What You Need to Know About Ransomware

The incidence of ransomware is increasing across the UK. The latest report from the Office for National Statistics (ONS) showed cybercrime up 63 percent, mostly driven by a massive rise in ransomware.

Ransomware is a relatively new variant of cyber attack used by criminals who see cyber crime as a lucrative way to commit theft, fraud and other offences from the safety of a keyboard.

“Law enforcement and other agencies have been involved in shutting ransomware sites down,” writes Jeremy Green, Senior Cyber Security Instructor at Firebrand Training and Special Constable with UK Police. “On occasion, law enforcement will even upload their own malicious payload to hack the hackers and gather intelligence about the criminals to prevent further attacks.”

But law enforcement can only do so much to prevent ransomware – it’s ultimately the responsibility of businesses and consumers to protect themselves. So what is this threat, and how can you protect yourself and your business?

What is Ransomware?

Ransomware is a type of malicious software that holds users at “ransom” with the threat of destruction of precious data or other harmful activities. Put simply: pay up or lose access to your data.

“Think of the panic that would set in if your entire business lost access to sensitive customer data or your website database. Ransomware could render your data completely inaccessible until you pay up or eliminate the infection,” says Jeremy. It can even lock up internet-connected machinery, like printing presses – completely preventing some businesses from operating.

And ransomware doesn’t just target businesses. Upon falling victim, you could permanently lose access to your personal data, from cherished photographs to the presentation you’re writing.

How Does It Work?

There are a number of routes ransomware can take to access your computer. “Typically an individual installs the malware while installing what they think is a legitimate piece of software,” says Jeremy.

The most common delivery system is phishing spam – malicious attachments in spam email, often disguised as a trustworthy file.

High-profile targets, like C-suite level employees, may find themselves the victim of spear phishing. Like phishing, spear phishing involves email-spoofing but in a highly targeted way. Spear phishing victims are not typically attacked at random but are instead the result of targeted campaigns: emails can appear to come from well-known companies or even colleagues.

Once a ransomware-infected file is downloaded and opened, ransomware will take over the victim’s computer.

Depending on the variant of ransomware, victims will be locked out of their computer or, more commonly, their files will become encrypted. Once encrypted, files can only be decrypted with a mathematical key known by the attacker.

A message will then be presented, explaining to the victim that their files are now inaccessible and will only be decrypted if they send an untraceable payment to the attacker.

What Can You Do If You’re Infected?

Any number of files can be locked by ransomware, making them unusable until they’re decrypted – either by using a decryption tool, or paying the attackers and hoping they unlock your files.

Some ransomware can be removed through the use of standard antivirus tools like AVAST, Kaspersky, AVG, Trend, McAfee and Cryptolocker. These tools will function by scanning your files and removing the malware itself, which in some cases may fix the issue.

However, there’s no guarantee these tools will return the files. If the data is unrecoverable, the victim may be able to revert to a backup. For businesses, such a large recovery may take days.

Even for victims that are inclined to pay the ransom, there’s no guarantee the attackers will decrypt your files.

How Can Businesses Prevent It?

Prevention is the best strategy when reducing the risk of ransomware – once you’re infected, it’s often too late. For consumers, awareness of basic cyber security principles, and a healthy scepticism for email phishing scams is key.

“As a business, make sure your systems restrict employees from opening executable files. You’re only as strong as your weakest link and ransomware scams could target anyone in your company” says Jeremy.

Next, set up a whitelist on all corporate devices to only allow the installation of approved applications. It’s also recommended to require an administrator password to install any application or plugin and block access to USB ports on company machines unless access is required. Backing-up your business databases and files is also crucial as you may not be able to recover your data.

Staff training and awareness is critical to preventing most cyber attacks. “Consider having IT staff trained to understand and counter threats through courses like CompTIA’s Security+ and EC-Council’s Certified Ethical Hacker,” adds Jeremy.

The Security+ certification will provide staff with an awareness of ransomware and the most common attack vectors.

Alternatively, the Certified Ethical Hacker certification enables staff to think like cyber criminals by learning how to use hacking tools. With a deeper understanding of how ransomware tools work, IT staff will be able to better prevent attacks and respond to the ones that do slip through.

Alex Bennett is a technical writer for Firebrand Training. Working at the forefront of the digital skills industry, Alex uses his insider knowledge to write regularly on cybersecurity, cloud and networking.


Related Posts

Post a Comment

Your email address will not be published.