What is ransomware? Ransomware, or ransom malware, is a type of malware that infects a device and prevents a user from accessing their system or files – demanding a ransom payment in order to regain access.
This simple definition, however, does not cover the complexity of ransomware, how it works, how to prevent ransomware attacks, or what to do if you fall victim. Information and actionable advice from Advantex, a leading cyber security provider in the UK, addresses the details no ransomware definition can cover.
See more Cyber Security definitions here.
How Does Ransomware Work? Anatomy of An Attack
Step 1: Infection
Ransomware spreads using a variety of strategies. Phishing emails are common sources of hidden ransomware. You receive a routine-looking email, open an attachment, or follow a link, and malware downloads to your device.
Drive-by downloading isn’t as targeted. You visit an infected website and ransomware is among the many types of malware you could be exposed to. Social media instant messaging has also been implicated in ransomware infections.
More recently, servers that have hidden vulnerabilities have been exploited as a means of gaining access to all users. For example, a hacker gains access to your business’s server and installs malware on all devices using it.
Step 2: Command and Control
If the malware is not yet able to control your server, it will connect with it and gain control of it. Now, it awaits instructions while harvesting credentials it can use to access accounts on the infected network.
Step 3: Finding Files to Encrypt or Remove
The ransomware attack is still underway and likely undetected. It searches for files on affected devices as well as any networks it has accessed. It steals or encrypts these files. Encryption means that information is scrambled so that it cannot be read or interpreted unless a user has access to the “key” that decodes it. Only the hacker has that key.
Step 4: The Ransom Demand
Now that all your important files are encrypted, it’s time for the ransom demand. Do not pay. There is no guarantee you’ll get your files back – but it is certain that you will reward a criminal in a transaction that rapidly becomes untraceable.
Types of Ransomware
Crypto Ransomware
Once your files are encrypted, the ransomware demands a payment, often in cryptocurrency, to get it back. If you pay, it’s easy to launder the money. Whether or not you regain access to your files, they have been compromised.
Leakware (Doxware)
Cybercriminals encrypt your files or present evidence that they’ve been stolen. Next, they threaten to leak your sensitive data if you fail to pay their ransom. Your data is not only encrypted but stolen, and you can be very sure that it will be leaked even if you pay the ransom.
Locker Ransomware
Using its access to your devices and network, screen locker ransomware prevents you from accessing your devices. There are ways around this, but your data may still be inaccessible once you’ve overcome the screen locker.
DDoS Ransomware
A botnet overwhelms your system making it unworkable. The acronym for this type of attack comes from the term “Distributed Denial of Service.” Provided the cybercriminals haven’t accessed your network and are only overloading it, a cyber security professional can stop the DDoS attack and your data will still be safe. However, DDoS attacks can camouflage other types of attacks, and your data may still be stolen or encrypted.
Ransomware as a Service (RaaS)
Just as you can buy legitimate Software as a Service (SaaS), some criminal organisations offer malware, including ransomware, as a service on the dark web. The people behind the ransomware exact a subscription charge from their customers or deduct a “commission” based on ransom payments received.
How to Prevent a Ransomware Attack
Your ransomware prevention strategy includes highly complex tasks that require technical expertise to implement. These include analysing and understanding your attack surface and secure configuration of assets. Reviewing remote desktop protocol (RDP) and server message block (SMB) port settings, closing unused ports and vetting hosting providers also fall into this category.
However, there are some simple steps you can take to reduce the chances of blocking a ransomware attack. These include:
Having Clear Cyber Security Policies and Training Employees
Some online behaviours are risky – and they can still seem routine to an uneducated user. Make sure that your employees know what they should and should not do online and coach them on how to avoid phishing attacks. Simulated attacks can provide a useful teaching tool.
Use Strong Cyber Security Software
Because many cybercriminals use complex social engineering strategies to encourage people (including you) to open the door to malware, this is not a catch-all solution. However, ransomware protection software can help to detect an attack and it can block or flag some of the more overt attacks your business encounters.
Access Control and Multi-Factor Authentication
Allow access to users on a need-to-know basis. You may trust them, but if their devices are compromised, you can limit the potential for damage. Keep access permissions up-to-date, monitor your systems for unusual activity, and implement multi-factor authentication for all log-ins. At the same time, limit the networks that can be used to access your data.
Update Systems and Software Regularly
Outdated systems and software are highly vulnerable. Update frequently and consider replacing outdated technologies with secure alternatives. In a similar vein, any applications that are no longer used should be removed.
Be Prepared: Early Detection, Emergency Response Planning, and Backups
Although none of these steps will prevent an attack from being launched, they can help you to stop it or, at the very least, limit damage. Invest in technologies and monitoring systems that spot problematic activity quickly, and have an emergency response in place. Back up your files securely so that your cyber security professionals can minimise disruption by reinstating your data.
What to Do if You Fall Victim to a Ransomware Attack
Unfortunately, there are no easy solutions to a Ransomware attack. Your list of actions includes:
Emergency Response
- Identifying and isolating all affected systems. Disconnect them from ethernet, WiFi, and Bluetooth to prevent lateral propagation.
- Discontinue maintenance tasks and disable automatic backups.
- Take a photograph of the ransom note to aid the investigation.
- Hibernate – and do not restart – affected devices.
- Notify your cyber security team.
Malware Eradication
- Determine and address the specific ransomware variant used in the attack
- Find the right decryption tool to make your data accessible again
Recovery
- Update system passwords and security
- Recover data from backups
- Conduct a security audit and update all systems based on its findings
- Review your incident response and strengthen your incident response plan
Reporting
- Inform all relevant stakeholders of what occurred
- Notify the authorities
- Comply with laws pertaining to data breaches (sensitive data may have been misappropriated)
Strengthening your Cyber Security With Advantex
Ransomware is only one of the many cyber threats UK businesses face. The British Chamber of Commerce warns that firms face an increasing cyber security risk. The UK government is also deeply concerned, noting that ransomware attacks are among the forms of cyber crime that are currently on the rise. Its case studies include reports of businesses that have declared insolvency as a direct result of cyber attacks.
A shortage of skilled cyber security professionals and a failure to recognise the magnitude of the threat are among the reasons why UK organisations, including government bodies, have become vulnerable to attack.
There is a simple solution, however. Advantex is an established technology company offering advanced cyber security services to small and large organisations in the UK. Our customers range from educational institutions to hospitality businesses, manufacturing concerns, and transportation providers.
Consult us today to discover how we can help you protect your organisation from cyber crime in all its forms.