How Does Ransomware Spread? The Anatomy of a Ransomware Attack

How Does Ransomware Spread? The Anatomy of a Ransomware Attack

As technology advances, so does cybercrime. More than ever, companies big and small rely heavily on functional servers and secure data to conduct their daily business. 

Knowing this, cybercriminals are becoming more sophisticated than ever. Especially when it comes to ransomware. Once not much more than a buzz word, ransomware is now a serious concern costing American companies over $75 billion per year

Recent studies have found that businesses lose an average of $8500 per hour in downtime costs during a ransomware attack.

So what exactly is it, and how does ransomware spread? Protect yourself from ransomware and secondary infections with this complete guide to the anatomy of a ransomware attack. 

What is Ransomware? 

Ransomware is an infectious and often well-written software that blocks access to systems or encrypts files until a ransom fee is paid by the user. 

They usually appear in the form of an on-screen alert. Often it's a .txt file stating that the system is locked and that access will not be granted again until the user pays the fee.

The amount of ransom money demanded by the attacker varies. Fees average between $200 and $400 US dollars for individuals and $6000 to $8000 for businesses. 

It is essentially the hacker holding data and system access hostage. The attacker knows that companies are potentially losing more money by staying offline.  

How Does Ransomware Spread?

The most common method of spreading ransomware viruses is through phishing emails. This is why you should never open emails from unknown sources and why you should never click on links within suspicious emails. 

Ransomware writers are clever, though. They often create email addresses that look so legitimate that at a glance, it's extremely hard to tell they're fake.

Once an email is opened or a link is clicked, it could be a matter of seconds before the computer is infected. 

Another common way ransomware is spread is through drive-by downloading. This happens when you visit an infected website and a download starts automatically, sometimes without the user even noticing. 

Crypto ransomware is even more sophisticated and has the ability to not only lock systems but also to encrypt sensitive files. Crypto ransomware spreads through emails, website, social media, and web-based messenger apps. 

As hackers get smarter, even company web servers are vulnerable if they don't have the proper security measures in place. In this case, attacks can happen without any actual entry point and without the company noticing until it's too late. 

Types of Ransomware

Some common types of ransomware are CryptoLocker, Locky, WannaCry, Bad Rabbit, and CryptoWall. There are countless types of new ransomware popping up daily. It's almost impossible to keep track.

CryptoLocker botnet is one of the oldest types of cyberattacks. It's been around for 20 years and has more recently used its technology to become one of the most powerful types of ransomware.

Because of its highly sophisticated encryption algorithm, it's considered in the IT world to be the most destructive ransomware program.

WannaCry is one of the most notorious programs known around the world. To date, it's infected over 100,000 companies in 150 different countries. 

Bad Rabbit is one of the bigger ransomware attackers in Russia and Eastern Europe and is notorious for gaining its access through fake Adobe Flash updates. 

How to Protect Yourself

The most important advice to protect yourself and your company against the impacts of a ransomware attack is to implement a data backup and system recovery plan.

Make sure that all crucial and sensitive data is backed up on a separate, isolated network from any that is connected to your primary system. Once ransomware infects a system, it can easily spread to all connected networks. 

It's not enough to simply back up your files and put a recovery plan in place. Experts recommend frequent testing to ensure the procedures in place are effective and uncompromised. 

Another important way to protect against ransomware is to educate all employees on the dangers of email phishing. Do not assume everyone knows. Even tech-savvy people have been tricked by the attacks. 

Always keep your operating system software up to date. Old operating systems are much more vulnerable to attacks. And don't assume Macs can't be infected. Macs are known for being more virus-resistant than PCs, but they are still susceptible. 

Install and maintain reputable anti-virus software and make sure to scan all internet downloads before installing them. 

Some of the more sophisticated ransomware programs are hard to evade. The only real way to completely protect yourself against ransomware is to have a comprehensive and regularly tested recovery plan in place. 

What To Do If You've Been Attacked

The authorities generally discourage companies and individuals from paying the ransom fees. In a lot of cases, paying the fee does not guarantee that the attacker will unlock or decrypt the files. 

Some companies have experienced success by simply ignoring the attacks. In this case, some downtime might be unavoidable but with proper data backup and recovery plans in place, systems can be rebuilt and re-executed quickly. 

In some cases, it's hard to tell a system has been infected until it's too late. If you notice that all your files have a weird extension at the end of them, it's likely you've been infected.

Some examples of the file extensions you might see are .ecc, .aaa, .vvv, .xxx, .locked, .magic, and .LOL!. If you see any file extension that is out of the norm, unplug and disconnect all computers and devices from the network immediately.

Disconnecting won't reverse what damage is already done, but it can stop the infection from spreading to other connected networks or files it hasn't yet reached. 

The Last Word

Ransomware is the kidnapper/hostage situation of the Internet. Attackers are becoming more sophisticated by the day, and some of the more high-level programs are impossible to unlock without paying the ransom fee.

However, paying the fee just perpetuates the problem and gives more power to the criminals. Having a thorough recovery plan in place can allow you to ignore the attacks and carry on with minimal downtime. 

How does ransomware spread? Most commonly, it spreads by email phishing and automatic downloads on infected websites.

Be careful what you click on, maintain anti-virus software to scan any downloads, and above all: back up. Check out our IT services for data recovery information and advice.