How ransomware works

Ransomware hidden in software

You’ve probably heard about ransomware for some time now. But if you’re like most small and medium business owners you may not really know what it is. You may also be assuming you shouldn’t be worried about it.

In reality, you’re probably a better target than most large businesses!

How does ransomware work?

Here’s how ransomware works:

  1. Your computer is infected, usually through email links, attachments, or worms.
  2. Your files and even hard drive are encrypted. The method of encryption varies.
  3. A screen pops up demanding payment to decrypt your files.
  4. You’re unable to use your system until the issue is resolved.
  5. If you pay the ransom, the ransomware remains on your computer. It may encrypt everything again and it may also spread itself to other systems on the network.

The real cost of ransomware is more than just the investment of payment! It’s time, money, and resources.

Ransomware examples

Let’s take a look at 13 different examples of ransomware from the past few years so you can understand how they’re distributed and the damage they can cause.

Bad Rabbit – This one pretended to be an Adobe Flash player update on infected websites.

Cerber – Believe it or not, this ransomware used the affiliate model. Affiliates could purchase the malware, allow their copy to spread, then collect the money.

CryptoLocker – This ransomware’s attack lasted approximately from Sept. 4, 2013 to late May 2014. It was distributed primarily through email attachments.

CryptoWall – This infected more than 600,000 systems and generated more than $1.1 million in revenue for the attackers. Victims had to pay anywhere from $200 to $1,000.

GlobeImposter – This ransomware was distributed through a botnet, a network of Internet connected devices that have been hacked, usually for nefarious purposes.

Goldeneye – This was distributed through phishing emails, primarily in campaigns targeting Germany.

Jigsaw – An image of the character Billy the Puppet from the Saw movies was used in this ransomware, resulting in the name. It was spread through email attachments.

LeChiffre – This ransomware was named after a character in the James Bond novel Casino Royale. It had to be run manually to infect a system, generally by attackers finding poorly secured remote desktops.

Locky – A prompt in this program said, “Enable macro if data encoding is incorrect,” while displaying a bunch of random characters. When the user clicked “Enable,” the actual ransomware was downloaded and installed. The ransom demanded was between $9,000 and $10,000.

NotPetya – This 2017 attack was possibly the most damaging ransomware attack in history, with the software generally distributed through a tax preparation program. The total damages worldwide were estimated at more than $10 billion.

Philadelphia – Like Cerber, this was a customizable ransomware option for malicious individuals and organizations. They downloaded it, customized the ransom note, then often distributed it through customized emails to specific organizations.

WannaCry – This ransomware spread through a security hole in older copies of Windows. The estimated damage was in the billions of dollars.

Zcryptor – This final entry in our list both encrypted your files and copied itself onto connected computers and USB drives.

How to prevent ransomware

Because small businesses think they are not of interest to the predators that create and distribute malware, they often don’t take basic precautions. That actually makes them a very attractive target!

Here are six tips for preventing ransomware.

  1. Use reputable antivirus software, preferably an option recommended to you by professionals for your specific situation.
  2. Have a firewall in place on your network.
  3. Do not share any personal information when replying to an email or direct message, clicking on a link in an email, or even over the phone.
  4. Make sure all your systems and software are kept up-to-date.
  5. Don’t open email attachments from people you don’t know or attachments that are unexpected even if they are from people you do know.
  6. Don’t enable macros when prompted without first talking to an IT professional.

Ongoing backups and using cloud storage for your files won’t prevent ransomware, but it will help speed up the recovery.

And if you are ever infected, you may be tempted to just pay the ransom so you can get back to work. Don’t! When you pay the ransom, your computer and network may be unlocked, but the software is still on there.

If all this sounds overwhelming, it may be time to outsource your IT to a professlonal.

Posted in