How Does Ransomware Work? Know These Facts to Protect Your Business


How Does Ransomware Work

When you add up the total amount of money paid in extortion and lost productivity, ransomware costs organizations an estimated $75 billion a year. Seemingly no one is safe from these types of attacks. Hospitals, universities, large corporations, government agencies, and small- to medium-sized businesses have all been targeted by criminals looking to extort  money quickly and easily. Yet while most people are aware of ransomware, not many quite know how these attacks work, which makes it difficult for them to protect their organizations against this type of cyberthreat.

How does ransomware work?

For the most part, ransomware is spread through files attached to emails. This method of attack, known as phishing, tricks the recipient into opening the file containing the malware that exploits a vulnerability in the user’s system that allows it to install itself onto the victim’s computer. Sometimes, the email may contain a link that takes the recipient to an infected webpage that looks for exploitable software on the victim’s machine and takes advantage of the vulnerabilities.

Once it finds a way in, the ransomware begins encrypting all of the computer’s files, including documents, spreadsheets, images, and so on. Some variants lock the user out of the system entirely, and others are able to infect network-attached storage devices and even other network devices.

Learn how to protect your business by watching our webinar:  Next-Gen Threat Prevention—Anti-Ransomware & Advanced Sandboxing

Once the files or system is locked, a message is sent to the victim demanding a ransom to be paid. Once the ransom, which typically ranges from $200 to $1,000 in bitcoin, is paid, the victim is sent a decryption key that unlocks the encrypted device. Contrary to what some computer experts may tell you, the only way to unlock the encrypted files is with the decryption key, and that requires the victim to pay up.

What is the best ransomware protection?

According to Kevin Haley, director of Symantec’s Security Response, 64 percent of all victims of ransomware wound up paying the ransom. As long as criminals are able to continually make easy money from this type of attack, they will continue. With the ability to send millions of malicious emails a day, attackers are able to reach a large number of potential victims. So how is a company able to fight back? By using a few important facts to help protect against this threat.

Teach people what to do

One of the best methods of identifying potential attacks is to effectively train your staffers not only how to spot a threat, but also what to do when they find something suspicious. Though they may not stop all attacks, having someone report a possible threat early will certainly help control the damage.

Keep systems up to date

Like most cyberattacks, ransomware looks for vulnerabilities on your system and its software. Keeping your systems and the software that runs on them up to date can help prevent a number of attacks, including a ransomware infection. If system and software vulnerabilities have been patched by installing the latest updates, then the malware is denied these exploits and can’t install itself on the targeted systems.

However, new variants of ransomware are being created all the time. Just because you are protected against one strain doesn’t mean you are safe against all.

Have a solid backup and recovery solution in place

Some people have not taken the ransomware threat as seriously as they should. They may have heard that security researchers have been able to publish decryption keys for certain strains of ransomware. Unfortunately, most attackers are well aware of this and simply don’t use those variants. Another common belief is that if a computer is infected, you can rely on the shadow copies that Windows creates and simply restore your computer from them. The bad guys know this as well and make sure that their malware deletes these files so you can’t roll the computer back to an earlier state.

A solid backup and recovery solution will help if you have a computer, or computers, that are infected. Regular backups outside of the Windows ecosystem are not often infected with the ransomware when computers are hit. Therefore, your IT staffers can wipe the computer clean and rebuild it. From there, they can run the restore process and replace all the files that were included in the most recent backup. This is the only way to fix a system that has already been infected.

Ransomware continues to be a problem for all types of organizations. If your IT team is not prepared to provide you with the best ransomware protection, reach out to a managed security partner that can bring experience and expertise to work for you.

Cybersecurity Webinar