Ransomware Basics: Know Your Enemy

Jason Reid general

Ransomware Basics

Understanding ransomware basics will help you to stay safe from attack. There are many varieties of ransomware, and they can infect your business in a number of ways.

It may be a new year, but ransomware attacks aren’t going away any time soon. In a previous blog post, we showed you how to calculate the cost of downtime resulting from ransomware attacks. Ransomware attacks have the ability to cause significant financial, operational, and reputational damage to your business. To protect yourself effectively, you need to know your enemy. In this series of three blog posts, we’re going to take you through some ransomware basics that will help you understand the risk and how to deal with it.

We’ll start by running through some of the main types of ransomware, along with the ways that your business could become infected.

Types of Ransomware

Ransomware Basics Types of Ransomware

There are already several types of ransomware, and more variations are being developed all the time. Here are some of the main ransomware types that you will come across: –

  • CryptoLocker was the first of the new generation of ransomware viruses. Between 2013 and 2014 it established the template for ransomware attacks to come, encrypting files and demanding a ransom to deliver a decryption key.
  • CryptoWall took CryptoLocker’s place as the go-to ransomware for cybercriminals in 2014. It is more sophisticated than CryptoLocker, making it a more compelling threat to businesses.
  • Locky, a recent ransomware strain, changes your file extensions to ‘.locky’, and encrypts the affected files. A decryption key can be purchased (often from the dark web) in order to make the files available again.
  • Ransom32 gives almost anyone the ability to launch a ransomware attack. It operates as a ransomware-as-a-service platform, and requires much less technical ability to deploy than other ransomware forms.
  • CTB-Locker is a form of ransomware that is ‘outsourced’ to third parties, who use the technology to infect and exploit money from victims. The third parties then share the profits with CTB-Locker’s developers.

Of course, there are many more forms of ransomware out in the wild. Even before CrytoLocker came to prominence, ransomware has been seen by cybercriminals as a key means by which to monetise cyber-attacks. But how are the various types of ransomware able to infect businesses?

How a Business Becomes Infected

Ransomware Basics: Trends

An important element of your business’s ransomware basics is understanding how you can become infected. There are three primary methods that cybercriminals utilise to infect businesses with ransomware: –

  • Phishing Emails. Ransomware is primarily distributed by cybercriminals through phishing emails. Phishing emails are designed to mimic legitimate emails, lulling victims into a false sense of security. For example, a cybercriminal will send a ransomware package disguised as a PDF attachment; this could take the form of a fake supplier invoice to a user in your business’s finance department. When your user opens what they think is the invoice, a ransomware payload is delivered.
  • Drive-By-Download. Many users unknowingly download ransomware by visiting infected websites. Compromised websites can be loaded with exploit kits, which check the user’s computer for vulnerabilities such as an old version of a web browser or an unpatched Adobe Flash Player. If a vulnerability is found, it is exploited in order to infect the target computer with ransomware.
  • Free Software. Illicit free versions of costly software can come loaded with ransomware. Individuals often search for free software as they do not want to pay for an officially licensed version, and this is exploited by cybercriminals. As a rule, you should never download free versions of software such as Adobe Photoshop and AutoCAD – it is illegal, and it can end up becoming a costly error if you download ransomware as a result.

Ransomware Basics: Know Your Enemy

In the constant battle between businesses and cybercriminals, it can sometimes feel like we’re fighting against the odds. However, by educating yourself and learning cybersecurity basics you can significantly reduce the risk of your business suffering damage as a result of a ransomware attack.

In the coming weeks we’ll publish more ransomware basics blog posts, which will provide you with the knowledge to put effective protection in place. Contact us if you’d like to discuss your preparedness for a ransomware attack in more detail.