How Does Ransomware Work?
Author: Gabriel Bujold
What is Ransomware?
Whether you’re using the Office PC, your home tablet, or a virtual desktop, ransomware is one of the worst problems that you might have to encounter. Think of a situation where you would suddenly be blocked from accessing essential data of your business. How much loss would it cause to your company? And then all of a sudden, you receive a message where you are asked to pay a ransom to retrieve the files. This is precisely what ransomware does. It’s a form of malware that will encrypt your data and keep it in hostage until you pay the attackers a ransom.
What makes Ransomware so dangerous is that you can easily be a victim of it. It can be caused by something as trivial as an employee of your company opening an infected email. There are numerous types of ransomware out there on the internet trying to access your system with one error you make. How they work may differ vastly, but they have one goal, which is to keep your files under hostage until you pay the ransom.
How does ransomware work?
It’s important to know how ransomware works to prevent taking any quick irresponsible action. The first thing ransomware will do after attacking you is encrypting your files to make it unreadable. Then without giving you much time to think, it will send you a notification of what you should do. This is what WannaCry sent to its victims.
This will make the victim panic. What this tells is that you need to pay a ransom if you want to receive the decrypt key. They don’t give you much time to pay, which forces you to make a quick decision. Usually, the money is asked through cryptocurrencies like bitcoins to avoid transactions being traced. Also, these attackers keep their ransom to relatively low values like 300$ to 1500$ to persuade victims to pay the money without taking any other action.
However, things keep changing. In May 2019, USA city Baltimore was attacked by a ransomware called RobbinHood. The attack was so severe that all servers, except for essential services, were taken offline. Hackers demanded 13 bitcoins which is worth more than $75,000 to restore the access. Thus, you would never know whose victim you might become.
Sometimes these ransomware attackers don’t do anything significant but only hide or move the files. Still, people with little technical knowledge will pay the ransom since they don’t understand how ransomware actually works. So it’s vital that you are aware of the different possibilities.
How common are ransomware attacks ?
Often, small businesspeople think that they won’t be a target of hackers. The sad news is that Ransomware attacks the most vulnerable systems which happen to be small businesses. Let me give you some facts so that you can believe what I say.
- According to the FBI, 4,000 ransomware attacks are launched every day.
- In 2016, over 97% of phishing emails contained ransomware,
- Ransomware has attacked more than 60% of small businesses
- 4% of organizations have only stated that they can stop ransomware.
- According to CBROnline, 28% of companies lost files for not paying the ransom.
- The average cost of ransomware for businesses is $133k, even if all of their data is in the cloud.
Remember that, Ransomwares can even freeze SMB data on Google Drive. Your files don’t need to be in your hard drive, because your whole computer can be frozen.
What all this suggests is that your business is likely to be attacked by ransomware regardless of its size.
How can you be a victim of Ransomware?
Ransomware uses different strategies to trap you. However, most are delivered through emails with which appear to be very legitimate, and you are lured into the trap by clicking a link button. Sometimes, there are links to download infected attachments like Cryptolocker which contain ransomware which tempts you to do so. Unfortunately, you would not know this is a setup.
Other common mechanisms used are social media messages and drive-by-download. There are others like Wannacry which exploits the operating systems and is one of the most used methods these days.
Generic ransomware usually does not target individuals. They use a ‘shotgun’ approach where they obtain a list of emails or websites and activate ransomware. However, if multiples sites have it you, it is probably by a different hacker.
Most Common Types of Ransomware and How Do They Work
How Locky ransomware works was a hot topic in 2016 when it was first released. Locky was released in 2016 and known to have been created by a sophisticated group of hackers. It is designed to infect Windows PC and uses advanced features like domain generation algorithms. Manual decryption is impossible as keys are made on the server-side. It also can encrypt on fixed devices and removable devices as well.
It was an active ransomware that infected email attachments and locked files using a 2048 bit encryption. It affected around 500,000 people during 2013 and 2014 subsequently. However, US authorities state that it put an end to this and that it is no longer a threat.
WannaCry is one of the most widespread ransomware attacks and targets networks using SMBv1 protocol. They have a condition where you must pay $300 with bitcoins within 3 days which if not paid, the ransom amount doubles.
BadRabbit is known to spread using a fake Adobe Flash update. This is a trap that many users tend to fall for. It uses a false alert system to notify users that the flash player requires updates. However, if you are using the trend micro security, they are specially designed to protect you from attacks launched by BadRabbit.
This is a new ransomware that was recently identified and appeared in 2017 and is known as a RaaS platform used by criminal entities. RaaS, or Ransomware-as-a-Service is a platform that provides services and tools That is necessary to carry out ransomware attacks. Satan enables even novice attackers to execute large-scale ransomware attacks without much difficulty.
The latest Ransomware that came to the scene was RobbinHood Ransomware. It was particularly famous for the Baltimore incident, where it made a devastating impact on the cities’ services. Interestingly, this ransomware doesn’t use spam to be distributed. It uses more advanced methods like Trojans or hacked remote desktop services to get access to the servers.
Paying the ransom is not the way to go
It’s obvious that having your data being inaccessible will cause a significant loss to you. Many victims tend to take the easy way out by paying the ransom. But this is not the correct or permanent solution. It might seem easy, but this itself could be a reason for attackers to target you again.
This is why ransomware has become a successful business by now. You tend to keep paying attackers which will encourage them more. Also, note that even if you pay the ransom, there is only a 50% chance of getting your data back.
Therefore, Keep the paying option as a last resort and take steps to avoid falling into such traps.
How to defend yourself from Ransomware?
It is quite sad to see that most companies, despite being big or small, have failed to protect the pace that these cybercriminals are developing. Specific precautionary actions can be taken to prevent such attacks.
Here are our 5 golden rules to be protected from ransomware
- Warn co-workers not to download any suspicious file, which is the primary first step that must be taken.
- Patch your servers regularly which are the loopholes that many ransomware hackers take advantage of.
- Backup data following the 3-2-1 rule, which is to have three copies of data, two types of media and one version which should be stored off-site.
- Ransomware generally eyes on Windows OS, and it is always better to lock them because securing all is a complex process.
- You must always test the viability of your backup with test automation.
If the backup system is top-notch, you can quickly recover and avoid any downtime or revenue loss. These attacks are seriously dangerous, and if you haven’t had any experience so far, it is always better to build your line of defense.
V2 Cloud has a solution for you
V2 Cloud’s cloud PC has a way of protecting you from ransomware attacks. It is designed to take a daily snapshot of your data which will then be kept for seven days in an offline location. Thus even if you face a ransomware attack, you can get your system back from the previous day and access your data by simply flipping a switch.
This basically means that V2 Cloud doesn’t keep your company information on employee devices. All the data will be securely saved in the cloud while your employees will have remote access to them. Thus, even though ransomware attacks you, it won’t be able to encrypt your data.
Keep in mind that even if your company is 100% in the cloud, a Desktop as a Service (DaaS) solution like V2 Cloud is the only real protection against ransomwares.
This alone can be a good reason to host your business with us.
Moreover, V2 Cloud has two types of Antivirus plans. With the basic plan, your instances are protected by windows defender while the business plan comes with MalwareBytes Pro. Both the windows defender and MalwareBytes can prevent ransomware attacks. However, in windows defender, you will need to turn on the Ransomware protection option manually.
You must never fund ransomware hackers by simply taking the option of paying the ransom. This leads to a whole new economy for cybercrimes which must not be promoted. There are new variants for malware that you must be aware of as it is evolving so rapidly. Apart from using the V2 Cloud as a solution, there must be trained cybersecurity professionals who should be able to test the defense mechanisms taken by companies to protect against such malicious attacks. It is also important to have a cloud disaster recovery plan that enables the backup and recovery of remote machines on a cloud-based platform.
Since technology is more instilled in our lives, we can’t neglect this critical aspect. After all, prevention is better than cure they say!
Note: This article was originally published on October 10th, 2018 but has been updated to be up to date.