Back to Top

Services

Content Samples

ransomwareA quick guide to ransomware

641 words

Ransomware attacks in the UK soared this year, with more than 9,600 taking place and affecting over 3,500 businesses, according to a new report. The jump is attributed to two events, which caught IT admins off-guard: the large-scale WannaCry ransomware attack that took place last year, and the new WannaCryptor variants that appear to be targeting UK businesses at the moment.

Ransomware is a nasty piece of malware which attempts to encrypt files on computers and servers, and business owners who want to get their files back need to pay cyber criminals a ransom. Companies and organizations which work with personal or financial data are prime targets.

What causes ransomware to get into a system?

Most ransomware attacks start when an unauthorized person installs an executable file using an administrator account on a server. To trigger the infection process, malware developers need access to a machine that is connected to the network.

Unfortunately, many other attacks are triggered by employees who aren't familiar with the best computer security practices. Some people will open email attachments because they seem to come from an authorized source. As soon as an infected attachment is open, the malware will be deployed on the system, and then it will try to spread across the network, infecting all the shared resources.

Why are ransomware attacks on the rise?

Security professionals believe that ransomware attacks are growing because the cyber criminals who build them have become much more skilled, being able to create malware that can easily disguise itself, tricking antiviruses, and thus doing its nefarious tasks without being detected.

Hackers are increasingly targeting Windows users, according to a recent survey that was run by several email security firms. And since almost 40% of people in the world use Microsoft's operating system, it's no wonder that most ransomware attacks target Windows-based machines these days. This doesn't mean that ransomware attacks don't have any impact on Mac users, of course.

The biggest increase in ransomware attacks took place in the first quarter of 2017. This coincides with the devastating WannaCry attack, responsible for the infection of over 300,000 PCs around the world. And if businesses didn't have antiviruses in place, that piece of ransomware could have spread to many more machines. However, small businesses - especially the ones lacking funds - find it hard to safeguard their computers using top-of-the-line security products, which require expensive monthly subscriptions.

Which kinds of ransomware attacks are on the rise?

There are many forms of ransomware today, and most of them are targeting companies or organizations. The first one was named "Bogus Call" and has been around since at least 1999.

Modern malware has become much more advanced, though. According to Trend Micro, Ryuk, which has attacked its first targets in 2018, is now responsible for about a third of ransomware attacks. It exploits system vulnerabilities, can make use of email phishing, and can even work in conjunction with other malware such as Emotet.

Once that a machine is infected, Ryuk moves laterally, being able to propagate across the entire network. The payment for a successful ransomware attack is, on average, US$ 1.3 million.

What can businesses to protect themselves from ransomware attacks?

According to Trend Micro, network administrators should always patch domain controllers, with the goal of preventing malware from gaining domain level access. Users who don't need file write permissions should have their accounts limited to a read-only status.

Administrative shares should be deactivated, or at least blocked using hardware-based firewalls. Since current versions of Ryuk make use of Windows administrative shares to encrypt files, that O.S. feature should be used carefully. Furthermore, PowerShell should be disabled; many hackers use it to launch devastating malware attacks.

Data should be backup up regularly; multiple copies must be stored in separate locations, both on-premises and in the cloud.