RANSOMWARE | 6 MIN READ
Ransomware is the modern day mobster, allowing hackers to shake innocent victims down for their money with no remorse. You've probably seen major news outlets covering stories about it for years, but what exactly is ransomware? Read more to find out.
Not enough time? Jump to:
What Is Ransomware?
Ransomware is exactly what it sounds like –a form of malware (also known as malicious software) that encrypts personal or company data and holds it for ransom. Hackers then will threaten to publish, destroy or sell the information on the dark web if their monetary demands are not met.
If that doesn’t scare you, this might - from 2014-2018, the Internet Crime Complaint Center reported $7.45 billion in losses to Internet scams like ransomware. As more businesses move their operations and data online, they leave themselves susceptible to an attack.
Conducting ransomware attacks is a lucrative business for hackers − sometimes so lucrative that their victims, many of which are businesses, shut down after being drained of too much money or losing too many valuable files.
How Does a Ransomware Attack Work?
Ransomware is typically spread through a phishing scheme. Phishing is the fraudulent practice of calling victims or sending emails posing as a reputable entity - usually a financial institution - to encourage a victim to willingly reveal their personal or company’s information.
A hacker lays the groundwork for a ransomware attack by creating a phishing email that is designed to look identical to the company it is mis-representing. The email contains a link, and from there one of two scenarios can happen. The first scenario involves the email link directing a user to a “secure” web page that will then ask for personal login information.
Once this information is provided, the hacker uses it to gain entry to a computer system, infect it with ransomware, wait for the ransomware to encrypt all valuable documents, and then hold them for ransom.
The second scenario involves the email link leading a victim to a download. Sometimes, this link downloads a Trojan virus onto a computer, which opens a virtual door that a hacker can use to infect a system with ransomware.
Other times, the link downloads ransomware directly onto a computer. Once the ransomware gains entry to a system, then it encrypts all valuable files and holds them for ransom.
Though there are a few different ways that a ransomware attack can be set in motion, once a hacker encrypts your files, it can be almost impossible to de-crypt them unless you pay.
This is when victims become conflicted between deciding to pay the ransom, which doesn't guarantee that the hacker will release your files, or opting to try to de-crypt their files themselves without paying the ransom, which could prove to be fruitless. Industry experts offer mixed advice, but some suggest that paying the ransom can work in select scenarios.
How Can I Prevent a Ransomware Attack?
Though you cannot fully prevent a ransomware attack, taking some of the tips listed below into consideration can greatly reduce your chances of becoming a victim.
Know How to Spot a Phishing Attack
If you can spot a phishing attack before it happens, you can usually stop a ransomware attack in its tracks. While computers are designed to not make mistakes, hackers know that humans are prone to errors. That is why they exploit human error to gain access to a network and deploy ransomware.
Phishing emails can either contain an enticing offer, such as "Click this link for a limited time deal!" or can be faked to resemble a legitimate company. For instance, a hacker posing as Google could email a victim telling them to click a link to update their email storage.
Always be wary of emails from people you don't know telling you to click a link. If you want to see if an email is a phishing email, you can look at the address that the email is from. For instance, a phishing email posing as Facebook that has the email address "email@example.com" is probably a fake address.
Make sure that the address is spelled correctly too with no character substitutions. While an address from "@google.com" might be legitimate, an email from "@go0gle.com" is probably a phishing attempt.
In general, most legitimate emails don't ask you to click a link to validate or update information, so your internal warning signals should flash as soon as you see this. If you feel suspicious about an email, try calling the company to confirm the email's details before clicking any links.
Strengthen and Protect Your Passwords
Weak passwords are one of the easiest ways to open the door to hackers and let them enter your network to deploy ransomware. Consider strengthening your passwords and protecting where they're stored to better leverage your cyber security infrastructure.
A main focus of any password policy should be to limit how much you write down your passwords, whether they're on a sticky note, an Excel spreadsheet, or in the Notes app on your phone. Writing a password down anywhere leaves it susceptible to being found by hackers.
Consider changing passwords every six months and creating passwords that don't use easy-to-find information such as birthdays or your children's names. When creating a password, make sure it's long and complex.
Additionally, install two-factor authentication on your devices if possible, seeing as it's a widely used secure method of protecting accounts.
Stay Current with Security Patches and Software Updates
While strengthening your passwords is a great method to further secure your network and keep hackers out, many people forget or push off updating their anti-virus software or upgrading their firewall.
While we know this process can be a nuisance, every day that you wait to update the different components of your cyber security infrastructure after new versions emerge leaves you more vulnerable to ransomware attacks.
If you are able to, enable auto-updates on all security software and schedule any updates for late at night when you're not using your computer.
Consider Managed IT Services
If you are a business, you might not have the time to institute all these changes, especially if you only have an in-house IT manager or another employee managing your cyber security.
Managed IT services can help put all of the above suggestions and more into action. Managed IT services layers your cyber security infrastructure and then employs a team of IT experts to address any threats or issues that pop up.
They can conduct phishing tests to find employees who fall for phishing traps, and then educate those employees on how to recognize and avoid phishing attacks.
Managed IT services can also help you create a password policy and role-based security that works for your business too. In the event that a ransomware attack happens or your network goes down, they can reduce downtime by quickly recovering data due to their use of frequent and secure backups.
If you wait until you're the victim of a ransomware attack to improve your cyber security, then you're already too late.
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.