What is ransomware? | How to prevent ransomware attacks

As the name suggests, ransomware, a portmanteau of "ransom" and "malware", is a type of malware that encrypts the files on a device to keep the owner of the files from accessing them. The encrypted files are almost impossible to recover without the key. The victim will then receive a ransom note with instructions on how to contact the malicious actor and pay the ransom demanded of them.

Threat actors may even employ double extortion tactics beyond using ransomware. They do not just encrypt files but also steal valuable data from the victim and threaten to publish sensitive data if the ransom is not paid. All in all, the malicious actor’s ultimate goal is financial gain.

In 2023, organizations all around the world detected 317.59 million ransomware attempts, with more than 70% of 1,200 businesses in a survey falling victim to ransomware attacks. Having cost numerous businesses millions of dollars, ransomware is easily one of the most devastating forms of cyber security threats.

Like other strains of malware, ransomware has multiple types. Understanding how each type of ransomware works can help you take preventative measures and know what to do in the event you encounter one.

The three most common ones include:

• Scareware
• Screen lockers
• Encryption ransomware

💀 Scareware

Scareware usually takes the form of pop-up ads or spam emails to trick you into thinking that your device is infected with ransomware. These pop-up ads and emails are meant to intimidate and frighten you into visiting infected websites or downloading malicious software, to fully take control of your computer.

Fortunately, scareware does not entirely penetrate a device, hence it needs to resort to intimidation tactics. Once you recognize its presence, you can take steps to remove it from your computer without being manipulated into further downloading malware.

🚫 Screen lockers

As the name suggests, screen lockers lock you out of your computer or device which has been infected, preventing you from accessing and using your device. This type of ransomware operates on the level of an operating system and bypasses all security measures. It can infect your computer through email attachments, websites or links.

If actions are quickly taken against screen lockers, such as rebooting your device in Safe Mode and disconnecting it from your internet network, you can contain the spread of ransomware before it completely takes over your computer or infects other devices connected to your network.

🔒 Encryption ransomware

Encryption ransomware is the most dangerous strain. Encrypted files are virtually impossible to decrypt without the key, and there is no guarantee that you will receive the key after paying the ransom. However, if detected early, there are measures you can take to prevent the full encryption of your files and system as well as prevent ransomware from spreading across your network to other connected devices.

Notorious strains of encrypting ransomware include:

• Rorschach - one of the latest and fastest encryptors as of 2023
• Babuk
• BadRabbit
• BitPaymer
• Cerber
• Cryptolocker
• Dharma
• DoppelPaymer
• GandCrab
• LockBit 3.0
• Locky
• Maze
• MeduzaLocker
• NetWalker
• NotPetya
• Petya
• REvil
• Ryuk
• SamSam
• WannaCry

Other types of ransomware

• Mobile ransomware: Mobile devices are not immune to ransomware, and can be similarly affected like their computer counterparts.

• Ransomware for Mac: Ransomware strains designed specifically for macOS include KeRanger, Findzip, and MacRansom.

• RaaS: Similar to other services such as SaaS, IaaS, PaaS, etc, Ransomware-as-a-service is a business model that allows people to profit from fully developed ransomware without having to build it themselves.

By knowing about the tactics ransomware employs to trick users into downloading it, you can protect yourself against ransomware by taking precautions once you recognize its tactics.

There are four main ways your device can be infected with ransomware:

⚠️ Malspam

Malspam refers to threatening spam emails which attempt to trick and intimidate the recipients of said emails into downloading ransomware attached to the emails.

⚠️ Malvertising

Malvertising refers to online advertising used to redirect unsuspecting users to criminal websites or even servers, where disguised malware can be unintentionally downloaded.

⚠️ Spear phishing

Spear phishing is used when malicious actors send tailored emails that target a specific group of people. For instance, an attacker sends emails to the employees of a company posing as their CEO, and claims that their CEO wants them to download a certain file which secretly contains ransomware.

⚠️ Social engineering

Social engineering can be used together with any of the previous three tactics of malspam, malvertising, and spear phishing. It is a technique designed to manipulate unsuspecting users to perform certain actions or disclose certain information. For example, the attacker can create a false government website that looks legitimate and trick users into downloading ransomware onto their devices.

Ransomware is a danger to both individuals and organizations. Be wary of the tactics ransomware employs to lure in victims and follow cyber security best practices to protect yourself against it.

• Always update your operating system to reduce the number of vulnerabilities.

• Don’t install downloaded files from suspicious websites.

• Don’t click links or download suspicious attachments from unverified emails.

• Make sure your computer or device is armed with anti-virus software.

• Back up your files regularly and automatically.

• Enforce the principle of least privilege with Zero Trust Security principles.

Cybercriminals and malware are constantly evolving and coming up with new ways to evade defense mechanisms and bypass security measures. While you might do everything in your power to lower the risk and reduce vulnerabilities, there's a chance ransomware finds its way to your system. If, unfortunately, your computer or device is infected with ransomware, what should you do?

Protect against ransomware by taking these measures:

✅ 1. Turn off your device.

Encrypting all the files on your computer takes time. If you have anti-virus software installed and ransomware is detected, it will send you a notification. Turn off your computer immediately to stop the encryption process.

✅ 2. Isolate the infected device.

More often than not, ransomware scans your network for vulnerabilities and spreads itself to other parts of your network. Isolating the infected device cuts ransomware off from accessing the rest of your network.

✅ 3. Secure your backups.

Disconnect your backups from the network and internet. This prevents them from being infected with ransomware, especially if you are not yet certain that the attack has been contained.

✅ 4. Assess the scope of the incident.

To understand the scope of the damage, run through lists of questions and tasks. Some of the questions you can investigate are:

• Which user accounts might be compromised?

• Which applications are affected?

• How is the attacker communicating with compromised devices?

With the answers to these questions, you can create specific approaches to deal with the current ransomware attack

✅ 5. Report the attack.

Report the ransomware attack to help the authorities to trace cyber criminals, understand perpetrators, and potentially stop future crimes. Back up the infected system, so the authorities can use it as evidence to further investigate the attack.

Create security strategies and response plans that protect you against ransomware attacks with our security experts. Partnering with major cloud providers, Hi Cloud utilizes the most up-to-date cloud computing and cybersecurity solutions and services to drive innovation and business growth. Get in touch and learn more about our security solutions to safeguard your organization today.