Powered by Smartsupp

Ransomware Exposed: What It Is And How It Works

itmtechblog-ransomware

In light of everything that’s been happening with the HSE recently, we thought we would help people understand what ransomware is and how it works. Ransomware is an attack on the data, information and privacy of your computer by use of dangerous software. Typically, the security and access to a system is compromised. The attackers could essentially:

  • Threaten to release sensitive data.
  • Block access passwords to your systems.
  • Threaten to delete both the data and passwords.

Ransomware has become an undeniable threat to business growth, profitability and security. It’s a ruthless type of malware that locks your keyboard or computer to prevent you from accessing your data until you pay the ransom, which is usually demanded in untraceable Bitcoin. Cybercriminals are turning this type of attack into big business, raking in billions each year as many businesses have no choice but to pay up.

How does ransomware get into the network?

Surprisingly, it’s NOT those random USB drives floating around from unknown sources. That’s old school, and cybercriminals operate much more effectively now. The most common vehicle for ransomware attacks today are email and compromised websites.

One email is all it takes.

We’ve all become so used to email as the major form of business communication that getting someone to click a link is easier than ABC. Ransomware attacks come disguised as legitimate emails that can trick your employees into clicking through to an infected website or opening an infected attachment. Unfortunately, cybercriminals have gotten really, REALLY good at faking internal emails, external communications from stakeholders and seemingly genuine inquiries from customers. They’ll often conceal their ransomware in normal attachments like invoices and reports in Office docs as well as PDFs. Even TXT files can actually be an executable javascript in disguise!

Infected websites aren’t always obvious.

Let’s face it, cybercriminals will infect any web page they can get their hands on, which is why the less reputable sites should be avoided. But it’s not just about making sure you and your employees stick to suitable sites, mainstream websites can also carry ransomware infections ready to spread to all visitors. It’s happened before – in 2016 the New York Times, BBC & MSN homepages accidentally exposed thousands of web visitors when their infected site showed malicious ads.

What happens during an attack?

As soon as ransomware is in the door, it immediately scans local and connected drives (including connected backups) and encrypts thousands of files. Within minutes, everything from Office files to multimedia is locked up tight, inaccessible to all users – even admin. Then a notification appears demanding a ransom to unlock the files and gives helpful instructions on how to pay it. At this point, many businesses are on hold until the situation can be resolved. Typical options include: restoring from safe, external backups; wiping the entire system and starting again; or paying the ransom and learning a hard lesson in data security. Ransomware may not be fun, but it certainly makes for an interesting day at the office!

ITM Tech can help your business, with a complete data security plan, including safe backups. Call us today at 045 409984 or contact us through our website here