Ransomware is a type of malware (malevolent software) that disables systems or uses file encryption to extract a fee from victims.

Possibly the most common type of Ransomware involves file encryption, whereby files on a victim’s computer are encrypted.  The files remain on the computer but in an unreadable form.  The hackers then display a message stating that the only way to restore the files is to pay a fee – often threats of permanent deletion are made and payment time limits are enforced.

This high-stress situation prompts many victims to pay the fee, but unfortunately, this is no guarantee that files will be unencrypted and agreeing to pay may increase your chances of being attacked in the future.

Are there different forms of Ransomware?

Yes.  The term ‘ransomware’  basically means ‘software that holds you to ransom,’ but the mechanisms used to achieve this vary.

Screen Lockers Screen Lockers don’t use encryption, instead, they infect operating systems and render entire computers inoperable.  They normally restrict all functionality at the point of account entry; so as you log in to your user account a message will pop up demanding payment in order to restore access.

Scareware Unlike other forms of ransomware, scareware typically involves an idle threat and quite often your computer or files haven’t been compromised at the point you encounter it.

Scareware might come in the form of a pop-up on an infected website.  Often this message will claim to have detected viruses on the user’s computer and will encourage them to follow a link to install “anti-virus software” to tackle the issue.  Often a fee will also be requested but instead of receiving legitimate antivirus software, the user will most likely download Malware intended to steal personal data.

Doxware  This is possibly the most sinister and alarming type of ransomware you can encounter.  Doxware uses 2 mechanisms of leverage to extract a payment from victims; file encryption (your files are encrypted, pay us if you want them back) and a threat to release sensitive data (pay us or we’ll release your private data, files photos etc.).

Doxware attacks sometimes target high-profile individuals for whom a data leak could seriously damage their reputation or credibility – company executives, politicians, celebrities – however, they can target anyone regardless of status.

Crypto Ransomware  This is the ‘classic’ ransomware attack involving file encryption and a restoration fee.  These attacks are brazen in nature – often the hackers are upfront about what they’ve done to your files and what they intend to do if you don’t make payment.  Often time limits and the threat of permanent deletion are used to extract a payment from victims.  In most cases, these attacks DO involve file encryption and the hackers will be willing to follow through on their threats, but occasionally the threat alone is used and files haven’t actually been compromised.

How do I protect my business from such attacks?

Ransomware has a high success rate for attackers, so the best line of defence is to avoid getting infected with ransomware in the first place.

• Advanced Threat Protection. Using proprietary anti-malware software is a good place to start to protect your data.  There are many options available but look for one that includes a range of security tools such as firewall, backups and VPNs.
• Keep on top of system maintenance. Poorly maintained software is a common entry-point for malware.  This means it’s important to keep on top of patch management and ensure all software (from the OS to individual programmes) are kept up-to-date.
• Be wary of email attachments and suspicious links. Similar to Phishing attacks, Ransomware criminals also use email as a common route of entry to infect devices.  As with Phishing, the persuasive and often emotive language will be used to encourage you to click on links to infected sites and open attachments containing harmful ransomware viruses.
• Use Cloud Services. Using cloud services such as cloud-hosted storage will reduce the chances of ransomware gaining entry to your system.
• Don’t enable macros. Ignore emails from unknown sources requiring you to enable macros to view.  Doing so will often infect your computer.
• Payment doesn’t mean ‘problem solved.’ Yes,  ransomware hackers do sometimes restore files when a fee is paid, but there are no guarantees here and you may face further attacks if you are seen as a ‘weak target.’

Here at 4TC, we can help your business with all aspects of cybersecurity.  Our expertise covers a wide range of bases, from proactive maintenance and Backups to full-network anti-virus and managed anti-spam solutions.  We provide managed services, project management and advice to ensure the businesses we work with remain out-of-bounds to Cybercriminals.