Ransomware and How It Works

Ransomware: it’s something you hear about, but never expect it to happen to you – until it does. If your computer was infected today, would you be prepared? Would your business? Although something that could be very serious could easily be made a minor inconvenience with the right preparation.

Ransomware has impacted closer to home recently, with Huntsville City Schools getting attacked in 2020, locking down the entire district for over a week.  If they had been more prepared, could it have been a faster turnaround, or even resisted entirely? Companies should do everything they can to prevent ransomware attacks as it is often a PR nightmare.

Ransomware is a form of malware that is downloaded to your computer that, once active, will lock your entire system down. Typically, either the computer will shut down with a warning that your computer has been compromised and to call the support number listed to get your computer unlocked, or you will find that all of your files have been encrypted. Once the user calls this number, they will then end up on the line with someone that will convince you to send them money for them to unlock and recover your data. With a user that is unprepared for this issue they have two options: Pay whatever the scammer is asking for and hope they give you your computer back, or wipe your system and lose all your data.

If your business is compromised with a ransomware attack immediately upon recognition shut down the infected machine and contact us.  IT support will then need to take the infected computer or computers off the network to begin to rid the computer of the infected files, releasing the computer from its locked-down state. If attempts of ridding the computer of the ransomware fail, the next available option will be to wipe the entire computer, removing all files from the computer although removing all your files also removing the ransomware files. If you and your IT company were prepared, they would have an offsite backup they could quickly download your data back to your computer.

There are many things to do to insure you are prepared for a ransomware attack, starting with making sure you have active anti-virus. There are many brands of anti-virus but only a few that we would suggest: AVG, Avast or Bitdefender.  Once you have your anti-virus taken care of, the next step to protect yourself would be to run routine backups of your local computer. The best idea is to backup to something offsite in case your entire network is compromised. Once your computer is compromised, if you have a backup, you can simply wipe your entire computer and download everything using your backup. You can also go a step further by running specialized programs that scan individual computers explicitly looking for ransomware files.

This year, in addition, we have partnered with Huntress to deploy software that specifically looks for ransomware.  This platform has two defenses:
First, it actively scans for malware and pieces of code that appear to be subverting or manipulating other files or computer systems.  On finding suspicious activity, rather than only relying on a database of known code to refer to, if Huntress detects suspicious activity, it will open a ticket with their techs and have a specialist review the findings, who can then either clear the flag or alert us that the computer needs addressing.
Second, it places ‘canary’ files on all computers it’s actively monitoring; when these files are modified or encrypted, as would be the case with a ransomware attack, Huntress immediately kicks the computer off of the network, limiting the spread of ransomware.  This allows the individual computer to be addressed, preventing it from spreading further throughout the network.

Time for the Facts:

According to CyberSecurity Ventures there will be a ransomware attack every 11 seconds somewhere around the world. Ransomware is very damaging to an unprepared person or business, potentially costing the business a large amount of money. Leaders in the Cyber security world expect damages to exceed 20 billion this year (2022) according to CyberSecurity Ventures. Statista suggests that over 2/3 of all ransomware attacks were carried out through phishing emails. Stanford University suggests that the average reported ransom amount was about $530.

If you run a business, ask us for help insuring you are protected from ransomware!

Leave a Reply