Blog

We are passionate about the work we do, which is why we regularly research and update our blog with original content to keep you updated with industry news.

Ransomware- All You Need To Know

Date Tuesday, 15 September 2020 Wiktoria Niedbala , In: Technical

Ransomware- All You Need To Know

Ransomware is malicious software designed to infect your computer, and once it has done so, you will receive demands, often in the form of messages displayed on your computer threatening to publish private data or promising you access to your computer and systems in exchange for a fee. There are two main types of ransomware: crypto-ransomware and locker ransomware. 

In 2020, we have seen an increase in ransomware attacks, with hackers targeting municipal governments, universities and private businesses, which has resulted in the loss of more than £120 million. Often these hackers threaten to make the stolen data public1, use the data to attack victims’ clients and/or disrupt business operations. 

Ransomware Infections

The most popular ransomware examples are Locky, Wannacry, Ryuk, CryptoLocker and Petya. They have explored software vulnerabilities, insecure websites, restoring options and more. The vast majority of ransomware attacks happen via email. These emails often appear to be legitimate and invite you to click links or download an attachment, and once clicked or downloaded, malicious software will infiltrate your device.

Crypto-malware attackers continue to use topical events to lure users into downloading a ransomware payload. COVID-19 is no different. Attempts to stay safe during the pandemic have been exploited to encrypt files on their devices. These attacks have even been carried out on hospitals.

In recent years, ransomware gangs have started working together, exchanging tactics and information2. By working as a team, hackers using ransomware can conduct more coordinated and evasive attack campaigns.

Ransomware Mitigation Measures

Data Backups

Data backups have helped organisations avoid a number of ransomware attacks over the past few years3. By backing up their data, victims were able to object to the attackers’ demands and recover their data without having to settle a ransom.

It is advisable to create offline backups that are kept separate from your network and systems, or in a cloud service designed for this purpose, as ransomware actively targets backups to increase the probability of payment. However, having your data backed up will not prevent attackers from using the stolen data to blackmail you. In fact, as a form of punishment for not meeting the attackers’ demands, hackers will often publish/ leak sensitive data4.

Reducing the Probability of Infection

There are several ways you can reduce the probability of being infected by a ransomware attack, for example:

  • Filtering to allow only file types that you would expect to receive
  • Blocking websites that are known to contain malicious content
  • Using signatures to block known malicious code
  • Regularly inspecting content
  • Mail filtering
  • Using a secure VPN
  • Keeping software updated

Preventing Ransomware from Running on Your Device

The measures you can take to protect your data from attackers depends on the type of device you are using and its operating system. In general, organisations should:

  • Centrally manage devices to only permit trusted and approved applications to run on devices
  • Provide security education and awareness training to employees
  • Protect systems from malicious Microsoft Office macros 
  • Disable auto-run for mounted media
  • Install security updates

How to Respond to a Ransomware Attack 

If you have fallen victim to an attack, make sure you:

  • Disconnect the infected device from all network connections as soon as possible, whether wired, wireless or a mobile phone, to prevent the malware from spreading
  • Immediately reset passwords
  • Wipe the infected device and reinstall the OS
  • Monitor network traffic and run antivirus scans to identify if any infection remains
  • Seek professional advice. If you have an internal IT support team they should be able to help manage the effects of the attack and put measures in place to prevent any future breaches. However, if you need to outsource IT and security support, we can help at Blue Frontier.

Since cyber-criminals are growing in experience and developing new ways to infiltrate systems and devices, it can be difficult to completely protect your organisation against ransomware without specialist support. You can put up a strong defence by adopting a full-spectrum security approach, including risk assessments, analysis and testing. This way you can reduce the likelihood of a ransomware attack and/or decrease its effects. To find out more about cyber security and how we can assist your business, please contact Blue Frontier

1 Abrams, L. (2020). Netwalker ransomware hits Pakistan's largest private power utility. [online] BleepingComputer. Available at: https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/ [Accessed 15 Sep. 2020]

2 Abrams, L. (2020). Ransomware gangs team up to form extortion cartel [online] BleepingComputer. Available at: https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/ [Accessed 15 Sep 2020]

3 Bisson, D. (2020). 6 Ransomware Trends You Should Watch for in 2020 [online] SecurityIntelligence. Available at: https://securityintelligence.com/articles/6-ransomware-trends-2020/ [Accessed 15 Sep 2020] 

4 Cimpanu, C. (2020). Here's a list of all the ransomware gangs who will steal and leak your data if you don't pay [online] ZDNet. Available at: https://www.zdnet.com/article/heres-a-list-of-all-the-ransomware-gangs-who-will-steal-and-leak-your-data-if-you-dont-pay/ [Accessed 15 Sep 2020]

Wiktoria Niedbala

Wiktoria Niedbala

Digital Marketing Executive

Wiktoria lives to create, she is a marketing postgraduate who loves social media and content creation. Customer satisfaction and driving engagement is at the heart of her work. She has worked with different clients including fintechs, affiliate marketing agencies and NGOs for over 3 years to grow their brands, as well as provide them with original and creative content. Since joining Blue Frontier, Tori has focused on content creation and social media marketing.

  • Blue Frontier are accredited with Cyber Essentials Plus
  • Blue Frontier are a Silver Microsoft Partner
  • Blue Frontier is a Google Partner
  • Blue Frontier is a G-Cloud Supplier
  • ISO 27001 ISO 27001
  • ISO 9001 ISO 9001
  • ISO 13485 ISO 13485
  • ISO 14001 ISO 14001