Ransomware Attack: What is it, how bad is it and how you prevent it

Ransomware attacks are on the rise, but what do you need to know about them? In this blog post, we will focus on ransom malware in detail: what it is, how it works and what you need to do to keep your business safe.

Don’t forget this is part of our series of cybercrime informational blogs!

What is a Ransomware Attack?

Ransom malware, to give it its full title, is a type of malicious software (Malware) created with the intent of infiltrating a computer network and blocking file access profiles until a sum of money is paid. The attack may not stop at just obstructing a user’s access to their files, it might also threaten the release of sensitive data via the internet.

Introduced in 1989 with the AIDS trojan, Ransomware has increased in its sophistication with modern twists aligning themselves with cryptocurrency crimes. Most notably the WannaCry attack of 2017 used a worm program to target Microsoft Windows operating systems worldwide, encrypting data and seeking ransom payment by Bitcoin. In a few hours, the worm had spread to more than 200,000 computers in 150 countries, leading to total damages in the billions.

How Ransomware works

Ransomware relies heavily on phishing emails to deliver a download, attachment or website link to the email recipient’s computer. Triggered by the recipient through human error.

There are other forms of infection, however. These can include hacking someone’s login credentials or guessing passwords. This particular form of network access allows the attacker to download malware directly into the system without needing the user to do it for them.

Want to make sure your passwords are protected? Read this guide to password protection protocols.

Once the malware is live in your network it starts to copy and encrypt targeted files with a control key, removing the original files from your system. Attackers may go further to remove all backups and shadow copies of your files for your system so that you have no access to your data without making a payment.

This is where the ransom demand is prompted. This might come in the form of screen locker ransom notes, or scareware (see below). Increasingly ransom is expected to be paid in cryptocurrency.

If the ransom is paid at the very least you will need to make sure you receive either a copy of the encryption key, or a key to access the encryption key storage, which will gain your access to the decryption program.

Should you pay the ransom?

No.

Even if you were to pay the ransom for your data, there is no way of knowing if you will regain access to your original files and data.

Types of ransomware you should know about

• Scareware - is designed to make users believe they need to download security software. Once downloaded it detects a fake security alert, which directs you to make a payment to solve a problem. You will often notice this form of attack by the flurry of popups appearing on your lock screen, which prevent you from logging in.

• Screen lockers - you’ll see this type of Ransomware in modern films because of the dramatic countdown clock on the computer lock screen.

• Encrypting ransomware (including crypto-ransomware) - the most well-known and damaging of the strains, encryptors work to block access to files and data in computer systems. The content within your system essentially becomes impenetrable without a decryption key.

• Leakware (also known as Doxware) - is created purely to elicit payment through the threat of releasing sensitive data via the internet.

• RaaS (ransomware as a service) - the malware is hosted by a third-party hacker. The host does all the leg work, creating and operating malicious software for hire.

How common are Ransomware Attacks?

Whilst attacks are common in education, utilities, banking and finance, retail and consumer goods, healthcare and pharmaceuticals, and telecommunication industries, Ransomware attacks make up 10% of all network breaches.

Approximately 37% of global organisations reported being victims of such attacks in 2021 (IDC 2021 report). During the Pandemic attacks rose further by 148%, according to TechTarget, so we must understand how to protect business networks against it.

How to prevent Ransomware Attacks?

Regardless of the size of your business, Ransomware prevention is vital because sometimes malware is just plain opportunistic.

Here are some simple steps we think you should take

1. Create off-network backups - separate servers with encryption works well here.

2. Create a run a cyber awareness training with your staff, giving them clear protocol to report and deal with any potential issues

3. Make sure staff and users are aware not to release personal information via email

4. Use a virtual private network (VPN) when surfing the internet

5. Use 2-factor authentication on all systems and devices

6. Invest in good antivirus software

7. Update your antivirus through patches when they come in

8. Have your IT administrators scan your systems for malicious files regularly

Need help protecting your business against a Ransomware Attack?

Losing your data and system access to cybercrime is devastating and can be far more reaching than the initial loss of data and finance. It can impact your business’s productivity, halting business operations and service delivery. It can also have a long-term effect on your business reputation. Meaning what you do in terms of Ransomware prevention is vital.

If you are in the central London area contact us today and let us handle all your IT support needs!