How Ransomware Affects Businesses

Ransomware (a blend of the words ransom and malware), is a type of malware that blocks users from accessing their system. People who are targeted can only regain access after a ransom payment has been made, which is usually set within a tight timeline of 24-48 hours. Ransomware attacks are nothing new – they have been around since the late 1980s when payment was sent through the post. Today, cybercriminals usually expect the ransom to be paid in cryptocurrency or with a credit card.

Why should businesses worry about ransomware?

Cybercriminals tend to target businesses like government institutions or corporations, as they equate them with big payoffs due to the severity of a possible data breach, which could set a business back several million euros1. One such example is the WannaCry ransomware attack that targeted the National Health Service (among others) in May 20172 and is thought to have affected around 70,000 devices such as MRI scanners, blood-storage refrigerators, and computers, leading to patients being turned away from hospitals. It would, however, be wrong to think that small businesses are safe - sometimes they are the first to be targeted as many owners assume ‘it won’t happen to them’ and therefore they don’t have the proper security measures in place, making them easy targets.

The severity of the situation means that it’s imperative that businesses protect themselves from ransomware, as customers would be the opposite of happy to find their data leaked online or to experience delays because the business system is down. This could quickly lead to customers going elsewhere and damaging the company’s reputation.

1) https://www.ibm.com/security/data-breach

2) https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

Man grabs head in frustration while looking at various devices with ransomware written all over them

The different types of ransomware

There are many ways that ransomware finds its way onto a victim’s computer. Phishing emails are common. Phishing is where an email looks so legitimate that the user clicks on it, which then downloads the malware onto their computer. Some types of malware don’t even require the user to slip up – they simply exploit security holes and take over the computer that way. Scareware often presents itself as a pop-up message from security software claiming that malware was discovered and the only way to get rid of it is to pay. Despite the name, this type is usually harmless and the cybercriminals are just bluffing – the files are essentially safe.

Screen-lock ransomware is when a full-sized window appears and completely locks the user out of their computer. The window will state, for example, that authorities have detected suspicious behaviour on the computer (i.e. pornography or illegal file downloads) and the user therefore needs to pay a fine. The user might feel more obliged to pay the ‘fine’ and not report it as they believe they were in the wrong. Encrypting ransomware is the most dangerous type. Once a cybercriminal has got access to the files, no security software or system restore can retrieve them. Many victims panic and pay, but that doesn’t always guarantee that the files will actually be returned.

There is also a type known as doxware or leakware that threatens to publish private photos or videos that have been found on a user’s hard drive, unless the user pays up.

How to prevent a ransomware attack?

Here are the main ways that a business can protect itself against ransomware attacks.

Back up data

Backing up data on an external drive or on the cloud is one of the most effective strategies against attacks. It doesn’t prevent the attack per se, but it means that files can be recovered without having to pay the ransom. After wiping the infected system, scan the backups to ensure they too haven’t been infected, since some ransomware is designed to look for network shares. The Azure Cloud Platform can be used as a backup environment or secondary location for storing business-critical data.

Layered security framework

A cloud backup may enable you to recover lost files and reduce downtime, but it’s not a replacement for proper security. As well as firewalls, additional layers of security are needed to keep ransomware at bay such as encryption, MFA (multi-factor authentication) and endpoint protection to name a few. Layering up is more effective than a single-solution approach that could possibly leave loopholes. Most importantly, this security software must not be outdated or obsolete otherwise it is useless against detecting and preventing ransomware. Microsoft 365 is a great solution that ALSO partners can offer to businesses as a safeguard measure. It combines a whole host of security tools in one, ensuring business have the most up-to-date security.

Train employees to be more attentive

Educate employees on ransomware and what to look out for, so they are less likely to fall into a trap. Regular workshops are a good idea. Topics could include how to detect ransomware, the importance of strong passwords and why they should be changed on a regular basis.

How to remove ransomware

The golden rule is to NEVER pay the ransom. This only encourages cybercriminals to continue developing ransomware and scamming others because they have been successful. Here are some ways to remove ransomware.

  • Free decryptors: It may be possible to retrieve some encrypted files by using free decryptors. The right decryptor has to be used otherwise there is the risk of further encrypting the files.
  • Remediation: Another option is to download a security product known for remediation and run a scan to remove the threat. The files may not necessarily be restored, but at least the ransomware is gone.
  • Full system restore: A full system restore may be needed if screen-locking ransomware has taken over. If this doesn’t work, running a scan from a bootable CD or USB drive can help.