Compliance Knowledge Base | Cyber Security Training
As per the 2019 Verizon Data Breach Report, ransomware is the second most frequent malware attack. Any organisation that relies on data and business information, regardless of their size, is a potential target for a ransomware attack.
Ransomware is a type of malware attack that is designed to infect systems, encrypt user files and data and render them inaccessible. Cybercriminals demand a ransom – sometimes in the form of cryptocurrency – in exchange for restoring access to systems and data. The main target of a ransomware attack is data and every location data can be found - including the computer, server and the cloud.
To prevent ransomware attacks, it is also important to understand how ransomware attacks work and the different types of ransomware attacks that can affect organisations.
How Ransomware Attacks Work
Ransomware is a multistage attack spread across four key stages:
Infection
The first and most important stage where hackers deliver malware that will compromise business data and information through a ransomware attack.
Encryption
Once the malware makes its way into the user's system, it quickly encrypts business data and files, rendering it inaccessible to users and disabling business operations.
Extortion
When encryption is completed, the business is at the mercy of the cybercriminals. At this stage, there is usually a ransom demand, often in the form of cryptocurrency, in exchange for restoring access to data and files.
Recovery
If a ransom is paid, a key is provided to decrypt the files. In many cases, this key never arrives even after the ransom is paid up. Whether a business chooses to pay up or not, there is a long road to recovery getting systems back up and running and restoring data.
Types of Ransomware Attacks
Ransomware attacks target businesses in many ways with the main goal of encrypting business files and data and demanding a ransom in exchange for decrypting files and restoring access. It is achieved in the following ways:
Phishing
It is estimated that 91% of successful data breaches start with a phishing attack. Hackers use phishing to trick users into opening suspicious-looking emails, clicking on malicious links to infect their computers with ransomware. Phishing scams work by making emails and websites look legitimate and trustworthy, convincing a user to take the required action. There are two main types of phishing attacks:
- Malicious links - An email, an SMS or a social media post with a link to a malicious website. The malicious website is designed to look legitimate and requires the user to enter confidential details such as user credentials. These are then used by cybercriminals to target the user, enter their systems and encrypt files.
- Attachments or downloads - Delivered through an email, a file containing malicious software which when downloaded to the system, quickly spreads to other systems in the network and infects the entire network with ransomware.
Vulnerabilities in Security
Some ransomware attacks target vulnerabilities in system or endpoint security and infect systems from the inside. These usually rely on out-of-date security or systems, for example, when system security is not kept up-to-date or important patch updates are not installed. The WannaCry ransomware attack in 2017 exploited a security loophole in the Microsoft Windows operating systems. Before a patch update was provided to close the security loopholes, it is estimated to have infected 200,000 computers globally.
Malicious Applications
Fraudulent applications downloaded to mobile devices without realising that they could contain ransomware which can disable access to the device files and data. Such apps don't infect the device by just downloading them. Such apps rely on permissions granted by the user to devices files with the risk that it could compromise important business information and data. Access to the device is disabled until a ransom is paid.
USB and Portable Storage Devices
Ransomware bundled onto USB and portable storage devices to target unsuspecting users who may not be aware that the storage devices are tampered with. Once the device is plugged into a user's system, it quickly infects their system and can spread further. It is important to not leave USB and portable storage devices unattended. Never use unauthorised storage devices without running it past your IT department.