Common Ways Businesses Fall Victim to Ransomware

Ransomware is a type of malware that steals a victim’s data and either threatens to publish or perpetually block access to it until a ransom is paid.  Stories of organizations crippled by ransomware regularly dominate the IT news headlines.  Here are some stats on ransomware from Sophos’s The state of Ransomware 2020 report.  The average cost to rectify the impacts of the most recent ransomware attack in 2020 (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is $732,520 for organizations that don’t pay the ransom, rising to $1,448,458 for organizations that do pay.  26% of ransomware victims whose data was encrypted got their data back by paying the ransom.  A further 1% paid the ransom but didn’t get their data back.  Paying the ransom doubles the cost of dealing with a ransomware attack.  94% of organizations whose data was encrypted got it back and more than twice as many got it back via backups (56%) than by paying the ransom (26%).  Here is a guide to help you better understand the different types of ransomware attacks and how your business can best avoid them.  

Emailed Links & File Attachments:  By far the most common scenario involves an email attachment disguised as an innocuous file.  "Phishing" spam refers to attachments that come to the victim in an email, masquerading as a file they should trust. Clicking the malicious link downloads ransomware.  Once it’s downloaded and opened, ransomware can take over the victim’s computer.   Following a malicious link can quickly compromise an entire network.  

Accidental File Download:  Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.  This type of ramsomwawre attack is especially dangerous because it’s difficult to prevent.

Remote Attacks on Server:  These attacks happen when ransomware contacts the command and control server operated by the cybercriminals behind the attack.  The ransomware gets the server to generate cryptographic keys to be used on the local system.  It then starts encrypting any files it can find on local machines and the network.

Mis-configured Public Clouds:  This occurs when you have not configured a cloud-related system, asset, or tool properly.  This improper setup may in turn jeopardize the security of your cloud-based data depending on the affected system, asset, or tool.  Such databases can be accessed, downloaded, or manipulated by anyone who finds them including cybercriminals who will then hit you with a ransomware attack.

Remote Desktop Protocol:  RDP is a protocol that people use to log into Windows boxes from afar.  It connects to Remote Desktop Services, a Windows feature that gives you desktop access on a Windows computer from wherever you are.  Unfortunately RDP has a history of insecurity, leading to attacks either by direct manual hacking or by malware. 

Here are some tips to help your business avoid a ransomware attack:

  • Look out for potentially dangerous file types like Executable, HTML, Java Script, VBScript, Zip and Batch.
  • Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
  • Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
  • Install antivirus software, which detects malicious programs as they arrive, and whitelisting software, which prevents unauthorized applications from executing.
  • Back up your filesfrequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.

At Onsite Techs we believe that having technology that works for you rather than against you is vital to your success.  We hope you found this inf ormation helpful and we are always here to provide dependable small business IT s olutions, so you don’t have to worry about IT.