Insights

Ransomware, what is it?

Ever wondered what all the ransomware fuss is about? You may have read about it in an article or seen a pop-up on your device warning of a ransomware attack.

In 2017, businesses fell victim to ransomware attacks every 40 seconds. In 2019, this figure shifted to just 14 seconds and it could sit at the 11 seconds mark by the end of 2020.

Ransom malware, or ransomware, is one of the most prevalent variants of a cyber-attack, often delivering more impact and disruption to the victim/ business than many others. This malware prevents users from accessing their system or personal files and demands a ransom pay-out in exchange for regained access.

Ransomware features in the majority of headline-grabbing cyber-attack stories, a recent one involving the attack against foreign security specialists, Travelex. The company was held ransom by hackers, forced to stop operating online and turn off all computer systems across thousands of sites. Their website had to be taken down across 30 countries in attempts to contain the virus and protect confidential data. The firm was allegedly forced to pay $2.3 million in ransom to regain the files, unsurprisingly this was a key contributor to the company falling into administration in August 2020.

The principle of a ransomware attack is simple, hackers hold businesses ransom by encrypting their data so they can no longer make use of it, and in some cases extracting the data to sell illegally.

How does it work?

There are numerous different ways ransomware can infect your computer. One of the most common methods today is through malicious spam, typically an email which masquerade as someone or something you trust.  As this appears legitimate, a link or attachment on this email is clicked or opened and the attacker can now access your device.

The malicious spam uses social engineering to trick people into opening attachments or clicking on links. Cyber criminals use this engineering method in various different types of ransomware attacks, common ones include posing as the NHS or UK Government and scaring users into opening attachments or sending payment.

Another popular method, is “malvertising”, or malicious advertising, which is the use of online advertising to distribute malware with little or no user interaction required. While browsing the web and even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalogue details about the victim’s device and their location and then choose the best malware suited to deliver the attack, which is often in the form of ransomware.

Malvertising regularly uses an invisible webpage element to do its work, this redirects users to an infected landing page where malicious code attacks the system. All this happens without the user’s knowledge, which is why it is often referred to as “drive-by-download”.

“Huge bird eats man alive!” Have I got your attention? What if I posted a link to a video on the ordeal? You might be tempted to click it and you would not be the only one. This clickbait approach capitalises on the innately human desire to look when driving past an accident on the side of the road. Cyber criminals use this method as a means to attack. So, beware of any adverts promoting overly graphic natural disasters or freak accidents!

Who is a target?

The short answer to this question is everyone: every small business, midsized company, enterprise, and organisation.

A hacker’s ultimate goal is to gain access to an organisation’s network and all the data within it.

The long answer is slightly more complex. Your vulnerability to a ransomware attack depends upon how attractive your data is to criminal hackers and how prepared you are to respond. For example, a government or a medical facility who need immediate access to their files may be more attractive for hackers as they are more likely to pay a ransom quickly.

How can you protect your business?

Be prepared.

If you have never been hit it does not mean that it will not happen.

Ransomware can retrieve and destroy any data on a network, including data backups. An attack can also damage your business’s reputation, which takes years to build and only minutes to destroy.

You must secure your business network. There are a number of steps you can take to prevent a ransomware attack. The following steps are excellent security practises in general, so following them improves your defences from a number of different cyber-attacks.

  • Next Generation Firewalls
    These give you visibility, control and protection of the traffic flowing through your network, even if it is encrypted.
  • Anti-Virus
    Using a number of efficacious anti-virus products, will provide your business with robust protection against evolving cyber threats and viruses.
  • Email Security
    Installing effective email security solutions will provide protection against all external email threats. As phishing scams are one of the most successful forms of hacking, this is essential.
  • Air-gapped Cloud Backups
    Lost or compromised data needs retrieving quickly and with minimal downtime. The best method to recover such data is from a backup. However, it is vital to keep a backup away from your network, such as in the cloud. This is because malware and ransomware attacks can destroy data on a network it gains access to.

    Our cloud backup solution makes it impossible for the hacker to interfere or delete cloud backups, ensuring your cloud copy is always safe.

  • Software Restriction Policies
    This is a feature that identifies software programs running on computers in a domain and controls the ability of those programs to run. SRP ultimately prevents ransomware doing any damage by blocking dangerous applications. The below message will pop up when trying to run an unauthorised application:

  • Training and awareness
    It is important to keep your employees up-to-date and trained on cyber threats and how to identify malicious content.

razorblue offers leading cybersecurity protection and prevention solutions. Protecting against all external and internal threats to safeguard your business.

If you have any concerns over the security of your business, please get in touch.