With so many ransomware attacks in the news, it’s important to understand how ransomware attacks put your business in danger. After watching the UK’s National Health Service shut down due to WannaCry, business owners need to understand what ransomware attacks are and how to protect against them.
What is malware?
Most people know malware as a “virus” or “worm.” This malicious code can be embedded into a document, spreadsheet, file, or email that, when opened, infects the computer. Malware usually targets a type of operating system or application, such as Windows.
Once malware is in a system, it can take a variety of actions including changing or deleting files, engaging in a DDoS attack, stealing passwords, or extracting sensitive data that results in a breach.
What is ransomware?
Ransomware is a type of malware that holds your information hostage. When ransomware infects your system, it prevents or limits you from accessing your system and data by locking your screen and demanding ransom.
More recently, ransomware has started using powerful encryption to lock files and systems making it difficult to bypass. This type of ransomware is called crypto-ransomware. Once the files are encrypted, the malicious attacker requires you to pay money to an online account before giving back the information.
What is encryption?
Encryption is the act of taking information and turning it into code. Ransomware that uses encryption is referred to as crypto-ransomware because it relies on cryptography.
Cryptography is the science of keeping information a secret. For example, during the Revolutionary War, lime juice, and other acidic liquids were used as invisible ink that could only be read when heat was applied to the paper. When it comes to computers, information transmits digitally as undecipherable 0’s and 1’s, then turned back into letters and numbers once it arrives at the intended recipient.
How do you get attacked?
Ransomware often uses phishing campaigns to get onto computers. These emails look legitimate so you or your employees open them. The email directs you to click on an attachment, but that file is really the ransomware code that infects your computer.
In other cases, the ransomware may be downloaded from an infected website. Downloads often occur without any user knowledge because it can be difficult to figure out what sites are infected. For example, web-based social media instant messaging applications are one way that ransomware spreads.
How does ransomware spread?
Prior to networking, problems like ransomware were contained to a single, infected computer. However, with computers linked through a network, one infected computer can spread the infection across the rest of your organization.
Once the first computer is compromised, the ransomware will scan the network to use pathways such as shared folders or vulnerabilities in outdated software to quickly spread across the network. As more computers become infected, the faster it will spread.
What are some well-known ransomware attacks?
Although this ransomware attack occurred in 2013, it was one of the first damaging ransomware attacks and paved the way for the current growth of these types of attacks. Cryptolocker grossed hackers up to $30 million in ransom.
In June 2017, this ransomware attack shut down the Ukraine’s national bank, state power company, and Kiev’s largest airport. Unlike other ransomware that encrypt files, this one prevented computers from booting up which meant users couldn’t retrieve stored data or use their devices.
Like GoldenEye, this one also targets whole systems. It uses code to cause an error screen which then infects the system. This then attacks the system so that you can’t restart your computer, thus losing all data and device access. The Petya attack cost shipping company Maersk $300 million.
Crysis differed from the others because it encrypted “shadow copies” of files as well. Shadow copies are the automatic backup files in Microsoft Windows that allow you to recover data. By encrypting these files, the ransomware prevented many computers from restoring files from backups. Crysis also targeted the cloud computing platform VMware.
This is a new type of ransomware that is offered as “ransomware-as-a-service.” In other words, people can purchase and use the ransomware software without needing to be a computer expert or coder themselves. Once Cerber infects the PC, a fake pop-up offers a notice followed by an automatic system reboot. With only a .3% response rate, Cerber earned $2.3 million.
What is the cost of ransomware attack?
Ransomware attacks cost more than just the ransom. A report from June 2017 shared that 22% of business with less than 1,000 employees were hit with a ransomware attack. The business stoppage led to 15% lost revenue. The average lost income for each ransomware incident? $100,000 in downtime. 17% of those businesses, or 1 out of every 6, lost twenty-five hours or more.
How Todyl Helps
Most ransomware attacks put your business at risk by using multiple entry points. They use web applications, social networking sites, and email to lure or trick employees into downloading the software.
Protecting your company means using multi-layered security. A firewall alone or anti-virus alone is not enough to keep out intruders. Todyl offers a variety of layers to help protect your organization.
A Domain Name System (DNS) changes the words people use to access websites, for example www.todyl.com, into a series of numbers known as IP addresses, for example 18.104.22.168. Computers and networks use these IP addresses to communicate with each other, similar to how mail gets sent to your house via a street address. The problem is, a DNS automatically redirects users to the website even if the website is malicious or fraudulent.
You need to protect your organization and block before malware before it can get to your network and devices. One of Todyl's multiple layers of protection is a secure DNS that blocks access to dangerous websites before they are translated to IP addresses, keeping your network and devices secure.
Advanced Firewall and Malware Interception
Firewalls block intruders from coming in. Malware interception scans attachments before they’re downloaded. With Todyl, the malware interception happens in the cloud so the attachments won’t even make it to employee workstations.