What is a Ransomware Attack?
What is a Ransomware Attack?
A ransomware attack is malware that denies a user or organization access to their computer or network or the files on them. A hacker encrypts the files and demands a ransom payment for the decryption key, placing organizations in a position where paying the ransom is the easier and cheaper option to regain access. There are some attack variants that also use other functionality like data theft to provide further incentives for victims to pay the ransom.
How a Ransomware Attack Works
A ransomware attack gains access to a target system, encrypts the files, and demands ransom from the victim. How the malware is implemented into a system will vary from one to the other, but they all follow the same stages.
1. Infecting and Distributing
One way that hackers prefer to infect vectors is through phishing emails. A malicious email can contain a link to a website where they host the malicious download or have an attachment on the email that has downloader functionality built in. The ransomware is downloaded and executed on the computer when a recipient falls for the fake email.
Another popular way is through a Remote Desktop Protocol (RDP). An attacker steals or guesses an employee’s login credentials and is able to use them to authenticate and remotely access a computer within a network. The attacker can directly download the malware and execute it as the machine is under their control.
2. Data Encryption
Once the ransomware has gained access to the system, it encrypts files. It involves accessing files, encrypting them with an attacker-controlled key, and replacing the original files on the system with the encrypted versions. Most ransomware attacks will be cautious when choosing which files to encrypt to ensure the system is stable.
3. Ransom Demand
After the ransomware is deployed and encrypted, different variants will implement the ransom in different ways. One common way is to have a display background changed to a ransom note or text files placed in each directory containing the ransom note. They will demand a set amount of cryptocurrency in exchange for access to the files. If the ransom is paid, the hackers deliver a copy of the private key. This can be entered into a decryption program provided by the cybercriminal and can be used to reverse the encryption and restore access.
How to Protect Against Ransomware Attacks
There are a few methods that can help prevent and protect against Ransomware attacks at your organization.
- Endpoint Protection: Antivirus is the first step in protection, but legacy antivirus tools can only protect against some variants. Endpoint protection protects against evasive ransomware and offers device firewalls, Endpoint Detection, and Response capabilities.
- Data Backup: Update your data regularly to external storage using versioning control and the 3-2-1 rule—create three backup copies on two different media with one backup stored in a separate location.
- Patch Management: Keep devices’ operating systems and installed applications up-to-date. Run vulnerability scans to identify known vulnerabilities and remediate them quickly.
- Application Whitelisting & Control: Limit applications installed on the device to a centrally-controlled list. Increase browser security settings, disable vulnerable browser plugins, and use web filtering to prevent users from visiting malicious sites.
- Email Protection: Train your employees to recognize phishing emails and conduct drills to test if employees are able to identify them. You can also use spam protection and endpoint protection technology to block suspicious emails and malicious links.
- Network Defenses: Use a firewall or web application firewall and other controls to prevent ransomware attacks.
Protect From Ransomware Attacks with PacGenesis
To protect against ransomware attacks, you need a cybersecurity system that offers all the solutions mentioned to prevent them and more. At PacGenesis, we have partnered with some of the leading providers of cybersecurity to enable your business to protect against these types of malware and other attacks. We meet with you to learn the best solution for your organization’s needs and help you implement it at your company. Contact us to discuss the best cybersecurity option for you and how we can help.
To learn more about PacGenesis, follow @PacGenesis on Facebook, Twitter, and LinkedIn or visit pacgenesis.com.