Fighting ransomware attacks 101: Definition, methods, and more

A ransomware attack is a type of cyber-attack in which malware is used to block access to computer files, systems, or networks until a sum of money is paid. Current research shows that 9 out of 10 businesses have suffered a ransomware attack within the past 12 months alone. In this guide on ransomware attacks, we cover their history, how they work, and ways to avoid and remove them.

 

The latest research shows that 90% of businesses have suffered a ransomware attack within the last year alone. Considering that this number stood at 72.5% in 2021, it seems ransomware attacks have reached an alarming high. Verizon's 2022 Data Breach Investigations Report reveals a 13% increase in data breaches caused by ransomware, which is more than the total of the past five years combined. Hurting companies' profits by bringing their operations to a standstill while also demanding a ransom, ransomware attacks are an increasingly dangerous threat to businesses of all kinds and sizes, especially given the advanced technologies cyber-attackers have access to.

 

What are ransomware attacks? A brief history of ransomware attacks

Ransomware is a type of malware that blocks access to computer files, systems, or networks until a sum of money is paid. A ransomware attack is a type of cyber-attack in which ransomware is used to target businesses or individuals. Ransomware, which has evolved over the years, encrypts files on an electronic device or network, rendering them inaccessible. Using the ransomware method, cyber-attackers target companies or individuals whose systems they infiltrate. Then they threaten to make public, or sell, the data they steal – unless their ransom demand is met. Meanwhile, the encryption of data can render businesses unserviceable for an indefinite period. For example, in a cyber-attack on the Memorial Health System in Ohio in 2021, the hospital was forced to suspend its emergency department and transport its patients to other hospitals.

 

Looking at the history of ransomware, the first-ever reported ransomware attack was the AIDS Trojan, released via floppy disk in 1989. Also known as the PC Cyborg Virus, this malware displayed a message demanding payment of $189, blocking access to systems until payment was made.

 

Historically speaking, ransomware attacks were given momentum by the emergence of cryptocurrency, which initially appeared with Bitcoin in 2010. Hackers started to demand payment in crypto, which was ideal due to its decentralized and untraceable nature. After the emergence of cryptocurrency, the era of eCrime began in earnest. After a striking increase in the number of ransomware attacks, CryptoLocker ransomware was posted online in 2013. A study conducted by the blockchain data platform Chainalysis found that average ransomware payments increased five-fold in the period from 2019 to 2021. The report also showed that, since 2018, there has been a notable uptick in ransomware attacks in which payment in crypto is demanded.

 

How does a ransomware attack work?

In ransomware attacks, cyber-attackers focus primarily on infecting the victim's device with malware. Hackers can use the following methods to infect a device:

 

Malspam (Malicious spam): This is a method whereby emails containing malicious attachments are forwarded to a large number of people. These files may look like PDFs or Word documents.

Malvertising (Malicious advertisements): This is a method by which malicious software is distributed through online advertisements. Malicious files are usually transmitted through an infected iframe or an invisible website.

Spear phishing: Ransomware may also be delivered to victims through phishing attacks. For example, a victim may receive a forwarded email in which the CEO of the company he works for asks him to fill out a survey in the attachment – which actually contains malware.

Social engineering: All the methods mentioned above may employ a degree of social engineering, which aims to manipulate human weakness and elicit fear and anxiety in the victim.

 

The most common forms of ransomware include viruses that lock screens, scam pop-ups, and malware that encrypts data.

 

How can ransomware attacks be prevented? Preventing ransomware attacks

To protect against ransomware attacks, the first course of action is to develop security protocols to be followed at the enterprise level in the event of such an attack, and to understand the risks associated with attacks of this nature. The following steps are recommended to provide basic protection from malware, especially ransomware.

 

  • Keep your operating system, software, and network security solutions up-to-date, so as to ensure that all security vulnerabilities are addressed.
  • Do not open unknown email attachments and inform the relevant unit of your company when you see such files.
  • Use security solutions such as antivirus, antispyware and antimalware. Use cloud-based solutions to ensure optimal network security.
  • Back up your files frequently in order to minimize the impact of a potential attack.
  • Be sure to use an air-gapped server or storage device when making your backups.
  • Store your system backups in the cloud system of a trusted provider.
  • Take precautions against all possible threats by using advanced firewall software.
  • Use advanced end-to-end cybersecurity solutions designed by Timus Networks for businesses of all kinds and sizes. These include Secure Access Service Edge (SASE), which allows companies to manage – from a single platform – the latest cybersecurity technologies, such as Zero Trust Network Access (ZTNA), AI-Driven Secure Web Gateway, Dynamic Firewall, and Secure Remote Access.

Ransomware’s Impact on Business

The Chainalysis report shows that the average ransom demanded in a ransomware attack has increased from $25,000 in 2009 to $118,000 in 2021. A recent study, entitled The State of Ransomware, found that businesses paid $1 million or more in ransoms last year. But the cost of ransomware attacks isn’t limited to the ransom alone. Another study on the same subject found that ransom payments accounted for roughly 15% of total losses incurred by ransomware attacks, with the remainder going towards legal fees, system restoration, monitoring costs, and costs associated with business disruption.

 

How can I remove ransomware? Should I pay the ransom?

When a company computer is exposed to ransomware, the first thing to do is remove the relevant device, along with any others suspected of having been compromised. If possible, infected computers or devices that have been disconnected should be scanned with professional anti-malware software before the ransom malware is removed. If data is backed up, the device’s operating system should be installed from scratch – don’t reconnect the device to the network without first ensuring that it is malware-free. Depending on the extent of the attack, it is also recommended that victims contact relevant law-enforcement agencies and inform them about the ransom demanded. Victims should never communicate with the hackers without first informing the relevant authorities.

 

Frequently Asked Questions

What is a ransomware attack?

In a nutshell, ransomware attacks are a type of cyber-attack in which malicious software is used to block access to a computer, device or network; encrypt data; and coerce cash payments from targeted businesses.

 

How does ransomware infiltrate networks?

Ransomware is typically transmitted through malicious email attachments, advertisements, or websites that automatically trigger the download of malicious software. It can also be transmitted via external hard drives.

 

What happens if you agree to pay the ransom?

Many cyber-security professionals believe that paying a ransom is not a solution. An estimated 80% of companies that agreed to pay ransoms were attacked again, and were asked to pay even higher ransoms the second time.

How does one deal with the threat of ransomware?

In order to minimize the risk of ransomware, certain practices should be adopted, such as keeping applications and operating systems up-to-date; using email solutions; ensuring network and system security; and raising awareness about cybersecurity within the enterprise.


How can a business recover from an attack?

To prevent ransomware from spreading to other computers and devices within an organization, infected devices should be disconnected from the network and internet, password information should be reset, operating systems should be reinstalled, and network traffic should be closely monitored.

 

What are the best-known examples of ransomware?

Along with PC Cyborg and CryptoLocker, the best-known examples of ransomware include TeslaCrypt, Petya, WannaCry, SamSam and Ryuk. The WannaCry attack, which began in 2017, is regarded as one of the most devastating ransomware attacks in history, having caused a whopping $4 billion in losses globally.