Ransomware: Complete Guide to Understanding Cyber Attacks

29 Oct 2020 by Michael Kriech

What is ransomware? How does it work? Why is it spreading? When it comes to cybersecurity, these are a few of the top questions that individuals, businesses, and governments have about this global cybersecurity threat.

The most frightening fact about ransomware attacks is that you never know who the next victim will be or when and it could be you. And in today’s digital world, preventing ransomware attacks can literally mean the difference between life and death.

In this article, I will define what ransomware is and how it works. I will uncover who is responsible for creating and spreading it. I will look at current trends and statistics behind ransomware attacks as well as examples. We will end by examining best-practices for preventing ransomware.

What is Ransomware?

What is ransomware? Ransomware is defined as a type of malware that encrypts victims’ files or folders. In order to decrypt the files and folders locked by ransomware, victims must pay a “ransom” to their attacker. In certain cases, victims can be locked out of applications and entire IT systems causing a significant disruption to their business or organization. What’s more, ransomware can spread from file-to-file and user-to-user.

Ransomware payments granting access to a secret key range from hundreds of dollars to thousands or even hundreds of thousands. These payments are typically made in the form of cryptocurrency payments. This includes privacy coins that are relatively untraceable such as Monero, ZCash, Verge, Dash, and others. In some cases, it may be Bitcoin payments, but it is well known that Bitcoin itself is now traceable unless using a cryptocurrency mixer (tumbler).

How Do You Know If You Have Ransomware?

How do you know if you are the victim of ransomware? You may not know until it is too late, and your files and folders are infected. However, you will know once it is obvious that your system has been infiltrated by ransomware.

In the typical scenario, a ransomware victim will try to open a file on their computer. They will receive a disturbing pop-up that tells them that their system has been encrypted and locked. Within the pop-up, there will be instructions for paying the ransom and accessing a secret key to decrypt the file. There is usually a countdown timer for making the payment to the attacker.

How Does Ransomware Work?

There are quite a few ways that ransomware can gain access to your computers and systems. However, the most common delivery method is phishing spam. This is where attachments are sent to the victim’s email, masquerading as a trustworthy document or file. As soon as you click, open, and download a file, the ransomware creates a backdoor to gain control of your computer and files.

Another method, which is more complex, exploits security holes to infect computers without having to trick the user into installing the ransomware. The best example of this type of ransomware is NotPetya.

There are a few courses that the malware may take while inside your computer. The most common action is of course to encrypt some or all of the victim’s files. However, other types of ransomware include doxware and leakware. This is where the attacker threatens to expose or publicize sensitive data on your hard drive unless the ransom is paid. This is far more complex and far less common than standard ransomware attacks.

Who Are Targets for Ransomware Attacks?

Are you a ransomware target? Hackers often attack victims that they feel are the most vulnerable to an attack and inclined to pay a ransom quickly. The majority of ransomware attacks seem to be targeted at schools and universities, government agencies, local governments, financial and healthcare industries. It is often the businesses and organizations that need immediate access to their files and systems.

It’s important to note that everyone is a potential target of ransomware. Just because you may not fit the categories mentioned above, does not mean that you will not be the next victim. There are some types of ransomware that spread automatically and indiscriminately attack victims over the internet.

Are Ransomware Attacks Increasing or Decreasing?

Are ransomware attacks increasing or decreasing? The simple answer is yes. According to a recent study, ransomware attacks have grown significantly over 2020 as hackers and cybercriminals look to cash in on new security vulnerabilities created by remote working and the pandemic.

The daily number of global ransomware attacks have increased by 50% over the past three months from July to October. Another startling fact is that the number of ransomware attacks in the United States has almost doubled. More ransomware attacks can be expected as adoption for remote working increases.

What Happens if You Get Ransomware?

What should you do if your computer is infected with ransomware? Is there anything you can do other than paying the ransom? Here are a few quick steps to eliminate ransomware from your computer.

  • Reboot your computer right away.
  • Run a scan of your system with antimalware software if you have it.
  • Purchase and install antimalware software if you do not have it.
  • Try restoring your computer to a previous restore point.

Keep in mind that most ransomware is sophisticated and cannot be removed using this method.

How to Avoid Ransomware?

How can you and your colleagues avoid ransomware attacks? There are several defensive actions that you can take to help limit your risk. Most of these measures are great cybersecurity practices and can help prevent other types of hacking attacks and data breaches.

  • Maintaining Operating System (OS) – It is critical that you have you make sure that your OS is up-to-date and that all security patches are installed. This will help make certain that there are fewer vulnerabilities to exploit.
  • IT Security Training & Education – IT security training, education, and procedures are perhaps one of the most important steps to preventing an attack. Make sure that your colleagues know not to install software or provide administrative privileges if they are unsure exactly what it is and who it is from.
  • Antivirus Software – Having antivirus software to scan incoming emails and attachments can block and provide warnings to users. It can also prevent unauthorized applications from executing through security procedures. Top Anti-Virus Software includes Bitdefender Antivirus, Norton AntiVirus, and Kaspersky Anti-Virus.
  • Desktop as a Service (DaaS) – For businesses and organizations that want additional control over their users, a cloud-based DaaS can help by providing centralized management and security. Cloud DaaS solutions include Dizzion Managed DaaS, AWS Workspaces, and Microsoft Windows Virtual Desktop.
  • Offsite Backup – Backing up your files, folders, and applications on a computer or server are important for disaster recovery and business continuity. This does not prevent attacks, but it may allow for continued operations. Cloud DRaaS solutions include Rackspace DR & Managed Backup, TierPoint DRaaS, Expedient DRaaS.

Ransomware Examples

Did you know that ransomware has been around since the 1990s? Here is a list of a few of the most recognizable ransomware attacks and versions out there today.

  • CryptoLocker (2013) – Infected up to 500,000 Machines
  • WannaCry – Spread Autonomously from Computer to Computer
  • SamSam (2015) – Targets Healthcare Industry
  • Locky (2016) – Attacks Banking Software Dridex
  • LethalLocker (2017) – Locks Android Home Screens on Mobile Devices
  • Wysiwye (2017) – Scans the Web for Open Remote Desktop Access
  • Cerber (2017) – Takes Advantage of Microsoft Vulnerabilities
  • GrndCrab – Most Successful Ransomware in History. Netted >$2 Billion Dollars
  • Thanos (2020) – Ransomware as a Service (RaaS). Skips Most Anti-Ransomware Methods.

Conclusion: No One is Safe from Ransomware

It can be easy to overlook cybersecurity threats like ransomware with the mindset that it will never happen to you. If you maintain the motto that “no one is safe from ransomware,” you will take the actions necessary to prevent it, shore up vulnerabilities, and limit your risk.

Ransomware is not going to go away. It is not going to become easier to detect and prevent. As antimalware companies release new products, hackers create new tools to get around detection and prevention. The financial incentive is just too great to ignore for the skilled hacker and programmers that build and distribute ransomware.

The best approach to preventing ransomware attacks is to stay vigilant. That means making sure that your OS is up-to-date and patched, your colleagues understand the threat and you have the right cybersecurity procedures and checks in place.

Want to learn more about cybersecurity hardening. Contact me to learn more about scheduling a free consultation with a cybersecurity expert at Datacenters.com. Our trained experts can provide you with penetration testing, vulnerability assessments, education, and training. They can help provide security monitoring services and software.

Author

Michael Kriech

Michael brings twenty-three plus years of IT and telecommunications experience to Datacenters.com. With a wide range of expertise, Michael assists his clients in determining the best solutions needed for their technology roadmap. As information technology infrastructure evolves, Michael continues to suggest and present comprehensive, stable, and scalable solutions. This helps clients take advantage of the best and latest technologies that support company objectives while freeing up time to concentrate on core competencies. With a passion for helping organizations meet their goals, Michael is willing to go the extra mile to support his clients. A Navy Veteran and proud husband and father, Michael and his wife (Jessica) spend their spare time raising puppies as a volunteer for Canine Companion for Independence (CCI).

Subscribe

Subscribe to Our Newsletter to Receive All Posts in Your Inbox!