IT & Network Security: Ransomware Explained

In today’s digital age, crime has been taken to a whole new level. One of the most crippling attacks is ransomware. Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it. 

Ransomware attacks are occurring more often than ever before and can cost companies thousands of dollars to recover. Most recently, companies in the US, Europe, Russia and China were hit by WannaCry and Petya, the largest global ransomware attacks to date.

Ransomware traditionally works as a Trojan, a type of malware that isn’t self-replicating and tricks users by appearing ordinary or useful. It is a type of computer infection that essentially locks you out of your data until you pay a ransom fee. In other words, it doesn’t appear malicious at a first glance. Types of ransomware include Reveton, Cryptowall, Cryptolocker, and TorrentLocker, among others.

Ransomware first appeared in 1989 (the PC Cyborg Trojan), but its use began increasing drastically in 2005. Today, it is a hot topic for IT engineers and business professionals alike, and attacks are found worldwide.

Source: Barkley

How Ransomware Works

Think about traditional criminals who kidnap a person or steal a prized possession. Some leave ransom notes or demand some type of payment in exchange for returning the person or thing they stole originally. Essentially hackers use ransomware to do the same thing. A hacker uses ransomware to restrict access to data stored on your phone, tablet, or computer, and then wants you to pay a fee to enable access once again. The data is encrypted using a strong encryption algorithm that can’t be broken without the right key. They could hold valuable business-related documents or browser capabilities hostage until you pay the ransom (the key to decrypt the data).

Beware though. Just like the traditional crime/ransom situation, a hacker may not always give you access to your device again just because you paid the ransom. So don’t do it.

Source: Kaspersky

How Your Device Becomes Infected

Hackers create various types of ransomware that prey on end users both in business and personal settings. These users inadvertently download ransomware by clicking on email attachments or through websites that have been infected. Commonly the software is named something like “Antivirus 2017,” or something that sounds legitimate. In reality, it coerces people to buy the fake antivirus software to clean their computer.

Once your device has been disabled or locked in some way, the hackers then use one of a few scenarios to extort money from users. They may claim they are a law enforcement agency and accuse you of downloading illegal content, before administering a ‘fine’ to pay for the violation. Or they may say your Windows installation is counterfeit and needs to be activated. They may say your security software is out of date or not functioning properly.

By the end of the year, global ransomware damages are predicted to exceed $5 billion. This is 15 times the damage in 2015 costing around $325 million.

Know How to Prevent Ransomware Attacks

If you fall victim to a ransomware attack and your data is encrypted, you’ll likely need to restore from your most recent backup to regain access to the data stored on your phone, tablet, or PC. Use security software, clean your disk drive, or reboot your phone in Safe Mode. McAfee, the world’s largest dedicated security technology company, suggests the following tips to prevent ransomware attacks:

• Back up your files - This will enable you to wipe your disk drive and then restore your data using your backed up files.
• Use caution - Don’t click on links or open attachments from people you don’t know. Remember, ransomware may look completely harmless – appearing as a PDF or Excel document with the extension hidden.
• Use web filtering (web advisor) - Ransomware spreads via malicious websites. Web filtering can help with that.
• Install comprehensive security software - Make sure you use a comprehensive IT security suite to protect all devices connected to your business – including phones and tablets.

Remember that network security is a top priority for businesses, and every business has specific needs as they relate to security and protection. Talk to Apogee IT Services if you have questions about protecting your business. It’s always better to protect and prevent, rather than manage a crisis later.

If you would like to do a little research on your own, our Comprehensive Guide to Managed Services will give you a better idea of how a managed service provider fits with your business.