Office Hours: Mon-Fri, 8.30am-5pm

Ransomware Explained

June 1, 2023

Ransomware is an especially problematic form of malware that can wreak havoc on your personal or company data, effectively paralysing your entire operation in the process. In this article, we look closely at ransomware, including the specific way it works, several notable examples, and how you should approach this possibility.

 

What is Ransomware?

 

Cyber-criminals use ransomware to encrypt critical data on infected devices – this prevents the device’s owner from accessing it until they pay an extortionate fee. Companies across the world pay billions to these criminals in exchange for their own data, with many submitting to these demands so they can quickly regain access.

While there are other ways of decrypting the data, firms typically see this as too difficult or time-consuming. In most cases, the hacker threatens to delete these encrypted files forever after 24–48 hours; this places pressure on the company and discourages them from seeking professional help from cyber-security specialists.

As ransomware utilises asymmetric encryption, most files can only be unlocked by the private decryption key – which only the attacker has. Even after the victim has paid, they may not release the private key. This malware usually spreads via email or might be ‘injected’ directly into a target’s server.

Once the ransomware infiltrates the system, it plants malicious code in the form of a binary file. This seeks out important documents across various formats and intuitively encrypts them. Depending on the server’s general security strength, the ransomware could spread throughout the target firm and may even jump to others.

 

Types of Ransomware

 

Crypto Ransomware

This is the main type of ransomware, and broadly refers to attacks which encrypt sensitive data and demand a sum of money in return for a decryption key. As users can clearly see these files but cannot access them, panic could easily lead them to pay.

 

Locker Ransomware

Locker ransomware is similar but instead holds the entire machine hostage, stopping users from accessing any of a computer’s core functions. The only options available are to pay the attacker. As this does not ransom the computer’s files, they are usually safe from being permanently deleted.

 

Scareware

This ransomware typically poses as an antivirus checker, potentially in the form of a browser pop-up. It claims to have found malware on your device and asks you to pay in order to clean it. The warning might even direct you to download ransomware in the process.

 

Doxware

Instead of encrypting the information, doxware (or leakware) threatens to publicly release it; this could include private customer details or data on sensitive projects. This could have severe consequences for the company – and would potentially leave them open to legal action if the attackers leak confidential information.

 

How to Protect Your Business from Ransomware

 

The main way to protect yourself or your company from ransomware is to invest in cybersecurity which helps your system easily detect, quarantine, and remove malware as necessary. Update these solutions regularly, as hackers are always refining their techniques and discovering new security flaws which they can readily exploit.

Backup and recovery (especially any sensitive and important data) is another good pre-emptive strategy – this limits the damage of a hacker deleting your files. However, you should also have copies of the information off-site and outside the network to make sure they can remain free from ransomware.

It’s also useful to practise safe web browsing. If you run a business, you should also encourage your staff to be mindful of suspicious emails and take online internet safety courses. Most ransomware tactics rely upon social engineering, tricking people into acting a certain way or clicking unsafe links.

Insecure or public broadband networks could be a contributing factor towards ransomware; especially if there are team members working from home. Consider investing in a VPN that can keep the company’s connections secure, which is especially useful for home networks that might be remotely accessing the firm’s system.

 

Should you Pay the Ransom?

 

Though time is limited and these situations place immense pressure on the user or business, it’s important not to pay the ransom. There is no guarantee the attacker will give you a decryption key, and they could even demand monthly payments; paying also shows you’re an easy target.

If you suffer an attack, isolate any infected devices from the system – this gives you time to see which files are encrypted. Online tools can identify the specific ransomware and potentially provide a decryption key, though you should prepare for the possibility of the data being lost forever without backups.

 

Examples of Ransomware

 

Here are four well-known ransomware attacks:

 

Locky

The ‘Locky’ attack used infected email attachments as part of a phishing scam in 2016. Users who downloaded the attachment and enabled macros as instructed would inadvertently download a Trojan that encrypted their files. This soon affected schools, hospitals, and other organisations across over 100 countries.

 

Bad Rabbit

‘Bad Rabbit’ first appeared in October 2017 throughout Russia and Ukraine, and seemingly masqueraded as an Adobe Flash update. By traversing corporate network structures and performing a series of drive-by attacks on compromised websites, the Bad Rabbit ransomware was able to reach many more countries.

 

WannaCry

This attack occurred in May 2017 and used a Windows exploit, developed by the NSA, to encrypt sensitive data in over 300,000 machines worldwide. In the United Kingdom alone, this attack cost the National Health Service around £92 million and impacted 1/3rd of the organisation’s hospitals.

 

LockBit Black

Introduced in June 2022 as a new iteration of LockBit, this doxware uses undocumented Windows functions in conjunction with its own protections to avoid thorough analysis. The group behind LockBit leaks the data of its non-paying victims, making it easily searchable for any unscrupulous parties.

 

Conclusion

 

Navigating the topic of ransomware is usually stressful, but protecting your software and servers and making sure everybody practises safe browsing could go a long way towards protecting your company. Cyber-criminals are developing new tactics every day and the only certain way to resist ransomware is to stay on top of your cyber-security.

 

Why Choose Eventura as your Cybersecurity Partner?

 

With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.

We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.

There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.

If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.

You May Also Like…