What Is Ransomware? Keys to Protection and Removal of Ransomware

Aaron Walker
Aaron Walker  |  January 23, 2019

Gigabytes of valuable data are stored on your laptop right now.

Pictures and videos of your trip to Europe, that short story you've been writing for months, and maybe even some personal financial information.

Now, imagine going home to your laptop to find all these files have been taken hostage by ransomware.

It's a terrifying thing to think about, but ransomware is real and affects many people and businesses every year. Here are a few statistics about ransomware:

  • In the first six months of 2017, businesses lost an estimated $544 billion due to ransomware.
  • Apple ransomware attacks are on the rise, up nearly 500 percent from 2017.
  • 92 percent of service providers predict the number of ransomware attacks will continue at current.

What is ransomware?

We know ransomware is a type of malware, but how exactly does it work?

In simple terms, attackers typically infect end users with a virus, trojan or worm and lock down a network’s endpoints, requiring payment in return for access to the end user’s files. If they refuse, the virus may destroy or harvest an entire network’s data.

Worms are often used as ransomware attack tools because they are specifically designed to replicate rapidly and infect computers connected to their hosts. Trojans, meanwhile, are useful because they disguise malware as a legitimate file and trick users into downloading them.

Once the user has been infected and hackers gain control of the network, end users will be restricted from doing anything besides paying up. Their fee will typically require a payment via cryptocurrency, since it is nearly impossible to track once the transaction is complete.

what-is-ransomware

Ransomware attacks

Ransomware became widely known to the cybersecurity community in 2017. Stories of new ransomware attacks popping up everywhere at a scale unseen before.

Costly attacks hit dozens of countries including the U.S., Japan, and Italy – to name a few.

Luckily, ransomware attacks are trending downward in terms of frequency. Few victims were actually paying the ransoms, but unfortunately, new forms of malware are emerging that are more effective and stealthier.

For example, threats such as cryptocurrency mining malware can utilize a victim’s computing power without them even knowing.

Still, ransomware attacks aren’t only targeting corporate conglomerates. 43 percent of cyberattacks are targeted toward small businesses. And as a result, companies should be adopting cybersecurity technologies with the features necessary to protect against ransomware threats.

This is an example of the user-facing component of 2017’s WannaCry ransomware attack. It was the largest attack of its kind, impacting 300,000 endpoints in May 2017.

wannacry-ransomware-attack

Fortunately, there are ways to become less-likely to be targeted by ransomware attacks.


How to avoid ransomware (3 methods)

The easiest way to protect against malware is through employee education, and security awareness training is becoming more common. These courses and seminars help companies inform employees of the dos and don’ts of online behavior.

Employees learn how to identify phishing or spoofing content that aims to trick users into downloading malicious files or giving hackers sensitive information. Malicious downloads can spread worms or viruses across a network quickly, and that sensitive information can be used to gain access to networks, applications and databases where hackers can wreak havoc on unsuspecting companies.

1. Backup and disaster recovery

Ransomware protection software and solutions can come in many different forms. The most common practice is employing a backup or disaster recovery solution. These tools keep company information stored securely in an isolated environment in case cloud or local storage systems are compromised.

If hackers threaten to delete your company’s data, the amount of data lost can be significantly diminished. Important features to keep in mind are continuous backups and disaster recovery capabilities. Continuous backups will automatically sync data to keep it as up to date as possible. Disaster recovery will simplify and expedite the process of recovering upon an attack.

2. Email security and web gateways

Secure email and web gateways are useful tools to limit the amount of potentially dangerous content employees come into contact with. Email gateways will improve spam filtering and phishing identification. Web gateways will do the same, but with unsecured sites and dangerous links. Both solution types often come with file scanning features to prevent dangerous downloads from actually getting into the network.

3. Endpoint protection and antivirus

Endpoint protection and antivirus solutions are increasingly providing ransomware protection capabilities. Antivirus products will improve the overall protection of endpoints and increase a user’s ability to discover threats. Endpoint management tools can help keep devices and applications safe by requiring updates and patching vulnerable components.


How to remove ransomware

Ransomware removal can be a little more complicated than general protection. Once the malicious program has infected a system, it can be difficult to inspect, locate and remove.

It will be easy to tell when ransomware is present, as a locked screen requesting payments won’t be very interactive. Fortunately, many devices such as PCs and smartphones possess a Safe Mode which runs a program to scan for and remove malware.

Other tools can increase your chances of a full recovery. Incident response solutions are helpful tools designed to help users remediate threats once they’ve been discovered.

Some tools such as Demisto and Cybereason have features specifically for ransomware removal and inspection.

Security Information and Event Management (SIEM) solutions are suites designed to document tons of logs and improve response time and forensic analysis. Splunk and Trustwave, for example, are SIEM solutions with significant incident response capabilities.

Companies that don’t have on-hand staff to handle all of their security needs can always work with cybersecurity consulting and cybersecurity service providers. They range from consulting and implementation assistance to incident response and fully managed security services.


Free yourself from ransomware

Hopefully, you'll never have to worry about your valuable data being held hostage at the hands of cyber-thieves – but prevention is the best form of protection.

Consider one of the many options we listed above to avoid becoming a victim of ransomware.

Interested in more cybersecurity topics? Look no further. Check out our full analysis on the top cybersecurity trends of 2019 and our roundup of 70+ cyber security terms and their definitions.

Aaron Walker
Author

Aaron Walker

Aaron is a Senior Research Specialist who focuses on cybersecurity, information technology and software development. He began at G2 Crowd in 2016 after graduating from The University of Iowa. Aaron has written for The Daily Herald, Tribune Media, and The Daily Iowan, among other media outlets. In his free time, Aaron enjoys shooting film photography and fine-tuning his illustration skills.