them and making them unreadable.
It is a problem in itself that such materials fall into the hands of outsiders, but it is also important to hedge the risk when they are leaked to the outside.
7-5. Obtain Backups
If files become unusable due to ransomware, you can view them without any problems if you have backed them up to the cloud.
However, don’t be relieved. The information has not changed, so contact the police immediately to take action.
Summary
We have explained ransomware.
With the spread of computers and the Internet, it is inevitable that malicious users will emerge. The damage and impact will continue to spread. Cyberattacks can happen at any time. It’s not someone else’s problem at all.
Is your company’s countermeasures perfect? Prepare for external attacks now, before any damage occurs.
Please contact globalsupport@jiran.com for further assistance.
