What Is Ransomware?

WHAT IS RANSOMWARE, WHAT DOES IT LOOK LIKE, DOES IT POSE A THREAT TO YOUR BUSINESS AND HOW CAN YOU PROTECT YOURSELF?

What Is Ransomware?

Ransomware is a type of malicious software (malware) that attempts to extort money from victims by restricting access to a computer system or files. The most prevalent form of this profit-motivated malware is crypto-ransomware, which encrypts files into encoded messages that can only be decrypted (decoded) with a key held by the malicious actor.

What Does Ransomware Look Like?

To the left is an example of what it looks like when someone is hit by Ransomware.  Generally, there is a message stating that your computer has been locked and in order to unlock it, you must pay a certain sum of money, or ransom.

Don’t worry, the image is just an example of what Ransomware could look like.

Is Ransomware A Threat To Organizations?

Yes.  Ransomware is an ongoing threat to organizations AND individuals.  Hackers motivated by financial gain are constantly expanding the targeted scope of their extortion campaigns.  The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), an entity that share information on cyber crime, analyzes threats and reports incidents has assessed with high confidence that many businesses, schools, government agencies and home users will remain at high risk of ransomware infections going forward.  In addition to personal devices like computers, tablets and smartphones, cyber extortion will also likely target automation systems, smart appliances, vehicles, medical devices, business servers, business websites and cloud solution.  NJCCIC states that businesses who outsource their data to a third-party vendor with poor cybersecurity practices are putting themselves at a particularly high risk.

How Does Ransomware Work?

  • Ransomware infections occur when a user opens a malicious email attachment, clicks on a malicious link, or visits a website infected with malicious code, known as a drive-by download.
  • Once a system is infected, the ransomware contacts a command and control (C2) server to generate an encryption key and begins encrypting files on the victim’s machine.
  • The ransomware runs quietly in the background performing in-depth searches of all disk folders, including removable drives and network shares, and encrypts as many files as it can.
    • Ransomware may also delete Shadow Volume Copies, destroy restore points, and overwrite free disk space to prevent victims from recovering their files and systems without paying the ransom.
    • If a system is powered off as files are being encrypted, some ransomware variants resume where they left off when the system or device is powered on again.
  • After files are encrypted, a ransom note is displayed on the screen with instructions on how and where to pay the ransom and the length of time before the hacker or software destroys the decryption key.
    • Some recent variants offer victims a ‘second chance’ to pay after the initial timer expires; however, the ‘second chance’ is often at least double the original ransom amount.
  • If the victim pays the ransom, the malware is supposed to contact the C2 server for the decryption key and begin decrypting the victim’s files; however, in many cases, the files are never decrypted.
    • Some ransomware files can delete themselves in order to avoid detection and analysis by security researchers or law enforcement.

How Do I Protect My Business From Ransomware?

Ransomware may not be entirely preventable; however, there are certain measures a business must have in place to mitigate their risk:

  1. The impact of a successful infection can be greatly reduced if a robust data backup process is in place. Comprehensive data backups should be scheduled as often as possible and must be kept offline in a separate and secure location. To do this, you must work with a trusted technology advisor, like Link High Technologies.
  2. Conduct regular training and awareness exercises with all employees to ensure users are proficient in safe Internet-browsing techniques and the ability to identify phishing emails.

What Is The Next Step?

Link High serves as a trusted technology advisor to many businesses in New Jersey, New York and Pennsylvania.  Link High provides techincal guidance to business clients as well as CIO services, Managed IT Services and Network Security services.  Link High can help your business stay protected with network monitoring, comprehensive data backups, business continuity solutions and employee training.

To speak with an expert, call 973-659-1350 or email info@linkhigh.com.

Leave a Comment

Get In Touch

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text.