skull graphic demonstrating how ransomware spreads

How Does Ransomware Spread & How To Prevent It

Ransomware is the number one cybersecurity concern for modern businesses. Falling victim to ransomware can render your machines and network unusable and could result in your business or customer data being leaked online. These consequences can cause damage to your profitability and your reputation. In this article, we’re going to look at the risks of ransomware, how ransomware spreads and how Carden IT Services can help to protect you.

What Is Ransomware And How Does Ransomware Work?

Ransomware is a type of malware which encrypts your data, rendering it unusable and inaccessible. The “ransom” part comes from the fact that this encryption is normally accompanied by a threat that unless a ransom is paid, the controller of the malware will either; 

  • Delete the data. 
  • Leak the data. 
  • Permanently encrypt the data, leaving it inaccessible. 

Ransomware attackers normally ask for this ransom to be paid in cryptocurrency to an anonymous online wallet. Unfortunately, due to the business and reputational risks associated with having their data leaked or deleted, many businesses end up paying this ransom. This only makes ransomware a more lucrative business to future criminals.

In fact, ransomware is now such a good source of income for hackers that there are now black market “ransomware as a service” providers who sell their generic ransomware to other, smaller criminal enterprises and even operate their own customer support call centres to help implement their ransomware attacks. 

What Are The Risks Of Ransomware?

Companies which fall victim to ransomware can find themselves unable to do businesses, or even access their systems for a prolonged period time. In addition to the lost revenue for every hour they are unable to trade, businesses also face reputational damage from the general public knowing they have been compromised. Even if the ransomware attacker never does release the victim’s data online, customers will have less faith in a business which is unable to adequately protect their data. 

It’s not just businesses that are at risk from ransomware either. Any organisation which uses technology is at risk. Schools, charities, hospitals, even government agencies, have all fallen victim to ransomware attacks in the past few years. Even if you don’t think of your business as one which is reliant on technology, the likeliness is that you have some pat of your business which is at risk of a ransomware infection, it could be something as simple as your POS terminal.

Once downloaded, ransomware can spread throughout your network. It can commandeer your email and send further copies out to other users in your contacts, who are now more likely to download and open the attachment as they will believe it comes from a co-worker. 

Other pieces of ransomware, such as the NotPetya ransomware used in attacks throughout 2017, have featured a piece of malware which automatically searches your system for saved passwords, allowing the ransomware to gain access to other services and spread through them. Once the ransomware reaches your system admin or other team member with admin privileges, it can easily spread across your whole network.

How Can Ransomware Reach Your System?

As with most malware, victims of ransomware are often tricked into downloading and installing it. This can be achieved through a variety of methods, but email is the most common attack vector.

Ransomware in Email Attachments
Ransomware is often delivered via an email attachment. The attachment might be disguised as a PDF, Word document, or mp3, but when opened it will install the ransomware. Ransomware emails often use ‘phishing’ techniques such as impersonating a contact or business you trust, or pressuring you into clicking a link. Being aware of how to spot the tactics these scammers use will make you more secure.

Malicious URLs
When browsing the internet, or opening links in an email, there is the risk of clicking on a link which downloads ransomware onto your machine. Be aware of this when browsing the web and avoid clicking a link unless you are confident you know where it will take you.

Remote Desktop Protocol
While RDP can be a useful technology for accessing a computer remotely, there is a risk that in can also be used to remotely install ransomware. For this reason, you should only ever allow someone who you trust 100% to access your computer remotely.

How Carden IT Services Take Steps To Prevent Ransomware Attacks

Our comprehensive cyber-defence package include several data security solutions designed to prevent, mitigate, and recover from ransomware attacks. If you’re wondering how to prevent ransomware, the following services can help; 

  • Ransomware Protection
    AI-driven, cloud-based ransomware protection software can help to detect the warning signs that a programme on your machine is attempting to encrypt your files and folders. It can also prevent data being exfiltrated back to the attacker.
  • Network Monitoring
    Our managed security operations centre monitors our customers’ networks 24/7 for signs of anything suspicious, including the ransomware. Any suspicious activity is immediately flagged to our cyber-defence team for further review.
  • Cybersecurity Training, Testing and Simulations
    Knowledge is one the best defences you can have, our team provides cybersecurity training to your team about how to avoid ransomware attacks and the risks they pose. We can then follow up by testing both your team and your network through penetration testing and simulated phishing emails. These cybersecurity training and testing services test the preparedness of your data security standards and can help your business to discover both technological and human-error based vulnerabilities in your network.
  • Dark Web Scans
    The dark web can be a confusing and dangerous place to start poking around in. Luckily, we have automated dark web scanning systems which can scour the dark web for your business’s sensitive information, like passwords which may have already been leaked from previous attacks. While there is no easy way to remove this information from the dark web, knowing it is there can give you a heads up on which information about your business has already been compromised and which passwords need to be change urgently.
  • Off-Site Backups
    As part of our disaster recovery services, we provide regular off-site cloud backups of your data as well as virtualised versions of your network. In the event that your on-premises network is compromised by ransomware and rendered inaccessible, you can continue to use the virtualised version in the cloud while our disaster recovery team works to bring your on-premises systems back online.

Want To Protect Your Business From Ransomware?

Hopefully this has been a useful guide to what ransomware is, its risks, how to protect your organisation from ransomware, and how Carden IT Services can help to prevent and mitigate it. If you would like to learn more about our ransomware protection services, speak to our cyber-defence team today.

Author: Dave King

Dave King is the Co-Founder and Director of Carden IT Services and the wider Carden IT Group. Dave has over 18 years’ experience in business IT networks with a focus on IT consultation and disaster recovery planning/testing.