All you need to know about ransomware attacks

RiskXchange can regularly monitor and mitigate risks to prevent unnecessary exposures. 

Ransomware attacks have been in the news quite a lot lately – government agencies, large, medium and small-sized organisations, and even individuals have all fallen victim. Ransomware is a type of malware that stops users from accessing their entire system or personal files and a ransom payment is demanded in order to regain access.  

Ransomware is created for either the criminal’s gain or to sell the service to other cybercriminals, which is known as Ransomware-as-a-Service or RaaS. Ransomware was first developed in the 1980s and hackers expected payment to be sent via snail mail. Today, cybercriminals expect payments via credit card or cryptocurrency in extremely large amounts. 

Catching the ransomware virus 

Ransomware can infect your organisation, system or computer in many different ways. Malicious spam, or malspam, is one of the most common ways a computer can become infected with malware, via an unsolicited email. The email might include PDF or Word attachments that are infected with malware and when they are opened the virus is unleashed. Links to malicious websites and other forms of infiltration have also become commonplace.  

Malspam uses social engineering to appear as legitimate correspondence to trick people into opening attachments or clicking on links, by either posing as a friend, bank or well-known organisation. Hackers are also using social engineering to pose as official bodies, such as the FBI, to trick users into paying them to unlock their files. 

Malicious advertising, or maladvertising, is where online advertising is used to distribute malware with very little user interaction required. Without even realising, websites, including legitimate sites, can direct users to criminal servers even if they don’t click on an advert. These servers collect details from user computers and their locations, then select the most appropriate malware to deliver – ransomware being the most common.  

Three main types of ransomware 

Ransomware comes in three main guises, which can range from mild to severe. 

Let’s take a closer look: 

  1. Scareware 

Scareware includes tech support scams and rogue security software. It can be transmitted by a pop-up message claiming that malware has been discovered and the only way to remove it is to pay. If you ignore it, pop-ups will continue but your data will essentially be safe.  

  1. Screen lockers 

Once lock-screen ransomware gets into your computer, you’ll quite simply be frozen out of your PC. A full-sized window will appear as soon as you start up your computer, often displaying an official-looking government logo stating that illegal activity has been detected on your PC and you must pay a fine to unlock it. This is, of course, false because the authorities do not operate in this way.  

  1. Encrypting ransomware 

Encrypting ransomware is the most vicious. Cybercriminals will steal files and data and encrypt them, then demand payment to decrypt and return. Once the hackers encrypt your files, then no system restore or security software can return them. So unless you pay the ransom they’re gone. Decryptors and further advice is discussed later on. 

Mac Ransomware 

There is now even Mac ransomware specifically targeted at Mac users. The first ransomware developed in 2016, KeRanger, infected an app called Transmission which, when launched, copied malicious files that remained in the background, then detonated after three days and encrypted files. Luckily, Apple’s anti-malware program XProtect released an update soon after the ransomware was discovered that blocked it from infecting user systems.  

Mobile ransomware 

In 2014, CryptoLocker shone a light on ransomware targeted at mobile devices. Mobile ransomware usually displays a message on the screen which claims the device has been locked due to illegal activity and that it will be unlocked once a fee has been paid. Mobile ransomware is often delivered via malicious apps and can only be removed if you reboot the phone in safe mode and delete the infected app. 

Ransomware targets 

When ransomware was first introduced its victims were individuals, now attacks have become more sophisticated and can target large organisations or entire governments. Once cybercriminals realised that ransomware could halt productivity and acquire data and revenue, attacks became commonplace right around the world.  

According to a public service announcement by the FBI in 2019, ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information. 

How to avoid ransomware   

Ransomware attacks are more focused on western markets, with the US, Canada and the UK ranking as the top three countries targeted.  

According to the FBI, the best way to avoid being exposed to ransomware — or any type of malware — is to be a cautious and conscientious computer user. Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click on.  

Tips to follow: 

  • Keep operating systems, software, and applications current and up to date.  
  • Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans. 
  • Back up your data regularly and double-check that those backups were completed. 
  • Secure your backups. Make sure they are not connected to the computers and networks they are backing up. 
  • Create a continuity plan in case your business or organisation is the victim of a ransomware attack. 
How to react once targeted 

The authorities now state that the number one rule is to never pay up! The reason being that paying cybercriminals will only encourage them to commit further cybercrimes. Although this can be of little comfort if you need to retrieve precious data, some steps can be taken to bolster security to prevent cybercriminals from gaining access to sensitive information. By using decryptors it may be possible to retrieve some of the files, but most importantly, ensuring your cybersecurity measures are at an optimum will help prevent the breach from occurring in the first place.  

Although decryptors can be an effective way to access encrypted files, not all ransomware families have had decryptors created to crack them. There is also a risk that running a decryptor could further encrypt files, so the best approach is to get in touch with cybersecurity experts like RiskXchange for advice and guidance before tackling a complex issue like ransomware. 

How RiskXchange can help  

RiskXchange is one of the firms leading the fight against cybercrime, coming up with novel solutions to everyday problems experienced at the hands of hackers. 

With full visibility over your eco-systems entire attack surface in near real-time, you can regularly monitor and mitigate risks to prevent unnecessary exposures. Our passive data collection methods are effective and have no impact on your network performance. Using data-driven insights to prevent breaches is the best way to reduce an attack surface and prevent cyberattacks.   

About RiskXchange 

RiskXchange provides a powerful AI-assisted, yet simple automated and centralised 360-degree cybersecurity risk rating management approach. We generate objective and quantitative reporting on a company’s cybersecurity risk and performance, which enables organisations with evolving business requirements to conduct business securely in today’s open and collaborative digital world.  

RiskXchange is an information security technology company that helps companies of all sizes fight the threat of cyber threats by providing instant risk ratings for any company across the globe. RiskXchange was founded and is led by recognised experts within the security industry, who have held leading roles within companies such as IBM Security.