July 18, 2021
Patrick Cormier
Ransomware is a word that you hear all of the time when it comes to cybersecurity but questions we also hear all of the time are what does it mean? How does it get on my computer? How can I keep myself and my business safe? Let’s break it down …
What is Ransomware?
Ransomware is a type of malware (software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system) that threatens to publish someone’s personal data or perpetually block access to it unless a ransom is paid. Users are shown instructions for how to pay a fee to get the decryption key. The demanded ransom can range from a few hundred dollars to thousands.
How does it work?
There are a number of ways that ransomware can access a computer. One of the most common delivery systems is something called a phishing spam. Phishing is a means of gathering personal information using deceptive e-mails and websites attachments that come to the user in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the user’s computer. Some other, more aggressive forms of ransomware exploit security holes to infect computers without needing to trick users.
There are several things the malware might do once it’s taken over the someone’s computer, but by far the most common action is to encrypt some or all of their files. The most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.
In some forms of malware, the attacker might claim to be a formal or law enforcement agency shutting down the user’s computer due to the presence of pornography or pirated software on it, and demanding the payment of a “fine,” perhaps to make victims less likely to report the attack to authorities. But most attacks don’t bother with this pretense. There is also a variation, called leakware or doxware, where the attacker threatens to publicize sensitive data on the user’s hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.
Who does it target?
There are a lot of different ways attackers choose who they target with ransomware. Sometimes it’s a matter of opportunity: for instance, attackers might target companies that are known to have smaller security teams and users that do a lot of file sharing, making it easier to break through.
Sometimes an organization is a target because they seem more likely to pay a ransom quickly. For example, places like government agencies or medical facilities need immediate access to their files. Law firms and other organizations with sensitive data might be willing to pay to keep any news of a compromise quiet — and these organizations may be uniquely sensitive to leakware attacks.
How can I prevent this happening to myself or my business?
There are a number of steps you can take to minimize your risk but perhaps one of the most important security measures is ensuring that software security vulnerabilities are patched promptly and regularly. But patch management is just one part of the multilayered security to protecting yourself and your team from ransomware attacks. Other steps include providing security awareness training for employees, disabling macros, using something called ‘least privilege’ , which means that users should only have the minimum amount of access required to fulfill their job duties.
Ultimately a strong line of defense for your business comes with being proactive, taking preventative measures, and promoting security awareness at all times. This is what makes the difference between successful attacks and thwarting them. Ask us how we can help keep your business safe by emailing suppport@dvnt.ca
