Ransomware Explained

Ransomware attacks have made headlines severally over the last few months. The hackers behind them have targeted both large and small businesses, raising concerns about how safe business systems are. Most of these attacks have resulted in financial and economic losses worth billions of dollars. It seems like ransomware is here to stay, with hackers working hard to devise new ways to access even the most protected systems and networks. 

With this in mind, we reached out to cybersecurity professionals to find out what ransomware is and how it works. We wanted to find out how they would explain this type of attack to the average person, especially students who are curious about cybersecurity. We sought answers to the following questions:

  • If you had to explain how ransomware works to an average high school student, what would you say in brief?
  • What are two of the most prevalent types of ransomware attacks, and how do cybersecurity professionals deal with them?
  • In your opinion, are ransomware attacks something the average person or business should understand? Will they still be a threat in ten years?
  1. If you had to (briefly) explain how ransomware works to an average high school student, what would you say?

According to Scott Gallupe, President at 403Tech, ransomware is a virus that encrypts your data or files, holding them hostage. The hackers then demand payment in cryptocurrency to allow you to get it back.

Sarah McAvoy, Managing Director at CyberUnlocked adds that ransomware is one of the prevalent cyberattacks. They target an enterprise’s computer network, enabling a hacker to demand a ransom by encrypting the files and data. 

Hackers use this kind of malware to exploit people, businesses, and institutions for financial gain or to disrupt personally held beliefs. Ransomware encrypts files on servers and workstations with a key that only the malicious actors have to gain leverage over the victim. These are thoughts from Nick Martin, Director of Managed Services at Mainstreet IT Solutions

Ilan Sredni, CEO and President at Palindrome Consulting, uses an analogy to bring the idea closer home. “Ransomware is somewhat similar to getting caught playing with your phone during class. Your phone is equivalent to your computer data, and when the principal takes it from you, you don’t have access to it. To get access, you must pay the ransom, which in normal terms would be money, but in a high school environment, you pay for it with time in detention.”

  1. What are two of the most prevalent types of ransomware attacks, and how do cybersecurity professionals deal with them?

According to McAvoy, the two most common types of ransomware are:

  • Crypto ransomware: in this type of attack, the cybercriminal encrypts all the files and data on a computer or network. You can only recover the files and data using a decryption key that the hacker provides on paying a ransom.
  • Scareware: in this type of attack, hackers use social engineering to trick a user into thinking their computer is infected with a virus and then suggests downloading and paying for software that will remove the virus. In reality, the removal software encrypts the user’s computer. 

Martin adds that some common ransomware attacks come via email or open vulnerabilities to an operating system when browsing the internet. By far, most malicious activity, including ransomware, comes through email. This can be in the form of attachments in emails embedded with harmful programs meant to take advantage of systems. 

Browsing the internet, which has become a popular tool in business, provides another avenue for malicious actors to access systems. Ransomware can enter operating systems like Windows and macOS via web browsers, enabled by vulnerabilities that haven’t been patched. All systems require updates to keep up with known vulnerabilities. If these systems are not kept up-to-date, they create an avenue for ransomware to gain a hold of a system with ease. 

Sredni says that ransomware comes in different variants, but they are usually in the same “type” of attack. This is to say that they get into the network and encrypt the data, not allowing you to gain access or let your business function. Ransomware attacks don’t usually target individuals since their funds may be limited. Their target is mostly businesses of all types, which is why they need to understand and protect themselves against these types of attacks.  

In dealing with the threat, cybersecurity professionals need to implement a variety of protocols. They need to have both preventative and recovery measures to protect a business from a ransomware attack.

Cybersecurity professionals will put up safeguards to ensure protection between the end-user and the broader internet. This can be in the form of email filters, firewalls, anti-virus, and many other monitoring tools that help keep end-users protected. This also gives insight to professionals looking to monitor networks for malicious activity, says Martin.  

Gallupe believes that the best protection against ransomware is to use a layered approach. Antivirus, Firewalls, and Security Awareness training are all examples of ways to protect a firm from ransomware. Unfortunately, there isn’t only one good protection mechanism against it, and users need training on various prevention measures.

  1. Are ransomware attacks something the average person or business should understand? Will they still be a threat in ten years?

The average person should understand ransomware attacks, says Gallupe. In his view, as technology improves, ransomware attacks will become less and less prevalent. However, hackers are known to try and be one step ahead of security specialists. After all, it is a business for them.

Ransomware awareness through training is crucial for the average person and business to understand, adds McAvoy. These types of attacks are increasing daily. Given that people use multiple devices every day, everyone should have basic cybersecurity training these days. Cybersecurity awareness training goes beyond ransomware and will evolve to provide awareness of the latest threats. The importance of a continuous security training program cannot be stressed enough for both businesses and individuals in schools and universities.

Martin believes that ransomware attacks should part of any training session for a business. The largest liability on ransomware for businesses remains with the employees. Because of this, companies should be having mandatory training on how to spot phishing attempts and malicious emails. With the increasing usage of computers in everyday life, it would be beneficial for people to understand ransomware, how it works, and how to prevent it. 

The threats have only increased in the past several years, and as long as the current need for computers exists, then the threats should only increase with time. It is difficult to tell what that might look like in the next ten years, but Martin does not doubt that although the threats may look different, they will certainly still exist.

Final Thoughts

Individuals and businesses alike cannot afford to bury their heads in the sand as far as ransomware is concerned. The threat is real and will continue to be since hackers are in business and want to make money out of the attacks. Consequently, you need to take a proactive approach to protect your business and systems from attacks. 

Fortunately, cybersecurity professionals are also working day and night to improve cybersecurity measures. Experts at Ulistic are also passionate about helping businesses keep their systems protected and functioning the right way. If you’d like help with getting the most reliable cybersecurity solutions, call us, and let’s discuss your cybersecurity needs.