What is ransomware?

Top Ransomware Questions – Answered 

We hear a lot about ransomware in the media, how entire organisations are brought to their knees due to a successful ransomware attack, but do you know exactly what ransomware is and how it works?

63% of organisations reported a significant loss of revenue following a ransomware attack, according to a report conducted by Consensuswide, on behalf of Cybereason, called  Ransomware: The True Cost to Business.

Clyrofor Managing Director, Loyiso Boyce, answers the top questions around ransomware and offers some explanations for those looking to get ahead of a ransomware threat.

What is ransomware?

Ransomware is one of many forms of malicious programmes that have been created specifically to cause harm to someone else.

How does ransomware work? 

Ransomware works by denying access to information to the owner.

Essentially it denies you access to files or information on your computer systems. It does this by encrypting your files, denying you access to those files and then implementing the ransomware component which is to demand a ransom from those infected machine users to get access to those files again.

How do you know if you have been a victim to ransomware? 

Specific to ransomware, you will get a message via pop-up on your screen, you will receive an sms or an email with a demand in exchange for access to your system. However, by the time this happens, the attacker has already gone through your systems and files, as well as found any loopholes or weaknesses in your system.

The scary side of this is that you may already be hacked and not know it. Sometimes, ransomware attackers will encrypt your systems and you may never be aware of it. This is a dangerous position for any organisation to be in as they have access to all your company information.

Who does ransomware target? 

Larger corporations tend to be more at risk as the main goal of the attacker is to get money, however, this doesn’t mean that small to medium sized companies are not at risk. Sometimes smaller companies are more at risk simply because they do not have the same cyber security protection in place that larger companies might have.

Most cyberattacks are successful due to an employee’s lack of cyber security awareness. Depending on your role within an organisation, your risk profile will be different. If you are a regular employee, the chances of getting personally targeted through ransomware attacks are not that high, while a more strategically important senior role is going to be targeted more often. The higher up you are within an organisation, the higher your chances of getting attacked are as you more likely have access to more sensitive information.

However, this does not mean that you should not train or upskill all of your staff members on cyber security protocols as hacks can happen at any time, to any employee through phishing scams, email spoofing, business email compromise and even USB devices.

But since ransomware is typically looking for money, corporations tend to be more at risk, as hackers are looking to make large monetary demands, and corporations have more money, however, corporations are made of people and to get in they will go through people.

When looking at any cyber security set up, it is important to understand the risk profiles of people within your organisation.

Where do ransomware attacks come from? 

You can go buy tools online now and request that somebody post or embed malicious code in websites.

This can be done through dodgy websites, which is why it is important to only visit websites that have a padlock on the URL and to ensure that your own website is secure through an SSL certificate. The point of that is to guarantee and keep your website safe, it also lets users know that you are a reliable website and that you are not hosting any malicious code.

The easiest way to pick up viruses is through the internet, just by virtue of going onto a website you can get infected, another method is through Phishing, clicking on links or random attachments that you don’t know can lead to a hack, as well as using unknown or public wifi.

Don’t insert or install anything from a USB that you don’t know and ensure that all your computers have antivirus, or better yet an end-point-detection and response (EDR) system which is antivirus on steroids. With the rise of cyberattacks and increased sophistication of attacks, this is what you need to stay safe online.

Why is ransomware so dangerous to an organisation? 

Let’s take the Department of Justice (DOJ) hack that occurred last year as an example. They were completely locked out of their systems and files and they couldn’t do anything, not to mention the sensitive information that was accessed and possibly released.

A successful ransomware attack can bring your business to a halt and in order to get it up and running again you need to pay a ransom or restore your information from backup systems, provided that your backup systems haven’t been hacked.

However, once you have been hacked, even if you have paid the ransom, there is no guarantee that you will not be hacked again, or that your information has not already been sold to other hackers to exploit you based on information that they have obtained. There isn’t even a guarantee that you will get access back to your systems once you have paid.

That is what is so dangerous about being hacked by ransomware, is that they hack you, they then install the ransomware and by the time you see the symptoms – if they are in – then they could have discovered other ways to get in or accessed and downloaded a whole lot of sensitive information.

Why do ransomware attacks keep happening? 

At the end of the day people want money, and sometimes – like the graffiti on streets, hackers are doing it for ‘street cred’. Those in the industry know who it is. But ultimately, it is destruction of property, business espionage and even a nation state attack.

When people break into a business to rob it, once they are in they can pull out a weapon or threaten you and make their demands, the issue is not how to stop ransomware attacks, the main goal is to prevent robbers getting into the house.

A robust and overall cyber security system including employee training, security controls and policies and governance is the only way to prevent successful ransomware attacks.

Can ransomware attack cloud storage? 

Yes! Ransomware can attack anything from your external hard drive, personal computer (PC), essentially anything that has files on it.

Can ransomware be removed? 

A strong EDR solution does exactly that. In terms of ransomware, the EDR system will quarantine a file, catch it in the process and it will delete the file.

Preventing these attacks is much better than paying the price after a cyber security breach. Clyrofor provides tailored information security solutions to protect and monitor your assets, data and the users working on your information systems.

Get in touch with us about an EDR solution to keep your organisation locked.