Your IT Department

Ransomware: What Is It and How Does It Work?

Ransomware is one of the biggest threats to business security. It’s a type of malware that denies you access to your data and files by locking your computer. A ransom is demanded, usually in bitcoin, for the release of your files. This is big business for cyber criminals. They can rake in billions each year as businesses feel that have no choice but to pay up.

This recent BBC article is a fascinating insight into how a ransomware attacker extracted a ransom of over $1m from a Californian University.

How does Ransomware get into your network?

USB drives might still be used, NEVER put a USB drive in your computer unless you know exactly where it has come from. However, that method of delivery is pretty old school and cyber criminals have far more efficient and effective delivery methods nowadays. Emails and compromised websites are the most common method of ransomware attacks today.

A single email is all that is required.

We are all so used to email as the main form of business communication it has become far too easy to get someone to click a link. Ransomware is hidden within legitimate looking emails. These can be difficult to spot, and employees can easily be tricked into clicking a link to a suspect website or opening an infected link.

A frustrated computer user. A ransomware attack locks your files leaving you unable to work.

Unfortunately, cyber criminals are now very, very good at faking emails. These can appear as enquiries from clients and customers, communications from suppliers and even internal emails from colleagues and managers. Ransomware will often be hidden within an attachment such as a PDF, Word document, invoice or report.

Infected Websites Are Not Always Obvious.

Cyber criminals will infect any web page that they can, so any less reputable site should be avoided. Unfortunately, it’s not as easy as just avoiding obviously ‘dodgy’ sites. Mainstream websites can also carry ransomware. The New York Times, The BBC and the MSN homepages have all accidently exposed visitors to ransomware through malicious ads.

What Happens During A Ransomware Attack?

As soon as ransomware is launched on your network it scans all local and connected drives, including connected backup devices such as a NAS, and encrypts the files. Within minutes everything is locked, from office files, to invoices and emails. Nothing is accessible, even to those with Admin rights. The victims will then receive a notification demanding a ransom to unlock the files. These will often contain instructions on how exactly the criminals want paying. The business is now in limbo until the situation can be resolved.

Cryptolocker screenshot - one of the most notorious ransomware programs.

There are options. Wiping the entire system and starting again is probably not practical for most. The best-case scenario is that you have a safe, external backup and you can wipe and restore. Cyber criminals have advanced strategies to defeat even this. Some ransomware sits on systems for months before it is executed, meaning it has been replicated to the backup. As soon as you restore, bang, you are hit again!

The final option is to pay the ransom and hope your files are unlocked. Unfortunately, in many cases the criminals take the money and run. Leaving you with an encrypted system and a hole in the bank account.

What can you do to prevent ransomware?

A multi-layered approach to cyber security provides the best defence against ransomware. Email filtering and Advanced Threat Protection, such as that supplied as part of the Security Essentials package we give to all our Managed Support clients, is a good start.

Real Time Email Protection steps up that protection, but staff are your weakest link AND first line of defence and so Phishing Simulation and Security Awareness training is a must!

Bullphish ID Phishing simulation and security awareness training. Training screenshot. Training is vital in your fight against Ransomware.

Finally as nothing can guarantee to prevent an attack, a quality back up solution should be in place and tested regularly.

There is no ‘silver bullet’ but improving you security, training your staff and backing up your data gives you the best chance to prevent, or recover from, a ransomware attack.

We offer a FREE Cyber Security Assessment, where we help identify the weaknesses in your defences and give you options to plug those gaps. Complete our Contact Form, call us on 0115 8220200 or schedule a call to book.

Bonus! FREE eBook

Find out if your business needs a cyber security assessment with our eBook ‘Does Your Business Need A Cyber Security Assessment