Firstly, let’s start with what ransomware is…
Ransomware is a type of malicious software that acts a lot like a biological virus. It gets into files or systems and locks users out of those files or systems. Entry sites are often called “vectors,” which is a term from epidemiology for people who carry diseases. Ransomware also gets in through a vector attack or infection.
Just like a disease or human virus, malicious software can sometimes lie dormant and go undetected for a long time until a certain action or series of actions happen. Then, all files or even the whole device are held hostage with encryption until the victim pays a ransom for a decryption key. The user can use the key to get into the encrypted files or systems. In much the same way, the human body needs a “key” or appropriate immune response in order to nullify the attack of the virus on the immune system.
How does ransomware work?
Ransomware is a type of virus that is aimed to prevent a user or organisation from accessing files on their computer. Cyberattackers put companies in a situation where paying the ransom is the quickest and cheapest option to recover access to their files by encrypting these files and demanding a ransom payment for the decryption key.
Ransomware—also known as malware—was first seen more than thirty years ago, read about the case below;
In 1989, an AIDS researcher named Joseph Popp, PhD initiated the attack. He did this by sending 20,000 floppy discs to researchers working on HIV/AIDS in more than 90 countries. He said that the discs had a program on them that used a questionnaire to figure out a person’s risk of getting AIDS.
On the other hand, the disc also had malicious software on it that—when installed on a computer—would lie dormant at first and only start working after 90 restarts of the infected computer. Once the 90-start limit was reached, the virus showed a message that asked for a software lease payment of $189 and another payment of $378.
This particular ransomware attack became known as the AIDS Trojan, or PC Cyborg, in the end. Popp, was the creator of the first known malware attack in history.
Examples of malware types include:
- Email attachments – often an “invoice” attached for urgent attention—or something of equal urgency—is the entry point for these attacks.
- Messages on social media – assailants create fake profiles of a current friend of the victim and then send an attachment to click on. Messenger is often the most used platform.
- Online pop-up windows – although an older style of malware, the pop-up is designed to mimic the current content experience thereby making it more likely for someone to click on it.
How do I protect myself and my organisation against malware attacks?
In many of these cases, internal security training and best practises may strengthen your first line of protection and lower your attack surface. This includes:
- regular software updates and patches
- maintaining your assets and systems
- making sure all your passwords are strong and impenetrable
- enhancing email security
There may come a time when a ransomware threat gets past these first lines of defence. If this happens, you will have to find, stop, and even kill any bad behaviour on user machines and devices.
This is where a plan for protecting, finding, and responding to endpoints comes in.
So in conclusion, the best form of defence is first to err on the side of caution. Don’t just click on any email attachment, link or popup window. If something looks phishy—pun intended—email your IT support team and query the mail, popup or message. A screenshot of the item is sufficient to send on within a new mail. We can also help you set up protocols to follow in the case that you find you may have been infected. We are just a message or phone call away.
Doing business better. Together.