Explained: Ransomware and are you vulnerable to an attack

Ransomware is pervasive and is now being deployed on an industrial scale. 

While attacks are often aimed at high-profile organisations, they are increasingly being used against small-to-medium-sized businesses. 

Ransomware is a type of malware that blocks access to devices and the files on them, as well as to systems, networks and data. 

As the name suggests, a ransom is demanded in order for access to be reinstated. 

This leaves many organisations with the difficult decision of whether to pay the ransom or not – but just because the ransom is paid, there’s no guarantee the attackers will reinstate access. 

What is ransomware? 

Ransomware is malware that denies any user or organisation access to systems, networks and files on a computer – this includes devices such as smartphones and tablets. 

The files that infect the computer are encrypted and need a key to unlock them. If the user or organisation wants the key, they will need to pay the ransom demanded by the hacker. 

Some cybercriminals are now taking ransomware to the next level, with data theft an increasingly common part of these attacks. 

Ransomware and phishing go hand in hand

Phishing is the most common method through which hackers infect a computer with ransomware.

In most cases, an email is sent to a recipient asking them to click a link – by doing so, the ransomware is installed on the device and access is then blocked.

These attacks prey on human nature and our intrinsic trust in communication when it appears to have come from a trusted source (even if it hasn’t). 

Phishing emails are incredibly realistic and require a combination of technology and staff education and training to spot and stop.  

Ransomware and the businesses that are most vulnerable

Some businesses are more exposed to ransomware attacks than others. Those at the greatest risk will be high profile and/or have a heavy reliance on a single technical platform to which all users have access to critical data.

The same applies to those that have a very high requirement for system availability to be visible to the outside world – this requirement makes them an easy target for hackers. 

Of course, all businesses are vulnerable and the greatest area of exposure is often the same. 

Because phishing is the most effective way for attackers to gain access to an organisation’s system, a company’s people are its greatest point of vulnerability. 

Unfortunately, a large number of small-to-medium-size businesses – and even enterprise-level organisations – simply don’t prioritise cyber security. 

Without a strong cyber security culture, employees simply won’t know how to spot a phishing email nor how to respond if their suspicions are raised – it’s common for staff to be concerned about “bothering” members of the security or IT team. 

What impact does a successful ransomware attack have on a business?

All system availability attacks can have a devastating impact on a business, and ransomware is no different. 

A successful ransomware attack means that it’s almost impossible for the organisation to run “business as usual”, stopping it from providing products, services and solutions to its customers. 

This inhibits the company’s ability to generate income, but can also do irreparable damage to its reputation, especially if data has been compromised. 

How to improve resilience to ransomware attacks

The most effective way to mitigate the risk of falling victim to a ransomware attack is to put a comprehensive, risk-based cyber security programme in place that has buy-in from the top down. The programme must be supported by fit-for-purpose policies and procedures, and – of course – a heavy focus on the role of individual users in helping to keep the business secure. Regular staff training and awareness activities are key.. 

Constant, tested, data backups are also a must. The purpose of a ransomware attack is to prevent access to data, but if data has been backed up and is stored securely, the organisation can quickly regain access with minimal data loss. 

Organisations must also ensure they have applied the latest patches to their systems as this is an area that hackers often look to exploit. Ensuring patches have been applied reduces the number of potential vulnerabilities.