What is a Ransomware and How Does it work?
The definition of ransomware is in the name itself.
It’s a malware that holds a person’s or company’s data hostage until they pay a ransom amount to gain access to it.
You can become infected by some of the below ways:
- A malicious link in an email message
- Clicking links on Infected websites
- Fake apps
- Malicious ads, or Malvertising
Once your machine is infected, ransomware can encrypt all forms of files, from documents to photos to videos. It can encrypt your data (with or without a key), lock you out of your operating system, and also spread to other computers on your network.
To get your data back, the hackers usually request payment in Bitcoin because it’s harder to trace and follow this form of money.
Another feature of ransomware is that you’ll be given a short time-limit to pay the ransom or risk losing your data forever.
Some Ransomware stats to note:
- Ransomware shuts down 1 in 5 small businesses after it hits
- Ransomware hit one third of small-to-medium businesses worldwide last year, and experts say the “human factor” was often to blame.
- Ransomware has become a popular form of attack in recent years growing 350% in 2018.
- Small businesses, which account for 43% of all cyber attacks, make for the perfect target as they often can’t afford the investments into security.
- 20% of Ransomware Victims Are Small and Medium Businesses
To help you better protect yourself; let’s understand the ransomeware by looking at some common forms.
- WannaCry
WannaCry is the ransomware that wrecked havoc across the world in May of 2017 by infecting over 200,000 computers in 150 countries. It works the same as most other types of ransomware by encrypting your data, giving you a “ransom note” and a time limit to pay the ransom. - UIWIX
UIWIX uses the same SMB vulnerability that WannaCry used (EternalBlue) to infect systems, propagate itself within networks, and scan the internet to infect more victims. - Petya
Petya is a unique form of ransomware in that it doesn’t encrypt files on a system one by one. Instead, it reboots computers and encrypts the master file table (MFT), rendering the master boot record (MBR) inoperable. This leaves the computer unable to boot up until the victim pays for the ransom note which will be displayed on the screen in place of the computer’s MBR. - Cerber
Cerber is notorious for being distributed in malicious links through email. The link leads to a hacker controlled Dropbox account which opens a self-extracting archive that then takes over your machine. - CryptoWall
Cryptowall has already advanced from version 3.0 to 4.0, and it’s extremely dangerous. They are continually enhancing their code to make it more effective and profitable. They’ve developed numerous social engineering tactics to pressure their victims to pay the ransom in most cases.
5 Ways to Protect Against Ransomware
Backup Everything, Every day
If you backup all your data, every day, then when an attacker asks for a ransom of $10,000 you can rest easy knowing all that data they just locked down or destroyed is safe on another server or another hard drive that they can’t touch.
However, you should know how to backup your data correctly.
If you backup your data to an external hard drive, only connect the hard drive when backing up your data, then immediately disconnect it.
Just Say No—To Suspicious Emails and Links
Screen Your Emails and Don’t Click Suspicious Links or Ads. Learning to prevent phishing is one of the most important ways to protect yourself from a ransomware attack since most ransomware is distributed through email these days.
Also, malvertising, or malicious links embedded into ads, is another way you can become infected with ransomware as we’ve mentioned earlier in the article.
Watch out for business email compromise, don’t click ads, and stay vigilant.
Install an updated Antivirus Firewall & Anti-Malware
Choosing a firewall to protect against ransomware is essential, but it can be challenging.
There are many firewalls on the market, and none of them can guarantee 100% safety, but they will certainly protect you more than not having one. Choose a firewall that matches your budget and network use, and then move on to training your employees proper IT security.
Along with an antivirus, also use an effective anti-malware, which can help remove all unwanted hidden malware software i your system, which anti-virus scanners cannot detect and clean.
Some suggested ones:
- Anti Virus – Avast, AVG, Avira
- Anti-Malware – Malwarebytes.org, Adaware
Apply Latest Security Patches to All of Your Applications
All cyberattacks and hacking attempts try to exploit vulnerabilities within your operating sytem, softwares or third-party plug-ins and apps
Keeping your system and softwares updated with latest patches helps to prevent hackers from entering your machines through loopholes in your installed software.
Restrict users’ ability (permissions) to install and run unwanted software applications
And apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
.
Got an Infection? Disconnect Immediately
A disaster recovery plan (DRP) can help you spring into action during a whole host of different emergencies, from hackers to hailstorms.
Here are some steps you might include in a DRP for a ransomware attack:
- Shut down most of the organization’s network immediately to prevent infection from spreading.
- Shut down Wi-Fi and Bluetooth right away.
- Delete all the infected files and restore the new ones using your backup.
- Scan all systems once before going back online
Being careful and vigilant goes a long way in safeguarding against ramsomware, but if you do get infected, above steps might come in handy.
