What Is Ransomware?

The meaning or definition of ransomware is a type of malware that uses encryption to hold a user’s valuable data hostage until a ransom is paid. It’s often designed to take over an entire network with the intent to paralyze an organization. A cybercriminal will typically demand money, forcing organizations to either pay the ransom or lose their most critical data. Find out how ransomware works and how to protect your business from falling victim to this damaging online threat.

Ransomware encrypts an organization’s critical data, blocking users from accessing their database, applications and files. Once the ransomware has infected a device or network, the cybercriminal responsible for deploying it will contact the user demanding a payment be made in exchange for the data. Organizations that fall victim to ransomware will have three options: pay the ransom, attempt to remove the malware or accept data loss. Ransomware attacks can affect both individuals and entire organizations.

This is how ransomware typically works to infect a device:

• A cybercriminal deploys an attack on your device, typically through a spam email attachment, phishing scam or Trojan horse.
• After the ransomware is activated on a device, it releases a malicious binary used to search and encrypt valuable files, such as applications, files, photos and databases.
  
• The ransomware may also spread to other devices in the network through shared drives, servers or chat messages.
  
• Once the files are encrypted, the malware stays on the device until a ransom is paid.
  
• Typically, users are given a set amount of time to pay the ransom before the files become permanently lost.

New types of ransomware are constantly emerging, but some of the most popular are:

CryptoLocker is one of the oldest forms of cyber-attacks, where hackers encrypt a user’s most valuable data without interfering with computer functions. Typically, a user will be able to see their data, but won’t be able to access it until the ransom is paid.

In 2017, WannaCry was a ransomware attack that exploited a security vulnerability in Windows. It was created by the National Security Agency and spread by the Shadow Brokers hacker group. Over 230,000 computers worldwide were infected, and it caused roughly $4 billion in financial damage. Users were locked out of their devices and asked to pay a ransom in Bitcoin.

Mostly organizations in Russia and Eastern Europe were infected with this strain of ransomware. Bad Rabbit is installed using a fake Adobe Flash installation on compromised websites.

Crysis ransomware spreads through malicious email attachments and encrypts files on fixed, removable and network drives.

One of the most destructive types of ransomware, Jigsaw encrypts a file and begins deleting data on an hourly basis until a ransom is paid. Typically, users are given 72-hours before all their data is deleted.

This ransomware is designed to lock a user out of their computer until a ransom is paid. It’s spread through an email disguised as an invoice. When the attachment is opened, the invoice is deleted and the user is directed to enable macros to be able to read it, tricking the user to activate Locky.

Once ransomware has infected a device, an organization will have several options for ransomware removal and data recovery:

• Pay the ransom and hope the data is returned
• Attempt to remove the malware using a decryption tool
• Restore backup data—organizations that back up their data externally or utilize a cloud backup service can retrieve information saved before the network was infected

Ransomware can be extremely difficult to detect. Cybercriminals tend to use advanced techniques to install military-grade encryption onto devices. Once it infects a device, the ransomware will spread quickly through the network, making it hard to respond in time. An organization often won’t be aware of the ransomware until after it has already encrypted the data and made itself known by demanding a ransom.

Some common signs of a ransomware attack include:

• Abnormal file system activity—such as many failed file modifications
• An increase in CPU and disk activity without being prompted by the user
• Files have been renamed without the user’s knowledge
• Inability to access files, data and application
  
• Suspicious network communications, typically deployed by the cybercriminal

By taking preventative measures, you can help protect your business from the crippling effects of ransomware. Cox Business MalBlock offers company-wide cyber security that can help uncover threats before they even reach your network. Businesses using Cox MalBlock automatically receive malware protection for all devices connected on their network. Get the protection your business needs within minutes.