#1 Global Leader in Data Resilience

What is Ransomware?

Ransomware is a form of malware that prevents users from accessing their systems or personal files. It is not a computer virus. Malware is any form of software designed to harm a computer or a network. A virus is malware, but not every kind of malware is a virus. Ransomware encrypts users' files, applications and databases and demands a ransom for the user to regain access to these files or to prevent sensitive information from being shared publicly or sold to the highest bidder.

How Does a Ransomware Attack Work?

It encrypts an individual's, a company's or an organization's most important files and documents using asymmetric encryption to create a public-private pair of keys. The victim of a ransomware attack can only get access to the private key, which will decrypt their files if they pay the ransom. Many cybercriminals these days deploy a "double extortion" technique, where they first scan sensitive files before encrypting them. The criminal gang will demand payment to decrypt the files and to prevent sensitive information from being made public or sold.

Although the first ransomware attack took place in 1989, the recent wave of ransomware attacks began in 2017 with the WannaCry outbreak. Original ransom payments were made by email but nowadays are usually demanded to be paid in cryptocurrency.

How Do I Get Ransomware?

A cybersecurity expert once remarked, "Given the choice between dancing penguins and cybersecurity, dancing penguins win every time." He was referring to the human propensity to want to enjoy the moment of dancing penguins, rather than worrying about where those dancing penguins originated.

Cybercriminals gain access to a network or computer using such methods. They frequently depend upon individuals paying more attention to the dancing penguins than cybersecurity. Here are some common methods of ransomware:

  • Malspam: an email with a malicious attachment is sent to as many people as possible with the hope that someone will open it. Attachments like Microsoft Word documents and PDFs can be booby-trapped to allow access.
  • Malvertising: cybercriminals use online advertising to distribute malware. In this form of ransomware, hackers need little or no interaction from a targeted user. They use infected iframes or an undetectable webpage element. The user can simply browse the web and be directed to illegal sites without visiting a suspicious site. Once a user's computer or system is affected, the cybercriminals' server will select the appropriate malware for that system.
  • Spear phishing: a more targeted form of ransomware, cybercriminals send emails to a company's employees that "require" them to fill out an HR form or to download a message from the CEO. These criminals often aim for a company's senior decision-makers, who are less likely to pay attention to security.
  • Social engineering: all of the above ransomware methods often contain elements of social engineering. They try to trick people into downloading ransomware by appearing to be an email from a friend or an important company update. With so much personal information available on the internet these days, it's easy for cybercriminals to compile information about employees of a company to gain their trust. Cybercriminals have also been known to pose as the FBI or other government organizations.

Types of Ransomware

There are three main types of ransomware:

  • Scareware: cybercriminals use scareware to trick users into downloading ransomware. This form of ransomware is targeted at individuals. You'll receive a pop-up from a "security company" that says that if you do not pay the ransom, you will never regain access to your files. No legitimate cybersecurity company would ever send such a message.
  • Screen lockers: once a screen locker downloads to your computer you lose all access to your device. Upon booting up, a full-screen message from what appears to be the FBI, or the US government appears, purportedly saying that law enforcement has detected illegal activity on your computer, and you must pay a fine.
  • Encrypting ransomware: the worst form of ransomware, it encrypts your files and demands payment before restoring them. Once your files are encrypted, there is no way software can help regain access.

Examples of Ransomware

There are several well-known versions of ransomware:

  • Ryuk: often used in spear phishing, it encrypts only certain types of files but never shuts the computer down completely. It then demands a ransom to access documents and other important files.
  • REvil (Sodinokibi): large businesses are familiar with this ransomware. Used by a Russian criminal gang since 2019, it has been responsible for many serious breaches. It uses the double extortion model to demand payments for payments as high as $800,000 in cryptocurrency.
  • DearCry: created in March 2021 to exploit four vulnerabilities in the Microsoft Exchange system. This is a case where Microsoft released patches for the problem, but when people didn't download these patches, they left themselves vulnerable.
  • Lapsus$: developed by a South American ransomware criminal outfit, this organization relies on extortion, threatening companies that they will release sensitive information or sell it to the highest bidder.

Who Does Ransomware Target?

The earliest victims of ransomware were individual computer users. Anyone sitting at home would suddenly see a pop-up saying they had to pay ransom to regain access to their files. Cybercriminals soon realized that they could make a lot more money targeting businesses. According to a study by Veeam in 2022, 76% of companies said they had been the target of a ransomware attack, and 60% of that number were targeted more than once.

Ransomware attacks have sometimes even gone after entire cities. In March 2018, the SamSam ransomware knocked out several critical municipal services in Atlanta, including the police record-keeping system. In the end, this attack cost Atlanta $2.6 million.

Cybercriminals, often based in countries like Russia or China where it is difficult for authorities to stop their activities, focus on Western nations like the United States, Canada, Australia or the United Kingdom. As new markets emerge, such as Brazil or India, companies and facilities in these countries are likely to become more frequent targets of ransomware attacks.

How to Remove Ransomware

The number one rule if you find yourself a victim of a ransomware attack is never, never, pay the ransom.

  • There is no guarantee you will get your files back even if you pay.
  • You put a target on your back that you can be ransomed.
  • You encourage cybercriminals to attack other companies or individuals.

In some cases, you might be able to remove the ransomware using decryptors, many of which are free (visit the No More Ransom Project). Choose a ransomware decryptor carefully, as it must match the kind of ransomware on your computer or network, or you can further encrypt your files. Sometimes you can use a remediation computer product to scan your computer. You might not be able to retrieve all your files using this method, but you can remove the malware infection.

Some other steps include:

  • Isolate the infected machine: it's essential to remove the infected machine from a computer network as soon as possible.
  • if you power off, you could lose memory, so leave the computer on to help recover critical files and other elements.
  • Create a backup: it's the best way to ensure that you won't have to pay a ransomware demand and that you can recover essential files within hours, if not minutes.
  • Wipe your computer clean: use a clean backup or install a new operating system to restore your machine or network.

How to Prevent Ransomware Attacks

"I'll do something about it when I have the time" is a surefire way to make your company a target of a ransomware attack. Don't put off till tomorrow what you needed to do yesterday. You should prepare as if it will happen to you. Two important steps are:

  • Immediately install cybersecurity software. Choose one that requires strong authentication.
  • Install backup software that regularly backs up your systems and  restores your company's files and documents within hours or minutes.

Here are some other steps you can take:

  • Keep your cybersecurity systems updated.
  • Educate your employees or yourself on recognizing the signs of a ransomware attack. Show how social engineering can fool them or you into downloading ransomware. It is one of the best ways to protect your organization from attack. Help create strong passwords. Tell your employees it's all right to trust their gut. If a site makes them uncomfortable or seems suspicious, it's probably best to avoid it.
  • Keep up to date on developments in cybersecurity.
  • Keep up to date on system patches. If you run your computer network on old software and don't update regularly, it's like putting a sign outside your computer network saying, "Attack me! I'm not protected."

Protect Yourself from Ransomware With Veeam

You are crucial in protecting your company or organization from a ransomware attack. The key is vigilance, staying on top of the issue and finding the best software to safeguard your organization. As noted several times above, one of the most critical factors is creating backups for all your data and files.

Veeam offers a secure and dependable single-solution product to protect you against ransomware and includes backing up your most important files, giving you the ability to restore your data as quickly as possible. It automatically tests your backup files to ensure they are malware-free and ready to be used at a moment's notice. Your business will be back online quickly when you rely on Veeam.

Featured Resources

Data protection

2022 Data Protection Trends

The largest data protection industry report from 3K+ IT leaders

Partner icon

Request a Demo

Learn how to modernize your data protection in a live session

Contact icon

Contact Us

Get help selecting the right solution for your organization