Large and small businesses are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organisation’s productivity. But what does a typical attack look like? And what security solutions should be in place to give the best possible defence?

A brief introduction to Ransomware

Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.

The current wave of ransomware families can have their roots traced back to the early days of Fake AV, through “Locker” variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration and the financial consequences can be severe.

Why are ransomware attacks so successful?

Most organisations have at least some form of IT security in place. So why are ransomware attacks slipping through the net? Access to ready-made ‘Exploit as a Service’ (EaaS) programs is increasingly easy, making it simple to initiate, successfully complete and benefit from an attack, even for less tech-savvy criminals. Skilful social engineering is used to prompt the user to run the installation routine of the ransomware. For example you may receive an email that reads something like this: “My organisation’s requirements are in the attached file, please provide me with a quote.” Producers of ransomware operate in a highly professional manner. This includes providing a working decryption tool after the ransom has been paid, although this is by no means guaranteed.

How does a ransomware attack happen?

There are two main ways by which a ransomware attack starts – via an email with a malicious attachment, or by visiting a compromised (often a legitimate, mainstream) website.

However, when the file is executed the ransomware is downloaded and installed onto your computer. Some files are disguised as a .txt or JavaScript that’s the Trojan horse, but there are many other variations on the malicious email approach.

Malicious websites are another common way to get infected by visiting a legitimate website that has been infected with an exploit kit. Even popular websites can be temporarily compromised.

How to Stay Protected Against Ransomware

Sophos Intercept X utilises the unique CryptoGuard technology to stop ransomware attacks in their tracks. It works by detecting and stopping ransomware from encrypting your files. Intercept X complements your existing security, blocking processes that attempt to make unauthorized modifications to your data.

Web threats are neutralised at the firewall and web gateway. URL filtering block websites hosting ransomware, as well as their command and control servers. By enforcing strict controls you can stop ransomware-related files from being downloaded at all.

Find out more