What Is a Ransomware Attack?

Daniel Tobok
E: daniel@cytelligence.com
Posted on: March 20, 2019

Ransomware attacks are growing in incidence with every passing year as hackers and cybercriminals find new ways to exploit and hijack networks. Understanding what a ransomware attack is, the implications it can have on an organization or company, and the best ways to prevent them is important for enhancing cyber security. What is ransomware, how can it affect your company, and how difficult is ransomware removal? You might be surprised to find out.

What Is Ransomware?

Ransomware falls under the broad category of malware, which defines malicious software that infects and sometimes even takes over computer systems. Ransomware is more specific in that it actually threatens users by denying them with access to data – or even threatens to destroy data forever – unless the user or organization pays a ransom. In exchange for the ransom, the cybercriminal promises to restore data access, but more often than not, this never occurs. Typically, computers infected with ransomware will display screens telling users how to get a decryption key or code via payment.

The ransom can vary significantly. Criminals may infect personal computers and ask for a few hundred dollars in exchange for the decryption key, but when organizations are targeted by ransomware, the ransom could be thousands, tens of thousands, or even millions of dollars. In this case, criminals may ask for payment in a cybercurrency called Bitcoin, which allows them to maintain their anonymity.

How Do Ransomware Attacks Occur?

There are a few different ways criminals can put ransomware on a computer. Part of answering “what is ransomware?” involves taking a look at the methods used to infect networks.

  • PhishingPhishing emails are growing in popularity. Essentially, they are designed to look like emails from popular companies or financial institutions that ask the recipient to take an immediate action of some kind. Unfortunately, these emails often contain attachments with a ransomware virus or a link to a virus-infected web address. This method is most commonly used to trick everyday consumers.
  • Vulnerability Exploitation – More sophisticated forms of ransomware require no trickery at all; instead, they are designed to penetrate existing vulnerabilities in a network, often without the network administrators’ or users’ knowledge.
  • Torrents and Downloads – It’s also possible for ransomware to be included in torrent files that are commonly downloaded in filesharing applications.

What Does Ransomware Do Inside a Computer?

Once the ransomware enters a computer or system, it can do one of several things. Most commonly, it will encrypt files either on a single computer or across a network, denying access to them until the ransom has been paid. The malware uses numerous encryption methods, but despite the method being used, a very specific alphanumeric key is required to regain access to the data. After the files and data have been successfully encrypted, one or more users will see a message on-screen advising them that their files have been locked.

These messages typically list a sum of money that must be paid in order to access the key, and in most cases, the criminals require Bitcoin payments to prevent their identities from being traced. Rarely, the cybercriminal might claim to work with a government agency, and in this case, the encryption may be blamed on the presence of some form of illegal data or pirated software. The ransom may be referred to as a “fee” or “fine” in this case. Finally, there’s another form of ransomware that is even rarer. This is known as leakware, and in this case, the criminal threatens to publicize photos or videos unless the owner pays the ransom

The Trouble with Paying the Ransom

Individuals and companies alike often feel a great deal of anxiety when confronted with ransomware, and many will simply attempt to pay the ransom to make the problem go away. Unfortunately, this can cause more problems than it solves. Most of the time, access to data is never restored once the ransom is paid, leaving the victim out not only his or her data, but also a great deal of money. What’s more, even if the ransom does grant the victim access to a decryption key, this does not take care of the original security vulnerability that allowed the ransomware attack in the first place. As a result, that individual or company will likely become a repeat target.

Who Can Get Ransomware?

Anyone can be a victim of ransomware attacks. For the criminals, it’s all about opportunity. If they see a vulnerability, they simply exploit it and hope for payment. Many criminals will target companies and organizations they feel will simply pay the ransom quickly to regain access to their files, and still others develop very specific leakware to infect organizations known for maintaining sensitive data, such as law firms and even government entities. If there is an opportunity to earn a profit, and if there is a vulnerability within a network, ransomware is a possibility.

How to Protect Against Ransomware

The good news is that there are many ransomware protection measures you can put into place to prevent yourself from becoming a victim, whether you are a consumer or the owner of a large organization. If you’re interested in learning how to prevent ransomware, follow this advice.

  • Update your operating system. Operating systems are updated regularly to help fix vulnerabilities, so if you have updates turned off or if your updates are behind, your system is far more vulnerable to ransomware.
  • Be careful when installing software. Make sure you know exactly what you’re installing and who created it beforehand, especially if you are giving it administrative privileges.
  • Use antivirus and malware protection software. These types of software can help stop ransomware attacks before they start, but only when you keep them up-to-date.
  • Utilize backups. The best thing you can do is back up your data regularly. Though it can’t stop a ransomware attack, it will ensure that you don’t lose access to all of your data.

Ransomware is a significant threat but learning more about it and how to prevent it can help individuals and organizations stay safe. If ransomware has taken over your computer, it’s important to contact a professional to learn more about potentially restoring your data or, at the very least, taking control of your machine and patching any security vulnerabilities.