BACK

What is Ransomware?

According to an FBI statement to CNN the estimated cost of damages caused by ransomware during Q1 2016 totals $209 mIllion. Healthcare departments, schools and law enforcement agencies include some of this years targets. Many companies are forced to pay the ransom as complete loss of their data would cause irreparable damage to their business.

  • 22 Dec 2016
2 min read

Ransomwares roots stem back to the late 80’s although due to the advent of modern anonymous payment systems such as bitcoin, ransomware has been reborn.

The Attack

Ransomware usually enters an organisation via a nefarious email attachment. The attachment is typically a Word or Excel document containing a malicious payload. These malicious emails tend to target non-technical departments to increase the chances of a successful compromise. For example, a seemingly benign email is sent to an organisations HR department. This email may contain an attached CV in the form of a Word document. All the employee needs to do is open and click Enable Content on the document. Once this has been done the ransomware can now begin to execute its task.

enable-macro

 

The ransomware infection will not be evident at first, it will begin by searching for files on the computer and network that will be of value to an organization. These files tend to include Office documents such as spreadsheets, reports and power-points. Other file types include audio-visual files such as mp3/4 and numerous web server files. Many professional software package file extensions are also included in the attack to cause maximum harm to the organization. Once these business-critical files have been found they are then encrypted. Encryption renders these files completely unreadable, therefore having the potential to cease an organisations ability to do business with customers. Some ransomware variants will also disable user access to the windows operating system, subsequently causing the computer to be completely unusable.

The Ransom

Once the computer and documents have been encrypted the malware declares its ransom. This is done via a splash screen or within various text files informing the user of the breach. This notice will state the attackers payment details for the ransom of the decryption key. Payments are typically made through the TOR network [Dark Web] into Bitcoin cryptocurrency wallets. This is done to hide the attackers identity. Ransoms typically range from £200 – £8000 in order to recover sensitive data from one machine.

The Aftermath

According to an FBI statement to CNN the estimated cost of damages caused by ransomware during Q1 2016 totals $209 mIllion. Healthcare departments, schools and law enforcement agencies include some of this years targets. Many companies are forced to pay the ransom as complete loss of their data would cause irreparable damage to their business. Once the ransom has been paid there is no certainty you will receive the decryption key in return. Ransomware has the ability to close businesses down and prevent healthcare organisations from saving lives. With the attackers widespread success more intricate strains of ransomware are being developed every week. Ransomware is here to stay.

 

Mitigations

  • Ensure employees are aware of Ransomware and its dangers.
  • Train employees to question the validity of emails and to not open suspicious unexpected attachments.
  • Disable Macro scripts within Microsoft Office.
  • Manage the distribution of privileged accounts. Only use administrative accounts when absolutely necessary.
  • Have a robust and frequent data Backup strategy in place. Ensure backup data isn’t attached to the network. Always keep a backup offsite and offline.
  • Rename sensitive file extensions to something unique [.doc to .file] This will prevent ransomware from encrypting the document.

 

Blog Details
  • 22 Dec 2016

Newest Articles.

View all
  • 04 Mar 16

    Top 5 Recent Cyber-attacks/hacks and How They Could Relate to your Business.

    Read Article logo
  • 13 Mar 16

    Data leaks, how can they affect Sales and Business Integrity?

    Read Article logo
  • 20 Apr 16

    Common Cyber Security Threats Faced by Businesses and The Impacts

    Read Article logo
  • 11 May 16

    Regular Vulnerability Scans Assessments: Keeping You Safe

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.

Buy Cyber Essentials

price-popup-pattern