How ransomware works
Ransomware can make its way onto a system through a variety of means, with the victim ultimately downloading and installing a malicious application. Once on the device, the app will spread throughout the system and encrypt files on the hard drive and network or simply lock the system itself. In some cases, it may block access to the system by displaying images or a message across the device’s screen to persuade the user to pay the malware operator a ransom for the encryption key to unlock the files or system. Bitcoins are a popular form of ransomware payment because the digital currency is difficult to trace.
One of the most common distribution methods of ransomware is phishing emails. These types of emails attempt to entice recipients to open an email and click on a website link. The site may ask for sensitive information or contain malware, such as ransomware, that is downloaded onto the victim’s system.
Another popular form for distributing ransomware is “malvertising,” or malicious advertising, which uses online advertisements to spread ransomware. The attacker infiltrates advertising networks, sometimes posing as a fake advertiser or agency, and inserts malware-laden ads into legitimate websites. Unsuspecting visitors to the sites don’t even need to click on the advertisement for their system to become infected.
Exploitation of unpatched systems and applications
Many attacks are based on known vulnerabilities in operating systems, browsers and common apps. Cybercriminals are able to exploit these vulnerabilities to launch their ransomware attacks against systems that are not up to date with the latest software patches.
External devices, such as USB drives, which are used to store and transfer files — are prime targets for spreading ransomware across multiple systems. Some of these files contain an advanced feature known as macros that can be used by hackers to execute ransomware when the file is opened. Microsoft Word, Excel and PowerPoint are key targets due to their popularity, although Microsoft has taken some steps to tighten security for this threat in Office 2016.
What can I do?
The best way to defend computer networks is to have multiple levels of security. Good practices include:
- Fileserver security patching – if your server is actively monitored by us, this should already be done. If you maintain your fileservers in-house, it is critical that these are patched as soon as possible and kept current with the latest security updates.
- PC security patching – all computers and laptops should be fully up-to-date with the latest security patches.
- Effective anti-virus and anti-spam software.
- Appropriate internal network security levels.
- Secure, network firewall
- Good, tested backups which are done regularly.
- Always keep a backup off-site, following the 3-2-1 rule. Read more about this here >
- Download and install all Windows Updates as soon as they are released.
- Remind staff not to open unexpected email attachments.
- Use the internet safely.