Wooden Spoon: Blog

What is Ransomware and How Can You Defend Against It

What is Ransomware and How Can You Defend Against It?

There are a number of different cybersecurity threats out there that you must protect against. One such threat is ransomware. This type of threat seems like it’s fairly new, but ransomware attacks have actually been happening since 1989. Since then, ransomware has evolved as technology has changed. Hackers have even created what they call “ransomware-as-a-service” that quickly allows cyber-attackers to lock out a business’s server, leaving the company unable to do anything. These attacks can do more than inconvenience you—they can cripple your business, costing you thousands of dollars in lost sales and even more due to damage to your reputation.

What exactly is ransomware, and how can you protect your company against it? Here are some of the basics on this type of cyber attack and what you can do to protect yourself from it.


What Is Ransomware?

Ransomware is malware, but it works a little differently than most malware. Typically, malware spies on your computer. It may send information to hackers or take over other programs like your web browser and redirect you to scam sites. Your computer still functions, though, and you may not even realize that you have this malware until you run an anti-malware scan.

Ransomware, on the other hand, actually locks down your computer. You can access anything until you have the ransomware unlocked. Typically, all you see is a screen stating that you have been a victim of ransomware. This screen comes up even if you reboot the computer or server. It normally tells you what to do in order to unlock your system. Often, you’re given a phone number to contact or are instructed to send a specific amount of money to a specific email address via PayPal or other cash transfer app.

Some ransomware locks out your operating system, making it impossible to do anything. Other types lock out specific applications or files. This is often done if the hijacker wants you to electronically transfer funds to them. They might lock out everything except your internet browser, or they could make it impossible to access specific types of files such as documents or spreadsheets.


How to Tell if You’re a Ransomware VictimHow to Tell if You’re a Ransomware Victim

In the ideal scenario, your data security protocols will detect any attempt by ransomware to take over your system and shut it down. However, because we rarely live in an ideal world, there are times when you may fall victim to one of these attacks. Ransomware is often one of the least-subtle types of malware in that it needs you to know it’s in your computer so you’ll pay the ransom. Because of that, it’s typically easy to know if you’ve been infected. However, if you have ransomware that only affects certain types of files and don’t access those files often, it could take a few days or weeks to learn that you have malware.


Should You Pay the Ransom?

One of the questions many people as soon as ransomware takes over their computer or network is if they should pay it. For large businesses, the amount of ransom being demanded may actually be less than what they would lose from their system being down for 24 hours or more.

However, it’s important to remember that many hackers behind ransomware attacks have no reason to actually unlock your system or release your data. Once they have your money, they no longer have any reason to care what happens to your network. They can walk away with the ransom without removing the ransomware. Now you don’t have access to your data and you’ve lost money. The FBI and other cyber-security organizations strongly recommend not paying the ransom. In addition to having no reason to release your data, paying may only encourage these cyber-terrorists to continue their attacks on other businesses.


Types of Ransomware

Some ransomware was designed for individual users. This type typically only locks down one computer. Sometimes, it’s capable of accessing email accounts or other systems to spread itself, but that’s not always the case. It can come from downloading files. In fact, ransomware was very popular as a trojan horse during the era of bit torrents and other illegal methods of file sharing. Users would download what they thought was a different program, but when they activated the installation file, they would actually install the ransomware.

Other types of ransomware were designed to affect business networks. One such example is LockBit ransomware. This malicious program locks out the user’s computer to demand the ransom, but then it starts looking for ways to spread itself. Once it gets into your network, it will begin infecting every computer it can. Your employees will be locked out one by one until your entire network is affected. This can lead to a disruption in your daily operations, lost sales, and extortion.

One of the biggest dangers of LockBit and similar malware is that no human interaction is needed for it to spread. All the blackmailer needs to do is infect one computer within a business. The malware then self-replicates. Even if a company is able to isolate and remove the malware from some machines, it can be busy duplicating and spreading through other parts of the network. Getting rid of it typically requires taking the entire infrastructure offline.


Composite Ransomware

Many types of ransomware are single entities that have a specific mission: lock down a system or set of files and demand a ransom. However, there are others such as Blackmatter ransomware that are composite malware. This type of malware is made up of parts of other malware. Blackmatter ransomware, for example, contains features from LockBit, Revil, and DarkSide, all nasty pieces of malware by themselves.

When combined into the BlackMatter malware, you get a program that attacks a system in multiple ways. It can take over tools such as remote monitoring and remote desktop software to infect other computers, steal credentials to log in to the network, send data to others, encrypt files, and can even find and destroy backup copies. It’s one of the worst types of ransomware because it can leave you locked out of your system without a backup while also stealing your data.


How to Defend Against RansomwareHow to Defend Against Ransomware

Protecting yourself against ransomware begins with securing your network. Your IT security services should make use of reputable anti-virus and anti-malware tools to protect your data. You also need to train your employees on how to recognize phishing scams and questionable websites. Often, computers are infected with malware and ransomware because an employee downloaded an infected file from an email or the internet. Cybersecurity training, then, is vital in protecting your business.

If ransomware does hit your network, you need to have a vetted recovery plan in place to deal with it. This should be a part of your disaster recovery plan portfolio, a collection of plans for various disasters. The plan needs to include what employees should do as soon as they realize their computer has been infected, what steps IT should take to protect the rest of your infrastructure, and who should coordinate efforts to restore functionality.

You’ll want to have backups of all of your data safely stored somewhere so you can quickly retrieve information and resume at least some of your normal functions. Large corporations may even want to operate a backup site, a physical office that serves as a backup for all data. This office is typically not connected to your main network, which means backups have to be physically delivered or transferred at specific times. If your entire infrastructure is affected by ransomware, your backup site should still be safe. You can run at least your vital operations from this location temporarily until the ransomware is dealt with.


Bring in Experts to Help with Ransomware and Other Malware Attacks

Having experts on your side to help protect you from malware of all types can drastically decrease your risk of being infected. This is where working with a managed IT services partner can be very helpful. That’s because your internal IT team may not have the same expertise and knowledge needed to combat ransomware.

Here at Wooden Spoon, we have that expertise and more. Because we’re focused on IT, we’re able to fully commit to keeping up with the industry. We continue to monitor new ransomware and other types of attacks so we know what our clients are facing. We look cutting-edge protection and defenses to ensure that even the newest types of ransomware fail to affect you. In the event that you are compromised, we will already have recovery plans in place so your company can quickly move to address the situation and resume operations.

Wooden Spoon does more than security, though. We provide everything from initial consultations and infrastructure planning to maintenance schedules and hardware support. We can help you remotely or onsite. Our team is here to assist you with project management, web hosting, backups, and even virtual CTO services.

Want to learn more about how Wooden Spoon can help you? Contact us today for a free quote.

Zach Mesel

Zach Mesel

Technology is in Zach’s blood. Zach spent much of his youth in his father’s cardiac research labs, either as a test subject for his father’s research, or playing games with his older brother on mainframe computers. Zach earned his BS in Management Information Systems in 1988 from the University of Arizona, and then worked for IBM in Boulder, Colorado, and Palo Alto, California until 1995. He started Wooden Spoon in 2002.