Ransomware is one of the greatest cyber security threats that organisations currently face. In recent years, it has been growing in size, scale and sophistication.
Ransomware is a type of malware that prevents users from accessing their system by encrypting files and then demanding a ransom in order for the system to be unlocked.
Cybercriminals will typically assign a deadline for the ransom to be paid, and if the deadline passes, the ransom payment will be doubled or the files permanently locked.
It has the potential to cause great damage to an organisation, as was evidenced in the 2017 WannaCry attack that affected more than 200,000 victims in 150 countries.
A ransomware attack can spread when the infected file is opened on a computer connected to the network. Once a device is connected, the attack will spread quickly through the network infecting all PCs.
The average cost of a ransomware attack in the UK is £30,000, although this just represents a small percentage of the damage that can be inflicted. Further costs can be incurred through:
There are several different ways that ransomware can infect your computer. One of the most popular ways to attack organisations is through the use of malicious emails. The email will appear entirely legitimate and contain a link or attachment that once opened will deliver ransomware on to the system.
Another way that cybercriminals will deliver ransomware is through malicious websites. Cybercriminals may specifically create a website to spread a virus, or they may hack an existing website to deliver the ransomware. This enables the crooks to catch people who regularly visit the website off guard.
As the names implies, Scareware uses a range of scare tactics to trick the victim into paying a ransom. A common example of this is a pop message to update your security software. The message will claim that your PC is infected with a virus and that a payment is urgently needed to fix the problem. This attack method can vary in severity, users may be bombarded with pop up messages or their computer may fail to work at all.
Unlike other forms of ransomware that will prevent the user from accessing their data, screen locking ransomware will lock down the entire operating system, making it virtually impossible for the user to recover any of their data unless they pay a ransom. A typical example of this would be a full-sized message appearing on the user’s screen from an apparent law enforcement agency. The message warns that illegal activity has been detected on their computer and they must pay a fine in order for their files to be released.
This is a particularly nasty form of ransomware and one of the hardest to recover from. Encrypting ransomware has been used in some of the world’s largest cyber attacks and it’s continuing to evolve as cybercriminals look at new ways of blending old and new variants to cause maximum damage.
Instead of denying the user access, it finds all the sensitive data, encrypts it, then demands payment in order for the data to be decrypted and restored. The reason this form of ransomware is so dangerous is because once the criminals get hold of your files, there is no way they can be restored unless you pay the ransom. Users are strongly advised never to pay a ransom as there is no guarantee that your files will ever be recovered and if anything, it makes you a prime target for future attacks.
To prevent computers being encrypted with ransomware, employees should follow the below guidelines:
Phishing is the number one cause of all cyber-attacks and continues to prove one of the easiest ways to steal valuable data and deliver ransomware. MetaPhish has been created to provide a powerful defence against these threats and enables organisations to find out just how susceptible their company is to phishing. Get in touch for further information on how MetaPhish can be used to protect your business.