Is Your Company Next? How to Avoid Ransomware Attacks

Recently, the term “ransomware” has frequently appeared in news reports.

Compared to traditional computer viruses, ransomware is extremely threatening because it renders infected computers almost “unusable.”

This article explains what happens specifically with ransomware, which poses a threat to both companies and individuals, and what measures should be taken to avoid ransomware infection.

Table of Contents

1. What is Ransomware?
1. How to Make a Computer Unusable
2. Where Does Ransomware Come From?
1. Infection via Email and SNS
2. Other Infection Routes
3. Notable Ransomware and What to Do If Infected
1. Current Mainstream Ransomware
2. What to Do If Infected with These Ransomware
4. How to Avoid Ransomware Infection
5. Summary

1. What is Ransomware?

Ransomware is a type of software that infects PCs.

Unlike computer viruses that aim to steal personal information/data or send unauthorized information, ransomware aims to render infected computers unusable and demand a ransom.

Therefore, ransomware is a type of malicious software called “ransomware“.

1-1. How to Make a Computer Unusable

There are mainly two types: “encryption type,” which forcibly encrypts the hard disk of an infected computer and demands the purchase of a password to decrypt it, and “lock screen type,” which displays a blue screen on the computer and similarly demands money to unlock it.

In either case, ransomware’s operation encrypts the computer’s hard disk itself, making it impossible for users to use it normally, and the method is to “make” victims “purchase” the password to decrypt it, so it is mainly for monetary purposes.

In many cases, virtual currencies such as Bitcoin are used for this monetary demand. If infected with ransomware, it is difficult to decrypt the computer on your own, so the computer becomes almost unusable.

If it is a working laptop computer, the damage will be limited, but if it infects a server or a computer with a database, serious damage such as a complete stop of operations is expected.

2. Where Does Ransomware Come From?

Ransomware, like other computer viruses and spyware, cannot infect without an “infection route”.

In order for ransomware to infect the computer, it must be executed on the computer like other software.

2-1. Infection via Email and SNS

Ransomware may be sent directly as an attachment to an email, but in some cases, a link is placed in a message on email/SNS, and ransomware is downloaded at the link destination.

When infecting via email or SNS messages, attackers disguise the file title and email content as if they were legitimate communications or legitimate attachments in order to get the recipient to click the link or open the attachment.

2-2. Other Infection Routes

In addition, there are a small number of cases where a person with a clear intention of attacking infects the target PC directly with ransomware using a USB memory stick, etc.

In addition, there are many cases where a link to ransomware is embedded on a website, and the link to ransomware is posted from a button on the site. Whether it is a company or a home, the more PCs that are infected with ransomware, the more targets for which a ransom can be demanded.

3. Notable Ransomware and What to Do If Infected

There are many types of software that interfere with the normal operation of a computer, such as computer viruses and spyware, but just as there are typical ones among them, there are also typical ransomware that infect a large number of computers.

3-1. Current Mainstream Ransomware

The current mainstream ransomware is ransomware called “WannaCry” and “PETYA”, both of which have spread around the world.

“WannaCry” has the ability to self-propagate to devices on the same network when infected, and was found to have spread within a major Japanese company after infection.

“PETYA”, like “WannaCry”, has self-propagating capabilities, and it also became a trigger for global awareness that it makes the entire hard disk unusable, causing a major panic.

In addition, ransomware such as “Locky”, “Bad Rabbit”, “CryptoWall”, and “SNAKE” are also well-known.

3-2. What to Do If Infected with These Ransomware

First, the computer needs to be isolated urgently. Unplug the LAN cable to isolate it from the network, and in the case of a company, it is necessary to contact the system management department or vendor.

Similarly, after isolating it from the network, the response will vary depending on which ransomware you are infected with.

However, in general, it is said that it is very difficult to try to decrypt it yourself when an infection by ransomware occurs.

4. How to Avoid Ransomware Infection

If you are infected with ransomware, your hard disk will be locked and you will not be able to access your important data. In the case of a company, not being able to access business data is highly likely to lead to immediate losses for the company.

However, if you only think about not being able to access data, the damage can be minimized to some extent by taking measures such as regular backups to external recording media or data redundancy using cloud services. Companies should also store data and files on the server side and access them from computers on site via the network.

Since ransomware’s infection routes are mainly email and websites, not accessing unofficial software distribution sites or illegal download sites is the minimum common sense, and even for emails and SNS messages, before clicking a link or executing an attachment, verify that the sender is really a legitimate party and that the attached file is safe before executing it. Such prudence is required.

In companies that exchange a lot of data with the outside, it is also possible to execute files received from the outside in a closed environment, and if it is confirmed that there is no problem, transfer it to the terminal on site, which is a so-called “sandbox” type of response that can ensure a certain level of security.

Summary

For people who have been using computers for a long time, computer viruses, malware, and spyware are familiar words. However, in many cases, the computer can be used again by isolating or removing the infection.

On the other hand, ransomware encrypts the hard disk itself, so it is a major threat that the hard disk/PC cannot be used unless it is removed or decrypted. First of all, by knowing the existence and infection route of malicious software called ransomware, and by knowing the response procedures such as evacuating data and isolating the computer from the network after infection in preparation for the event of infection, you can protect yourself from damage caused by ransomware.

For further assistance, please contact globalsupport@jiran.com.