Ransomware: A security expert explains what makes us vulnerable and how to prevent it

Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.

Ransomware: A security expert explains what makes us vulnerable and how to prevent it

TechRepublic's Karen Roby spoke with Rahul Kashyap, president and CEO of Awake Security, about the prevalence of ransomware and how to prevent it. The following is an edited transcript of their conversation. 

Rahul Kashyap: This is a pretty big problem already at a pretty large scale. I believe the ransomware attackers have hit kind of the sweet spot of profiling and finding almost the perfect victims for very high success rates. These are the unsophisticated IT users with the minimum or no IT security budget. They almost never have backups. Very likely the crimes might not even get reported by many of these people because they just end up paying up. So, this is a very large problem and also growing rapidly.

SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)

Karen Roby: You're saying small businesses, because of their budgets and not having a large IT staff, that's really the sweet spot now for ransomware attacks?

Rahul Kashyap: Ransomware is a very different kind of attack. There are different forms of attack, right? So you have forms of attack which are stealthy and hidden. Most malware is designed to be behind the scenes and never there; ransomware is the exact opposite because it's about scaring the users, literally holding them as hostages and trying to extract money immediately. It fits this profile of users very well from a psychological profiling point of view.

Karen Roby: You work with businesses every day that are trying to protect themselves, and I'm sure you've seen the impact of an attack like this. Talk a little bit about what it does to the psyche when someone or a company has been attacked in this way.

SEE: 88% of IT pros say world is in permanent state of cyberwar (TechRepublic)

Rahul Kashyap: I actually have met several victims myself, and we have talked as well. One of our solutions actually is designed to identify such attacks and try to disable and take out some of the victim [machines]. A few months ago we helped a small Dallas-based manufacturing company to basically identify and disable a ransomware attack that was underway. So what we found was they were developing the product, and one of their facilities in Atlanta was hit by a ransomware attack. This was a pretty well-known strain at that time. They basically executed and encrypted more than 2,500 files, effectively shutting down four of the company's critical servers.

The attacker demanded a six-figure ransom for the files because of the high-profile of the victim and they felt that they had compromised something of value to the user team. So they had a pretty high price. First of all, we identified and were able to help them mitigate and contain the infection so that it didn't grow. They had six more facilities, and we prevented the spread to other sites. This was a real alarming situation because the victim was completely unprepared to handle this scenario.

SEE: CovidLock ransomware exploits coronavirus with malicious Android app (TechRepublic)

Karen Roby: Talk a little bit more in-depth about suggestions that you make to companies, or things that people need to keep in mind and things that they need to instruct their employees to do and to look out for.

Rahul Kashyap: Ransomware is still pretty much being exploited or delivered using the traditional and the most well-known weakness in cybersecurity, which is the humans, right? Most ransomware attacks still come via phishing emails targeting specific groups of users. Specifically, the kind of people we are seeing are schools, counties, police departments. Most of the emails of a lot of people are available publicly, so people are obviously harvesting your email addresses and trying to send you emails. So be very, very careful of spam. I'm sure you've heard this from pretty much everybody in cybersecurity is that don't trust and don't click on [suspicious] emails. That's all it takes. One click and then someone can infect you.

Basic hygiene is always going to be very, very critical. If you don't have backups, try to see if you can isolate and build out a network where ransomware infections cannot spread very quickly and create havoc in your environments. Pretty much the standard precautions that you know would be applied for ransomware infections. Surprisingly, we are still struggling with the basics right now. This is what's causing the infection.

SEE Report: US Health and Human Services department hit by cyberattack amidst coronavirus fears (TechRepublic)

Karen Roby: Do you feel like we're starting to see a little bit of a shift in terms of companies starting to take this kind of thing more seriously? Or do you still feel like people are kind of acting like they're in the dark?

Rahul Kashyap: I would say it's a mixed bag. Some of the businesses that are fairly large are definitely investing and being more proactive. But I'm seeing school departments being hit. I'm seeing people who just don't have the resources, or any kind of planning to really tackle this--they are left really vulnerable. There are several large sections of society at large that I am seeing, which are very vulnerable to these kinds of attacks right now.

Also see


Karen Roby talks with Rahul Kashyap of Awake Security about the prevalence of ransomware.

Image: Mackenzie Burke