What is ransomware? | Ransomware Meaning

What is ransomware?

Ransomware can cause major financial damage but also disrupt your IT infrastructure. In this article, you can read everything about ransomware and how you can arm your company against it.

You often hear the word in films and series in which a kidnapping or hijacking takes place. You get something or someone back in exchange for money. In the case of ransomware, this is a digital scenario. When your company network is hit by ransomware, the computer systems within your company are held hostage by hackers. To make your files accessible again, the hackers ask you to pay a ransom. Another word for ransomware is ransomware.

Ransomware is a type of malware. Malware is malicious software that tries to interfere with a digital device. For example, it tries to get hold of sensitive information in the background or open a port in the device. When this port is opened, cybercriminals can access your device without you realizing it. Malware is spread over the network. This malware can disrupt your entire business process.

You must be well prepared for an imminent situation, such as a ransomware attack. Employees need to be aware of their responsibilities so that they can take the appropriate steps if the company is a victim of ransomware. In addition, it may be the case that you have taken out insurance in case you become a victim, or that you have made clear agreements with an IT partner.

Are you or is your organization a target for ransomware?

Almost any system can be infected with ransomware. It is therefore important that the software on a device is up-to-date. When you or your organization is running an outdated version of Windows or antivirus software, you are an easier target, the so-called low-hanging fruit for a hacker. This is because ransomware exploits security vulnerabilities.

Both large and small companies can fall victim to ransomware. Large companies are often the target because there is a lot to gain. In recent years we have seen a clear shift to smaller companies because they often have less well-organized IT infrastructure. In general, more and more large companies have pretty much boarded up, employ a CISO (Chief Information Security Officer) and set up an entire department for cyber.

Who is the target?

Ideally, the makers of a ransomware virus want the virus to end up at companies where a lot of money can be made. Unlike private individuals, companies often have more to offer, but government agencies or healthcare institutions are also wanted, victims. This includes large amounts of personal data or financial reports. Private individuals can also be valuable to cybercriminals. For example, there may be photos or videos on your devices that shouldn’t fall into the wrong hands.

How big is the threat of ransomware?

Ransomware can cause major damage. By encrypting the data on different devices, the entire business must be brought to a standstill. For example, you can no longer access important invoices or the payroll. As a result, payment arrears arise and employees can no longer be paid.

If you have a webshop, no more orders can be placed. In addition, customers and relations can lose trust in your company because they are afraid that their data has also been stolen. Or how about a logistics company that no longer knows what the schedule is for the trucks to be driven that morning? Not to mention your reputational damage. Drama quickly looms.

How are you affected by ransomware?

Ransomware can end up on a device in several ways. Cybercriminals are getting smarter, working together better, and finding new ways to spread the malware.

The most common ways ransomware spreads:

• Distribution via a file.
• Distribution via Software Leaks.
• Dissemination through advertisements or links on a website.

When a system is infected, this system will help spread the ransomware. For example, messages with malicious files are sent from your e-mail address, without you realizing it. The ransomware can also spread within your internal network.

Social engineering

Spreading ransomware via email or social media is what we call social engineering. For example, when a company is infected with ransomware, emails are sent to customers containing malicious files called, for example, “invoice” or “proof of payment.” As you may have guessed, these are pseudonyms. Without realizing it, you opened the wrong file and downloaded ransomware. It is a devious way of distribution because it makes customers curious. For example, they are afraid that someone has hacked their account, so they would like to know what exactly is in the file

Malvertising

Another way of spreading is malvertising. In this case, the ransomware gets to your device through malicious advertisements. You can think of pop-ups on erotic websites, but also advertisements on YouTube, for example.

Exploit Kits

A device can also be infected by previously installed software. This includes illegal downloads of films and series. Some websites abuse outdated web browsers and software. When you are active on that website, the software is downloaded and installed without your knowledge.

What are the characteristics of ransomware?

Ransomware is easy to spot.

Ransomware features at a glance:

• The virus locks your files making them inaccessible
• To unlock your files, cryptocurrency (e.g. Bitcoin) or a ransom is often demanded
• Pop-ups appear on your screen with the threat that your files will be deleted
• A timer will appear on your screen to increase the pressure
• Computer is unusable
• The computer gets infected through downloads, websites, or apps

Why is it so popular among cyber criminals?

Ransomware makes it easy for criminals to make money. It takes little time and work, and the chances of them getting caught are small. This is because these internet criminals are often part of organized gangs from China or Russia. They only spread the malware in the west and do not attack their own country.

When the police detect an internet criminal who spreads ransomware, it is often difficult to catch this person. This is because they are active from the west. Local governments of these countries often do nothing against these gangs.

Ransomware that left a big impact

To give you a better idea of ​​the damage that ransomware can do, we explain a number of major attacks.

WannaCry
WannaCry has made many victims. The malware has damaged more than 10,000 businesses and more than 200,000 individuals across 150 countries. The malware infects computers through a leak in Windows. When the ransomware was defeated, there were over 1,000,000 victims.

Petya
Petya was active in Ukraine. That’s where it made 90% of its victims. In addition to Ukraine, the malware has also been active in the US, Lithuania, Brazil, Belgium, Russia and Belarus.

Locky
The name Locky may sound cute, but the malware certainly wasn’t. Locky went all over the world via email. Victims received a message about an order or invoice. After downloading a Word document you were instructed to enable macros. At this point, the malware was installed.

Cerber
Cerber is a so-called toolkit that can be downloaded and distributed by anyone. Users can send emails with files to make victims. The malware works even when someone is offline. Cerber can block and thus hostage more than 400 different file types.

Covid-19 ransomware
Criminals took advantage of the panic during the Covid 19 outbreak. For example, the fear was acted upon by spreading dangerous e-mails about health. For example, think of information about vaccinations. Hospitals were also infected, the pressure on care made them easy victims.

How does ransomware extortion work?

Ransomware extortion can be divided into 4 levels. These levels can greatly increase the pressure on the victim.

Level 1 | single extortion

At this level, the data and files are locked. You must make a payment to regain access.

Level 2 | double extortion
This level is a lot more annoying. In addition to encrypting data and files, the criminals also threaten to make the data public if you do not pay. This can have major consequences for your company.

Level 3 | triple attack
At this level, in addition to taking the data hostage and threatening to make the data public, a DDos attack is also carried out. For example, the servers of your company or website are inaccessible for employees and customers.

Level 4 | quadruple attack
In a quadruple ransomware attack, the data is held hostage and customers and partners are notified. The hackers inform customers and partners that their data will be made public if they do not pay the requested amount of money. This puts enormous pressure on your company.

This is how cybercriminals work with ransomware attacks

Cybercriminals carry out targeted and untargeted attacks. In untargeted attacks, social engineering or malvertising is often used. Dangerous advertisements are placed on websites, or emails are sent with a dangerous attachment. They often got their hands on these e-mail addresses through a data breach.

Targeted attacks are often done by highly organized gangs. For example, they look at a company’s revenue to see how much the company has to spend. For example, they send emails to company employees, in these emails there is an attachment that contains the ransomware.

A ransomware attack described in steps:

• The cyber criminals gain access to the network through phishing, poor security or a leak in the network.
• They explore the network and try to get more and more rights.
• The criminals infect the system with ransomware and other types of malware. They try to get their hands on sensitive information and backups.
• When they have enough information in their hands, they strike and shut down the network. This process can sometimes take weeks to months.
• Negotiations with the company are started, the data will become available again after paying crypto coins.

Limit damage with a backup

Cybercriminals love an online backup. When you are hit by ransomware, this backup is also held, hostage. It is therefore wise to keep these backups offline, or via another network. In this way, it becomes more difficult for internet criminals to hijack this data. In addition, it is wise to store all data on an external hard drive.

Disconnect from the network to protect other computers. Ransomware often spreads throughout the internal network. You can protect the other computers on the network by disabling the network connection. You can do this via the computer itself, or by removing the network cable, for example.

Restore files

To recover your company’s files, the easiest option is to pay the requested amount of money. Think carefully about this. Business interruption could have fatal consequences for a company, causing you to decide to pay. You can also contact an IT specialist, who will remove the ransomware and restore files from a backup.

Do you also want to better protect your company against ransomware? You can with Guardey. Sign up now for the free 14-day trial!