What is ransomware?

Security challenges

From phishing scams to man-in-the-middle attacks, there are plenty of social engineering attacks keeping IT leaders awake at night. Still, there’s one particular piece of malware that businesses need to be especially wary of: ransomware.  

Ransomware is a piece of software that can lock a user out of their computer. It uses encryption to lock down access to files, programs, and more — effectively rendering a machine useless. A ransom is then demanded to gain access once again. If companies refuse to pay the ransom, attackers could release sensitive data onto the internet.

How it works

There are many ways a user could give this malware access to their computer. One of the most common ways is by clicking a link in a phishing email. Once the ransomware is on a single computer, the software spreads across an entire system or network. 

Why it’s such a danger

After a piece of ransomware is on a computer within a business’s network, it can spread. That doesn’t just put a single machine at risk, but it can shut down an entire business-wide IT system. With an entire network shut down, the attackers can demand vast sums of money to hand back that access. With so much sensitive data at risk and a business to run, often the only option is to pay up.

The alternative for a victim of ransomware is to rebuild their entire IT system from scratch. This can be staggeringly expensive and time-consuming, leaving organisations in a genuine catch-22 when deciding whether to pay a ransom. Of course, there’s also no guarantee the attackers don’t exfiltrate data for further blackmail attempts even once the ransom has been paid.

Recent examples of ransomware attacks

There have been several high-profile cases of prominent organisations hit with ransomware attacks. In 2017, the NHS was a victim of an attack, which cost the health service £92m and caused the cancellation of 19,000 patient appointments. That was put down to the NHS using the outdated Windows XP operating system.

British pharmaceutical company Reckitt Benckiser was also a ransomware target and estimated the attack cost £107m in disrupted production, goods it could not deliver, and recovery. The Police Federation of England & Wales is another government organisation that has been targeted with ransomware. In this case, several databases and servers were encrypted, leaving them inaccessible.

A further high-profile attack hit the UK’s biggest provider of forensic services, Eurofins Scientific. The ransomware caused disruption to IT systems and resulted in a backlog of over 20,000 blood and DNA samples. It’s reported that Eurofins Scientific paid the ransom to restore access to its network.

Whether you’re a large government entity, a major organisation, or a small business, there’s a risk of ransomware getting into your network. Understanding how it gets installed and spreads is the first defence in stopping it altogether.

How to stop ransomware

Ransomware should be a prime concern for businesses, but there are plenty of ways to protect against these scams, and training your employees to be aware of the security risks is a good start. That, when backed up with security software and robust cybersecurity policies, means your company can stay safe from potential attacks, and your employees can work worry-free.

Over 90% of ransomware is delivered by email phishing. Phishing attacks work by exploiting human weakness, which is why it’s vital to deploy technology that protects your business at the human level. Intelligent anti-phishing solutions such as Egress Defend work by stopping ransomware entering your business in the first place, and breaking the ‘kill chain’ before it gets to the point of being downloaded and locking down your system.

Defend uses machine learning and natural language processing capabilities to analyse not only the content of emails, but the context too. That means it can catch the increasingly sophisticated ways in which cybercriminals are slipping ransomware attacks through traditional security defences. Businesses that take proactive measures against attacks are far less likely to be breached – and far more likely to be insured in the event that disaster did strike.

You can learn more about the dangers of phishing and how to keep your business safe in our dedicated information hub.  

FAQ

What is ransomware?

Ransomware is a piece of malware that can quickly spread across a whole computer network, leaving files and databases inaccessible. A note often appears in the affected directories, demanding a ransom to regain access.

How does ransomware spread?

Ransomware only has to get onto one computer for it to spread. How it spreads depends on how the network is set up, but poor segmentation is often the cause. The ransomware also takes steps to shut down any systems that may obstruct it, including Windows Recovery, event logs, and so on.

How does ransomware work?

Ransomware works by installing a malicious piece of software on a user’s computer that’s designed to spread across the system, locking down essential files, programmes, and other sensitive data. It uses encryption to ensure that users can’t access their data and are unable to restore the machines without paying the ransom demand.