What is ransomware?
Ransomware is a malware designed to prevent users from accessing files in their systems until they pay a ransom. Cybercriminals restrict access to data by encrypting it and only provide a decryption key after receiving payment. Ransomware is designed to spread across target systems and can quickly halt regular company operations.
How Ransomware Works
While each ransomware is different, they all work in three main steps.
First, the ransomware operator gains access to the target system. They can do this in several ways, the most common being phishing emails. Phishing emails use social engineering tactics to make victims open emails, click malicious links, or give personal information to the attacker.
For example, an attacker can send an email attachment that, once opened, installs ransomware on that computer. The attacker could also use personal information collected through phishing to guess the victim’s login credentials to access a computer network remotely. They can then install the malware themselves. Apart from phishing, attackers can exploit known vulnerabilities to attack systems directly.
After the ransomware gets access to the target system, it begins encrypting files. The ransomware doesn’t encrypt files required to operate the system because it must be stable enough to boot up.
Then, when encryption is complete, the ransomware demands a ransom in exchange for the decryption key. This is typically a text file containing the amount of currency or cryptocurrency the victim should pay.
What is Ransomware as a Service (RaaS)?
In the early days of ransomware, cybercriminals wrote their own ransomware code. Now there’s been a shift towards using ransomware as a service (RaaS). In this business model, operators lease out already coded ransomware to affiliates, who then launch it in return for a percentage of the ransom payments. This way, even the affiliates without superior hacking skills can launch a ransomware attack.
This model works the same way as software as a service (SaaS). After RaaS providers develop the malware, they run marketing campaigns and advertisements on the dark web to attract cybercriminals. They even have customer support service to help their customers successfully launch the malware. By eliminating the technical barrier, RaaS has become a top contributor to the rising number of ransomware attacks.
The Effects of Ransomware
There are numerous ways ransomware can impact businesses, but let’s explore some of the primary and most significant impacts.
Loss of Sensitive or Proprietary Data
According to Kroll (who tracks over 40 threat actor extortion websites), nearly 80 percent of ransomware attacks involve data exfiltration. The increase in these numbers can be attributed to cyber attackers using the exfiltrated data to threaten companies to pay the ransom, or else they will publish the data publicly.
Extended Downtime to Regular Operations
Downtime refers to the time during which regular operations in a business are interrupted, and productivity is less than 100 percent.
Recovering from ransomware is costly. Even if companies pay the ransom, they must spend time rebuilding their systems and ensuring all their operations are back online at total capacity.
Financial Losses
The financial damage of ransomware doesn’t just include the ransom payments. It also consists of the collateral damage after the attack, like loss of revenue, the labor costs to rebuild, and legal expenses from clients demanding payments for data loss.
How to Protect Against Ransomware
Ransomware attacks continue to be a massive threat to companies - here are some ways companies can protect themselves against ransomware.
Conduct Routine Data Backups
Data exfiltration is one of the threat factors cyber attackers use. With data backups, you can restore your systems to the state before the ransomware infection. To prevent your backups from being affected by ransomware, store them securely offline and away from the company’s network.
Segment the Company Network
Network segmentation allows the network to be subdivided into sub-networks, allowing different security controls to be applied to each. Segmenting makes it possible to contain ransomware in one subnetwork and minimize the damage if you’re subject to an attack.
Perform Routine Vulnerability Checks
Perform vulnerability checks and patch commonly exploited software to prevent attackers from using them as access points. Vulnerability checks also involve tracking unusual activity in the network traffic to catch potential attacks in the early stages.
Reinforce Good User Account Management
Ensure everyone follows password policies in the company. This means having a minimum number of characters and frequent rotations. The use of multi-factor authentication also minimizes the risk of stolen credentials. Additionally, educating employees on how to identify phishing emails is crucial.
Furthermore, steps should always be taken to properly document, verify, and remove user access to systems, databases, and so on. Implementing the principle of least privilege (PoLP) and multi-factor authentication (MFA) are valuable strategies for ensuring that anyone accessing sensitive and high-impact information is doing so securely — and that they have the permission to access that information in the first place.
Utilize Anti-Ransomware Software
Anti-ransomware software protects against ransomware and removes infection when an attack occurs. This can be implemented on a company-wide level and an individual scale. This is particularly important in today’s work-from-home era.
How to Respond to Ransomware
A company should have an effective response plan during a ransomware attack to remediate the attack quickly. The first step after the attack is to isolate the affected systems. This prevents the ransomware from spreading and infecting other parts of the network. Make sure backups are secure and disconnected from the network, as they will be crucial when restoring operations.
After isolating the affected systems, assess the attack to identify how the attackers gained access to the network, the type of ransomware used, how quickly the infection is spreading, and the extent of the damage. Determining the scope of the attack helps you decide your recovery strategy. You can choose to pay the ransom or employ other recovery options like wiping the affected systems or hiring outside help to assist with recovery. It’s also recommended to report the attack to the appropriate regulatory bodies.
Key Takeaways
Ransomware is a type of malware that prevents users from accessing system files until they pay a ransom
Ransomware is one of the most crippling cybersecurity threats facing companies. Its victims face financial loss, data loss, extended downtime, and reputational damage
Companies must have an effective incident response plan to reduce the impact of a ransomware attack and ensure thorough security practices are implemented, such as managing users properly, backing up data, and testing for vulnerabilities regularly
Fastly helps organizations mitigate ransomware risks by providing secure, high-performance edge cloud solutions that protect web applications and APIs from malicious traffic. With DDoS mitigation, next-gen WAF, bot protection, and real-time observability, Fastly empowers businesses to detect and block threats before they reach critical systems
