As the name suggests, ransomware is a type of malware that restricts access to an infected computer system in some way. Once this system has been affected, the attackers will ask for ransom as payment for the restriction to be removed.
A study from IBM found that Spam emails loaded with ransomware increased 6 000% in 2016 when compared with 2015. In fact, almost 40% of all spam messages sent in 2016 contained some sort of ransomware. And these attacks aren’t industry-specific – companies of all sizes and across all industries are affected. Any consumer or business using the Internet is a potential target. A similar report, released in September last year, forecast that the total cost of ransomware would reach $1 billion during 2016. Making this cybercrime trend a rather frightening phenomenon.
There are several variations of ransomware. Here are a few types you should consider:
Cryptolocker: The business model behind this “family” of ransomware aims to extort money from users. The virus does so by hijacking the files on an infected workstation or server. Typically, Cryptolocker is spread via malicious emails that appear legitimate to trick people into opening an infected attachment.
Accounting phishing scams: This threat focuses on wire transfers (EFT’s [KN1]). These emails look like they come from a senior business executive and request that money be transferred into a certain account. This strategy is effective because the emails are written with a sense of urgency so the person authorising the transfer will go ahead without a second thought.
MarsJoke: This ransomware targets local government, state agencies and educational institutions. Like other ransomware, MarsJoke gains access via email. The most common “cover” used for these malicious emails are references to package tracking numbers from popular couriers or airline passenger information from major passenger airlines.
Virlock: This variant of ransomware is stealthily spreading itself through cloud storage and collaboration apps. As such, one infected user could inadvertently spread this malware across an entire corporate network.
Now that you know the different types of ransomware that can affect your organisation, it’s time to learn how to deal with an infection.
- Firstly, disconnect any infected laptops, computers or smartphones to prevent the virus from infecting your entire network.
- Next, let your insurer know that there’s been a breach. They’ll be able to organise the necessary legal and security experts to begin an investigation into the incident.
- While it may be tempting to pay the ransom in the hope that your problem goes away, it’s best not to. Paying the ransom in no way guarantees that the attacker will decrypt or return your files.
- And this is where exploring your options comes in. If you can restore any damaged files from backups, you may be able to limit how much information was lost. The right IT experts may be able to decrypt your files or wipe your infected drives.
Never pay the ransom demand as in our experience 90% of victims never receive decryption keys and this perpetuates the ransomware industry.
Our security solutions include vulnerability scans, intrusion-detection systems and firewalls.
They’re designed to help you detect potential threats, defend against security breaches, and respond quickly if they happen. To find out more about the current threat landscape, check out our Global Threat Intelligence Report 2016. You can download it here.
Read more blogs below