What is a ransomware attack and how does it happen?

What is a ransomware attack?

We’re all hearing about the growth in cyber attacks and how its not an “if” but a “when” situation and there’s words banded around all over the place which leads many to ask what is a ransomware attack?

A ransomware attack usually involves cyber criminals gaining access to your data and encrypting it, so that it is blocked until a ransom is paid. Even without paying a ransom, which you should never do, when you look at this at a business level, it can cost millions. Imagine having no access to your work documents and data, being unable to access your systems and software and having no way of regaining access. Businesses rely on their IT infrastructure to function, and it’s gone up in a puff of smoke. Not only that, but the damage to company reputation is irreversible.

Statistics show that this is the fastest growing crime on the planet. You may have seen the recent news articles around Garmin – “Garmin cyber-attack” – there are several public examples, but this is very recent. But how does this happen?

How has cybercrime evolved?

Let me rewind a few years back, to the days when anti-virus programs first came onto the scene. Email was in its early years, therefore not used very often, and computer viruses were transmitted by floppy disks. The threat was still as real as it is today, but at least you stood a chance of catching it. The physical action of putting a floppy disk into a computer, prompted to scan for viruses. Today however, we face a very different threat; like all markets, this one has evolved. Cyber criminals can now take control of your files, photographs, and any other data that’s important to you. They encrypt it, then deny you access until you’ve paid a ransom of their choosing.

Back in the day if you had a virus, your computer might run slower than it did the day before. Today, you’ll know quite clearly if you’ve had a ransomware attack. You will be locked out of your computer and there will be a message on your screens telling you to pay a “fine” or the crime gets worse.

An example of what you might have to pay is £10,000 (in bitcoin, the online currency). If you fail to pay in three days, the figure doubles. Fail to pay within a week and your data is gone. Deleted.

So, how does this happen? How does ransomware get on your device in the first place?

“More than half of infections occur when someone clicks on a dodgy link in an email”

That’s not surprising, given that one in every 3,722 emails in the UK is a phishing scam. And 55% of UK email being spam in general.

What can we do to prevent ransomware attacks?

A very modern problem requires a very modern, multifaceted approach.

First, we need to ensure the backups are good.

Putting in place a great backup solution means that should the worst happen; we can restore the backups to have you back up and running in no time at all. Of course, how fast depends on the backup solution in place; there are all kinds of options for every budget. Our preferred solution would be a Datto Business Continuity Device, which takes snapshots of your physical and virtual server infrastructure at pre-specified intervals throughout the day. These snapshots are verified locally, then copied to Datto’s cloud. Complete recovery from a disaster can typically be completed in under 1 hour.

This way, if you’re ever held to ransom, you can get back up and running without having to pay a cyber criminal to allow you to regain access to your data.

Secondly, we need to re-think the antivirus solution.

Traditionally, antivirus programs have been signature based. This means that your antivirus program is only, as up to date, as the last back up. This is usually every few days, but this is no longer good enough. Modern antivirus programs use next generation Artificial Intelligence (AI), to detect anomalies in your computer. They not only have the benefit of updated signatures every few days, but they also work on the basis they understand how a virus behaves and can spot this activity before it becomes a threat.

For this level of protection, our preferred solution is SonicWall Capture Client. Capture Client uses advanced threat protection techniques, such as machine learning, network sandbox integration, and system rollback to provide the highest level of protection for endpoints and server workloads.

Finally, educate your staff.

We already know that more than half of attacks are caused by someone clicking on a dodgy email link. Educate your staff so that they are more aware and increasingly likely to spot a phishing email when they see one.

But what happens if, despite taking all the precautions, you are still caught out by ransomware? What do you do?

First and foremost, don’t panic and don’t pay the ransom! Do not hesitate to pick up the phone to speak to our consultants about our security and continuity solutions. If you’ve followed our advice and invested in the protection required, getting you back up and running will be fairly straight forward.

If you don’t already have the above precautions in place, give us a call. The solutions we provide can help you stay protected from ransomware and other forms of malware that pose a very real threat that could do serious damage to your business.

Need support with your cyber security?