Ransomware is one of the greatest cyber security threats that organisations currently face. In recent years, it has been growing in size, scale and sophistication.
In 2018, 69% of companies were hit with a ransomware attack, and by the end of the year it’s expected to cost the world more than £8 billion in damages.
Ransomware is a type of malware that prevents users from accessing their system by encrypting files and then demanding a ransom in order for the system to be unlocked.
Cybercriminals will typically assign a deadline for the ransom to be paid, and if the deadline passes, the ransom payment will be doubled or the files permanently locked.
It has the potential to cause great damage to an organisation, as was evidenced in the 2017 WannaCry attack that affected more than 200,000 victims in 150 countries.
A ransomware attack can spread when the infected file is opened on a computer connected to the network. Once a device is connected, the attack will spread quickly through the network infecting all PCs.
The average cost of a ransomware attack in the UK is £30,000, although this just represents a small percentage of the damage that can be inflicted. Further costs can be incurred through:
- Loss of data
- Lost profits caused by downtime
- Cost of replacing compromised devices
- Reputational damage
- Recovery costs
- Investment into new security measures
- Potential legal penalties
- Employee training in response to attacks
How can Ransomware Infect Systems?
There are several different ways that ransomware can infect your computer. One of the most popular ways to attack organisations is through the use of malicious emails. The email will appear entirely legitimate and contain a link or attachment that once opened will deliver ransomware on to the system.
Another way that cybercriminals will deliver ransomware is through malicious websites. Cybercriminals may specifically create a website to spread a virus, or they may hack an existing website to deliver the ransomware. This enables the crooks to catch people who regularly visit the website off guard.
Types of Ransomware
Scareware
As the names implies, Scareware uses a range of scare tactics to trick the victim into paying a ransom. A common example of this is a pop message to update your security software. The message will claim that your PC is infected with a virus and that a payment is urgently needed to fix the problem. This attack method can vary in severity, users may be bombarded with pop up messages or their computer may fail to work at all.
Screen Lockers
Unlike other forms of ransomware that will prevent the user from accessing their data, screen locking ransomware will lock down the entire operating system, making it virtually impossible for the user to recover any of their data unless they pay a ransom. A typical example of this would be a full-sized message appearing on the user’s screen from an apparent law enforcement agency. The message warns that illegal activity has been detected on their computer and they must pay a fine in order for their files to be released.
Encrypting Ransomware
This is a particularly nasty form of ransomware and one of the hardest to recover from. Encrypting ransomware has been used in some of the world’s largest cyber attacks and it’s continuing to evolve as cybercriminals look at new ways of blending old and new variants to cause maximum damage.
Instead of denying the user access, it finds all the sensitive data, encrypts it, then demands payment in order for the data to be decrypted and restored. The reason this form of ransomware is so dangerous is because once the criminals get hold of your files, there is no way they can be restored unless you pay the ransom. Users are strongly advised never to pay a ransom as there is no guarantee that your files will ever be recovered and if anything, it makes you a prime target for future attacks.
To prevent computers being encrypted with ransomware, employees should follow the below guidelines:
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website – Check the site has been secured using HTTPS / Check for a website privacy policy /Use a website safety check tool such as Google safe browsing / Do a WHOIS look up to see who owns the website
- Pay close attention to the spelling of an email address, if there are any inconsistencies, delete immediately.
- Ignore and delete emails with poor grammar and formatting.
- Back up data on a regular basis.
- Never pay a ransom payment – There is no guarantee you will ever get your files back.
- Ensure that all applications and operating systems are up to date.
- Install the latest anti-virus software solutions on your work devices.
- Use strong passwords to reduce the chance of devices being hacked.
- Do not use public Wi-Fi to conduct any business activities.
Phishing is the number one cause of all cyber-attacks and continues to prove one of the easiest ways to steal valuable data and deliver ransomware. MetaPhish has been created to provide a powerful defence against these threats and enables organisations to find out just how susceptible their company is to phishing. Get in touch for further information on how MetaPhish can be used to protect your business.
