What is Ransomware?
The days of simple malware – developed by amateurs that were just looking to make mischief – are long gone. Organized crime lies behind much of today’s malware… and the focus is on making money.
Simply put, it’s a type of malware that gets into a computer or server and encrypts files, making them inaccessible. The goal is to shut down your ability to do normal business. The attacker then demands a ransom for the key to “unlock” your data.
If you get hit with a ransomware attack, your organization will have an extremely difficult decision to make.
Neither is ideal:
Pay the ransom | Work to recover your systems |
This is certainly the easiest way to get back up and running, but it only increases the likelihood you’ll be attacked again. Additionally, you are funnelling money to organized crime or potentially even terror organizations. In some cases, companies paid the ransom only to have the attackers ask for more. | If you choose not to pay the ransom, you’ll need to recover the locked data yourself. If you do not have a clear recovery protocol in place, then you may have to deal with being locked out of your data and systems for a while. That forces you to weigh the impact on your business against the ransom ask, which is exactly what they want. |
Typical ransomware software uses RSA 2048 (22048) encryption to encrypt files. Just to give you an idea of how strong this is, an average desktop computer is estimated to take around 6.4 quadrillion years to crack an RSA 2048 key. |
How a cryptor attacks
In common with most other types of malware, there are many ways in which a cryptor can find its way onto computers and other devices.
However, two of the most common ways are:
Phishing Spam | Water Holding |
Where the victim receives an email that contains an infected attachment or includes a link to a phishing website. | Whereby visiting a legitimate website that is popular with a specific type of user or job role, such as an accountancy forum or a business advice site, can result in the employee’s device becoming infected. In these cases of ‘Drive-By’ infection, the website will have already been infected with malware that is ready to exploit vulnerabilities on visitors’ devices. |
How a cryptor attacks
It’s worth remembering that a cryptor can attack a wide range of devices, including:
- PCs
- Mac computers
- Android tablets and smartphones
- Remote Desktop (Terminal Servers)
Furthermore, if the device being attacked is also attached to a network drive – that enables sharing of corporate files – the shared files are also likely to be encrypted by the cryptor… regardless of which operating system the file server is running under.
Unfortunately, whatever device is being attacked, administrator rights are not required for most of the malicious actions that cryptors perform.
Despite the increase in ransomware attacks, a recent survey found that only 40% of companies consider ransomware to be a serious danger. |
How to protect your company
While ransomware attacks may have spiked, the tactics for preventing them are not new. It’s the same for all types of malware.
- Educate your employees on proper email protocol. Do not open ANY emails if you do not know the sender!
- Keep hardware and software patched and up-to-date, especially on your endpoints.
- And manage the access of your privileged (Admin) accounts.
That said, like malware, it’s nearly impossible to stop everything. Per the FBI, your best defence against this type of attack is having a strong backup policy. Not just backup. Backup Policy.
That means you:
- Regularly back up data. This is the simplest and most effective way to recover critical data.
- Secure your backups. That means storing them somewhere that is not connected to the original data, such as in the cloud or physically offline.
- Run recovery drills. The only way to know for sure if your system will work is to test it in real-life situations.
What to do when infected
- Disconnect from Networks (Cable & Wireless) immediately
- Call us on 021 914 3455
- Do not attempt to fix it yourself. Beware of ‘false remedies’ that may be promoted on the internet as these may only add to the problem. Some can even download additional Malware onto the network.
| Payments are requested in Bitcoins because they are untraceable. A typical ransom is equal to ½ Bitcoin, currently about $36 350 (Nov 2023). |
Cybercriminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers. |
Here is an example of a Ransomware screen:
References:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article