The Complete Guide to Ransomware Attack Prevention
What is a Ransomware Attack?
Ransomware is a form of malware that prevents users and organisations from accessing files and data on their devices until they’ve paid a ransom. Once the ransom is paid, the cybercriminal promises to give the victim what they need to regain access to their devices. Oftentimes, the attacker will provide the victim with a decryption key depending on the type of ransomware attack.
It's important to note that cybercriminals cannot be trusted and do not always follow through with their promise to give back access. They may also strike again with a follow-on attack, if they know an organisation is willing to pay a ransom.
Cybercriminals may also sell the sensitive data that was accessed on the dark web, even if the demanded ransom was paid. Ransomware attacks can result in substantial financial damage to businesses and have left many organisations from startups to major enterprises in dire conditions or shut them down altogether.
How Do Ransomware Attacks Work?
Ransomware can infect devices in several ways, depending on the threat actor behind the attack.
Phishing
Phishing is a sophisticated social engineering attack that aims to persuade a victim into revealing sensitive information. Ransomware attacks commonly work by getting the targeted victim to unintentionally download malware through phishing emails. Without proper security tools and employee training on how to identify phishing emails, employees can disrupt their entire company with one click.
When an employee clicks on a link or attachment in a phishing email that contains ransomware, it slowly infects the employee’s device without them noticing. The ransomware can then spread through the connected network to infect the devices of other employees who are on the same network. As the ransomware spreads, files become encrypted – preventing anyone from accessing them until the ransom is paid.
Exploit Kits
Exploit kits are used by cybercriminals to attack vulnerabilities in systems in order to distribute malware. When victims go to malicious websites or click on malicious advertisements (malvertisements), targeted victims are directed to the exploit kit’s landing page. This is where the exploit kit determines vulnerabilities and then exploits them – allowing them to successfully infect the victim's devices with malware.
Once the victim’s device becomes infected, they’ll be demanded to pay a ransom before they are allowed to access their files and data.
Types of Ransomware Attacks
Crypto Ransomware
Crypto ransomware is one of the most common types of ransomware attacks. With this type of attack, the threat actor uses a program that encrypts the files on the victim's device. When encrypted, the contents of the files become scrambled – making them unreadable. The victim will receive an on-screen alert that says, in order to decrypt the files, they will need to obtain a decryption key from the attacker. An attacker won't provide the victim with a decryption key until they've paid the ransom.
It's worth noting that crypto ransomware differs from crypto malware, which is malicious software that allows threat actors to mine cryptocurrencies on a victim's device.
Locker Ransomware
Locker ransomware is another common type of ransomware attack. Using this type of attack, the malware will make the victim’s device inoperable. For example, when malware infects the victim’s device, the victim won’t be able to use their mouse or keyboard. The only thing the victim will be able to do on their device is pay the ransom, which will be the only thing displayed on their screen.
Instead of encrypting your files like crypto ransomware, locker ransomware will just lock you out and prevent you from using your device.
Ransomware Attack Statistics
of ransomware attacks are caused by phishing emails
of employees don’t know what ransomware is
of companies increased cybersecurity spending after a ransomware attack
Understand the ripple effects of ransomware attacks by reading our 2021 Ransomware Impact Report.
How to Prevent Ransomware Attacks at Your Organisation
Perform regular system backups to enable data recovery
In addition to enabling you to recover data after a ransomware incident or another cyber attack, regular system backups are a fundamental part of business continuity after catastrophic system outages and damage to hardware after natural disasters.
Train employees to avoid phishing and other scams
Since many ransomware payloads are delivered via phishing emails, training employees to avoid phishing scams is a critical step to prevent infection.
You can deploy phishing training into your business using a program such as KnowBe4, which sends simulated phishing tests to employees.
Use an Enterprise Password Management Platform (EPM) Like Keeper
Most ransomware payloads are delivered after a cybercriminal breaches a system using a weak or compromised password. Start your 14-day free trial of Keeper Business to strengthen the security of your organisation’s passwords.
Subscribe to a Dark Web monitoring solution like BreachWatch®
BreachWatch® scans Dark Web forums and notifies organisations in real-time if any of their employee passwords have been breached and put up for sale – allowing IT administrators to force password resets right away.
Check to see if your business has any stolen credentials on the dark web using our free dark web monitoring tool.