With many computer viruses and other forms of malware, you may only realise you have them when you scan for them. Some however are more aggressive – and ransomware may be the worst of all. In a ransomware attack, your files and even your entire computer may be locked away behind a password, and ‘held to ransom’ until you give the attacker what they want.

Businesses are increasingly being targeted by ransomware attacks, often with the goal of extorting large sums of money. Protecting against it means changing behaviours and mindsets across your organisation – and considering whether your file storage and backup protocols are up to scratch.

What is ransomware?

Ransomware commonly takes the form of a ‘Trojan’, a file that tricks you into downloading or opening it by pretending to be something else. When you open the file, the ransomware locks away all or part of your computer behind a password. Your files are literally held to ransom: the attacker behind the ransomware will be the only one with the password, and they will try to extort you to regain full access.

The nature of the problem will differ depending on the ransomware involved. Some ransomware simply locks your user account, or frustrates you into complying by making it difficult to use your computer. More sophisticated ransomware will encrypt all of your files, making them all but impossible to recover. Crucially, these attacks can also propagate between systems and across networks, putting everyone’s files at risk.

How does ransomware spread?

Ransomware programs often work as viruses, automatically spreading to connected devices once they have infected a computer. Like most malware, ransomware does not necessarily have to be opened once downloaded in order to activate, and may instead take advantage of a vulnerability in another program to execute its code, forcing that program to open it instead. The ability for ransomware to immediately remove access to your files means it poses an even greater threat than most other forms of malware, and can spread extremely quickly.

Common starting points of ransomware infections include:

• Attachments in phishing emails. These are emails that try to dupe you into downloading a malicious file or following a link to a fake website. The malicious file or a download on the fake website could contain ransomware.
• Removable media left around offices. Devices such as USB sticks may be left in parking lots or office foyers by cybercriminals. Once an unsuspecting staff member picks them up and plugs them into a computer, the ransomware on the device will infect the computer.
• Downloads on malicious sites. Downloads from malicious websites or ads could contain ransomware.
• Social engineering. As no one would install ransomware knowingly, cybercriminals utilise a variety of social engineering techniques to deceive people into installing ransomware. This forms a component of all three of the above tactics.

Why should you be concerned about ransomware?

Any organisation can fall victim to a ransomware attack. In recent years, large-scale ransomware programs such as WannaCry and NotPetya spread to over 150 countries across the world, infecting hundreds of thousands of computers and taking down companies and organisations of all sizes.

A ransomware attack can lead to catastrophic data loss on the computer it infects, as the data on the computer is unlikely to ever be recovered. Ransomware can then spread rapidly through a whole business from a single computer, accessing other devices through a local network, and even making its way to remote servers.

While ransomware attacks vary in severity, no attack is trivial. Even a minor attack could result in an entire office or business being taken out of operation for multiple days, resulting in major financial damage and loss of reputation from customers and partners.

Moreover, there is no guarantee that paying the ransom will grant you access back to your files or system. If you haven’t made a point of regularly backing your files up to systems that are isolated from your network, you could lose critical documents, customer information or other data permanently, opening you up to substantial liabilities.

How to prevent a ransomware attack

Thankfully, a range of common-sense solutions and security measures can be deployed to combat ransomware. However, this may require some training and guidance in order to change embedded attitudes around cybersecurity, and investment in your IT infrastructure.

Ways to prevent a ransomware attack include:

• Install operating system and software updates as soon as they are available. As soon as security vulnerabilities that are used by ransomware to take over computers are discovered, operating system and software vendors release security updates fixing those issues. By installing updates as soon as they are released, you reduce the opportunity for ransomware to make use of unpatched vulnerabilities in your system.
• Run an up-to-date antimalware application. You should always have an antimalware program enabled and running on your computer. Run regular scans to detect any malware, and ensure you keep the antimalware program up-to-date.
• Backup your files and documents.It’s essential to keep a backup of all your important files and documents. This ensures that even if your computer is infected by ransomware, you will not lose any files or documents. You can safely reset your device, and recover your data from your backup. Ensure that your backup is in the cloud or on a separate, secure storage device.
• Only download apps from official app stores. Apps downloaded from non-official application stores or from the web have a far higher chance of being infected with malware including ransomware.

We hope this information gives you a better insight as to what ransomware is, the dangers of ransomware, and how to protect yourself and your business from attacks. To help protect your business from ransomware or for any more information, don’t hesitate to get in touch.