What is ransomware?
Ransomware is defined as a type of malicious software, solely designed to block access to a computer system until a sum of money is paid.
So how exactly does a ransomware attack work?
A ransomware attack is usually delivered via an email attachment, either a document, archive or an image. When the attachment is opened, the malware is released to the user's system. Cybercriminals may also plant the malware on websites. When an individual visits the website unknowingly, the malware is released onto the system.
The infection may not immediately be apparent to the user. The malware can operate covertly in the background until the system is deployed. When deployed a dialogue box will appear telling the user the data has been locked and demands a ransom to unlock it again. By this point it’s too late to save your information, even with security methods.
Types of ransomware
Unsurprisingly, encryption Ransomware encrypts personal files and folders. Once encrypted the affected files are deleted, and users are usually presented with a text file with instructions for payment in within the same folder as the now-inaccessible files. The issue might only be discovered when the user tries to open files.
Most forms of encryption software show a ‘lock screen'; below is an example from a computer infected with WannaCry ransomware:
Lock Screen Ransomware — WinLocker
As the name may suggest this type of ransomware locks the computer's screen and demands payment. The lock consists of an image that blocks the whole screen blocking all windows, however, this type of ransomware does not encrypt personal files.
Master Boot Record (MBR) Ransomware
The Master Boot Record (MBR) is the area of the computer's hard drive that enables the OS to boot up.
MBR ransomware changes the computer's MBR interrupting the normal boot up process, instead of starting normally a ransom demand is displayed on the screen.
Ransomware encrypting web servers
It targets webservers and encrypts several of the files on it. Known vulnerabilities in the Content Management Systems tend to be used to deploy ransomware on web services.
Should I pay?
As in the offline world, paying ransom is never recommended, simply because it doesn't guarantee a remedy to the problem. Additionally, there are various issues that can go wrong even if you are given the key to unlock your files. For example, bugs or coding errors in the malware that renders the encrypted data completely unrecoverable.
Furthermore, if the ransom is paid, it proves to the cybercriminals that ransomware is effective. Consequently, cybercriminals will continue their activity and search for new methods to exploit systems that end in more infections and additional money into their accounts.
How to avoid a ransomware attack?
No ransomware is completely avoidable, however there are prevention and recovery tactics that will reduce the damage of an attack:
1. Using a robust antivirus software to safeguard your system from ransomware is always your first port of call. Don't employ multiple solutions or switch off the ‘heuristic functions' - these help the solution to catch types of ransomware which have not yet been formally detected.
2. You’ve heard it before – but ensure you have multiple backups. It is recommendable to back-up two copies: one that’s stored on the cloud and the other stored physically, disconnecting these from your computer when the back-up process is complete. Having a recovery system in place will reduce the impact a ransomware infection has on your business, minimising downtime and getting you back up and running.
3. Keep all the software on your PC up-to-date. Whenever your OS (operating system) or applications release a new version, install it; they will often contain patches for known system vulnerabilities that cybercriminals will be trying to exploit. And if the software offers the possibility of automatic updating, take it.
4. Don't assume email content is safe, because of who's sent it. Anyone’s account can be compromised, so it's possible to receive emails with malicious links from any colleagues or customers, even very senior executives - be aware and don't click if it seems suspect.
5. Never open attachments in emails from someone you don't know. Cybercriminals often distribute fake email messages that look like email notifications from a store, bank, law enforcement, a court or even a tax collection agency, luring recipients into clicking malicious link and releasing the malware onto their system.
6. Enable the ‘Show file extensions' option in the Windows settings of your computer. Enabling the you to identify potentially malicious files. Steer clear of file extensions like ‘.exe ', ‘.vbs' and ‘.scr '. Scammers may use several extensions to disguise a malicious file as a movie, photo, or document.
7. Have a plan in place which outlines the process for handling a cyber security breach - it would include who to notify once it's dicovered and who will be responsible for each stage of the process: containing, mitigating and then clean-up. This enables your business to react quickly, and minimise the damage.