What is ransomware? & how does ransomware work?

What is ransomware? & how does ransomware work?

What is Ransomware?

Ransomware is a type of malware that encrypts a system and then extorts money from the users or the entire organization.

Ransomware encrypts the victim's files, restricting the user from using their own files or documents, or locks the computer to prevent normal usage and demands payment as ransom to decrypt the files and provide access.

Type of ransomware.

  1. Encryption ransomware
  2. Lock screen ransomware
  3. Master boot record ransomware

People often get confused about the different types of ransomware and their abilities to encrypt files. There are currently three main types of ransomware, but as newer versions come along, other variants may show up. The three types of ransomware are:

Encryption ransomware

This ransomware encrypts your files and folders, preventing you from accessing your files by locking them with an AES- 256 key, which is notoriously tough to decipher. Depending on the hacker's motive, the encrypted files may or may not be recoverable. After encrypting your files and folders, encryption ransomware displays a pop-up message explaining that your files have been encrypted and you must pay a ransom to have those documents decrypted. Wanna Cry used this method against its victims.

Lock screen ransomware 

As the name implies, lock screen ransomware locks your screen and demands a ransom. While this type of ransomware won't encrypt your files, it will block all your windows straightaway. Once your system is infected, you won't be able to access your windows until you pay the ransom or the hackers lift the attack.

Master boot record ransomware

The master boot record (MBR) is an essential part of a hard drive, allowing the operating system to boot up.

MBR ransomware changes the MBR, interrupting the normal boot process by displaying a demand for ransom on the boot up screen. Users can't even boot their systems up until the ransom is payed. Of all three types of ransomware, this ransomware is arguably the most dangerous. The ransomware Petya was initially launched as master boot record ransomware, but after its immediate discovery by security professionals, Petya was upgraded and released as a new variant called Wiper. As the name implies, this variant will completely wipe your entire hard drive and leave you empty-handed with a blank system.

How does ransomware work? 

Unlike other cyberattacks, ransomware actually locks away victims' data rather than stealing or destroying it. Recently, encryption ransomware has been the most publicized type of ransomware. Most ransomware enters a network through either email attachments, social networks, or malicious sites.

WannaCry infected systems through email attachments, but then used a known Windows vulnerability, Eternal Blue, to propagate within networks. This propagation technique sets WannaCry apart from most encryption ransomware, in that its exposure was not limited to machines that directly downloaded the malicious file.

Let us break down the typical encryption ransomware workflow into five stages.

  1. A user downloads a malicious file from a web page or an email.
  2. The downloaded file contains the ransomware, which begins infecting the user's system.
  3. Some ransomware types will spread to other systems on the network if the network contains vulnerabilities.
  4. The ransomware will prevent access in some way. Many encryption ransomware versions will encrypt users' files across the network with AES-256, a one-time key.
  5. The ransomware creates a unique key for each file that was encrypted (these are used for decrypting the files once the ransom is paid).

Best practices to stay vigilant against ransomware.

Now that we have seen what not to do in response to ransomware attacks, let's take a look at what you should do to stay safe. Here are six simple steps to protect your data from cyber attacks

1. Educate users about phishing attacks.

Cybercriminals often send seemingly innocent emails to users, luring them to download attachments so hackers can infect their systems and infiltrate their network. Enterprises need to properly educate users and employees about phishing attacks, stressing that they should not download unwanted attachments from random email addresses.

2. Back up your files regularly.

The best way to keep your data safe is by backing up your systems regularly. With backups in place, ransomware attacks won't be able to interrupt the regular business flow. And make sure the backup is restricted to read/write permissions so no one gets an undue opportunity to modify or delete your data. Once you've backed up your files, make sure to check on the status of those backups periodically to detect any breaches immediately.

3. Architect your security. 

Divide your network into macro zones and micro zones to prevent hackers from accessing confidential information. Separate your computers based on critical, moderate, and low priority, and provide security levels based on network importance. For example, protect your servers more securely than your least important user computers or devices.

4. Employ deception technology.

If the data in your organization has to be secured at all costs, then implement deception technology to stay safe against potential data breaches. Deception technology is the practice of deploying a decoy system outside of your firewall, confusing hackers with fake data. With deception technology like honeypots, your security team can identify threats based on multiple breaches at one time, all without compromising your confidential data. Once you've identified the threat, your organization can defend itself against the attack accordingly.

5. Regularly patch your operating systems. 

Even if you have all the above security measures in place, your network may still be suspectible to ransomware attacks if your operating systems are out-of-date. To evade ransomware completely, you need to keep your Windows, Mac, and Linux systems up-to-date at all times. Deploy missing patches immediately to stay secure.

6. Update your third-party applications.

On top of your operating systems, you need to make sure your third-party applications are updated as well. If, for example, a vulnerability exists in your design department through an application like Adobe Photoshop, hackers can use this vulnerability to breach your network and start infiltrating other systems. With that being said, leave no holes unpatched.