What is ransomware?

A long time ago in a galaxy far, far away…. Wait, was it just 30 years ago? Ransomware is so common that we tend to think that it was always with us. Well, it’s just 31 years old but has caused numerous amounts of damage already — even though there’s still a moment of stunned incredulity when people first hear about ransomware.

This blog post will walk you through basic concepts and principles: What is ransomware? How does it infect your computer? And what is the impact on your business?

First ransomware attack in history

Back in 1989, evolutionary biologist Joseph Popp wrote “AIDS Trojan,” the first known malware that was an early example of a class of malware known as “ransomware.” AIDS Trojan was introduced into systems through a floppy disk, which Popp simply sent to a mailing list of attendees of the WHO International AIDS Conference. Just imagine: 20,000 infected diskettes were distributed! Joseph Popp was eventually caught, but could he imagine at that point in time that he started a new era of ransomware?

So…what is ransomware?

Speaking about the definition, I would put it in simple words: Ransomware is a form of software that is created with malicious intent and puts user’s files into code. It stands to mention that ransomware works by using file encryption, one of the most crucial tools in computer security. Some ransomware actors behave differently however, such as deleting files, encrypting applications (such as SQL Server) or uploading data to extort the organization. Ransomware will typically get access through insecure remote access, OS vulnerabilities, software downloads or email attachments.

How the ransomware process works

Alright, we get it — ransomware encrypts files on computers. But how does this happen?

Apart from the code and encryption algorithm, there’s always social engineering tricks involved.

I’m a big fan of the Mr. Robot series, which talks a lot about building an emotional connection with victims first before hacking them and encrypting their data. Sometimes, attackers even get in touch with the target on a social network and start a conversation with the target there. Step by step, the hacker gains the victim’s trust and then uses that trust to get access to private, sometimes even sensitive, data, like passwords or bank account details.

Probably not in such scale, but the same logic is being used with ransomware: you open email from someone you trust, friend, any legit organization, etc.; you receive intimidating messages that your computer just got infected (still emotional connection, huh?), so you click the link and here you go. Download completed. Ransomware is on your computer! But let’s dig deeper into the ways your computer can get into this trouble — as aware means armed.

First ransomware scenario: Malicious emails

An email with file attachments or links in the email body.User receives email with file attachments or links in the email body. Even though most emails like this will go to the spam folder, some of them can sneak into your inbox.
Downloading malicious file attachment or clicking a linkUser downloads file attachment or clicks the link. The process of ransomware installation has now started.
Ransomware encrypts local dataRansomware starts encrypting the data you have on the computer: photos, documents, PDFs, everything you got there.
Ransom is being requested to release locked dataNow’s the time instructions show up and tell the user how to make a payment to the attacker to get the decryption — and it could be thousands of dollars!

Below is an example of spam and probably malicious email. I can’t tell for sure if the link in the email body will download ransomware, but I don’t want to tempt fate (and look at the note on “trusted sender!”).

Second ransomware scenario: Browser and exploit kits aka malvertising

Redirect to a compromised website through an online adUser clicks on online ads in browser and system redirects user to compromised website.
Hidden exploit codes on the websiteUsually, attackers make sure to create these compromised websites to look legit, so it may take awhile for your antivirus and security system to identify exploit codes hidden there.
Ransomware is placed on your computerExploit kit starts examining your computer and launches some Java or Flash software to find any possible vulnerability. And if such vulnerability is found — ransomware will be placed into your computer.
Ransomware encrypts your dataRansomware will encrypt all the data saved on your computer’s hard disc (the same way as with the malicious email scenario).
Ransom requestInstructions won’t take long, and you will have to pay the attacker again.

Always keep in mind that payment doesn’t ensure that you get access to your files back. This only ensures that ransomware attackers will get your money — and that is it!

Who is the target audience of ransomware?

The answer is everyone.

Ransomware can be aimed at both individuals and businesses of any size. Every organization is at risk — whether you’re a small business or an enterprise. There is no limitation and again, every industry can be damaged: education, government, healthcare, retail, finance…if you think you’re not on the list — you should know that you are, as ransomware is a real threat and can lead to negative consequences.

The impact of ransomware on businesses

What about business impact? Impact IS huge.

The average payment for a ransomware decryption key

In Q4 2019, the average payment for a ransomware decryption key went up by 104% to $84,116, up from $41,198 in Q3 of 2019. Payment doesn’t guarantee that you will restore access to data. This doesn’t even guarantee that your computer isn’t infected anymore.

Ransomware can be devastating, and the recovery process won’t be easy and may require additional resources.

Here are the key risks associated with ransomware:

  • Data loss — temporary or even permanent
  • Complete shutdown of business operations
  • Financial loss due to disruption and downtime
  • Financial loss associated with remediation efforts
  • Company’s reputation

When ransomware hits — it’s a company-wide emergency; it is a disaster which needs to be recovered.

Protection against ransomware attacks

The best way to protect against ransomware is to prevent it from happening.

Back up your data, educate your business administrators on ransomware and invest in a good cybersecurity solution.

Talking about data protection, Veeam provides you with 100% ransomware-proof backups with S3 Object Lock functionality and immutable backups. To make the data immutable, Veeam Backup & Replication uses the Object Lock technology provided by Amazon and some S3-Compatible providers. If you haven’t yet tried the #1 modern data protection platform, download a FREE trial here.

If you’re ready to take it to the next level and want to know more about ransomware, I encourage you to check out the Beat ransomware: Education, Implementation and remediation with Veeam white paper and Winning the War on Ransomware podcast by Rick Vanover below to learn more practical steps organizations can take to protect data and avoid being in a situation where data loss or ransom payment are the only options.

Helpful ransomware prevention resources:

Similar Blog Posts
Business | June 18, 2024
Business | May 28, 2024
Business | May 14, 2024
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.
Veeam Data Platform
Free trial
Veeam Data Platform
We Keep Your Business Running