Ransomware: Prepare and Protect

What is ransomware?

Ransomware is a class of malware which restricts access to the computer system that it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive, while others simply lock the system and display messages intended to coax the user into paying.

How do ransomware attacks work?

Ransomware typically propagates like a conventional computer worm, entering a system through, for example, a downloaded file (usually sent via a link in an email) or a vulnerability in a network or operating system service. The act of opening the email, if affected, can trigger numerous types of problems on your computer as well as continue to spread to the user’s network or operating system.

How long do ransomware attacks last?

A recent 2020 Vanson Bourne survey (sponsored by SentinelOne), shows that recovery from a ransomware infection takes ~33 employee hours. On top of that, 48 percent of organizations that participated in the survey were affected by at least one ransomware attack during the last 12 months. The core activities typically done to recover from the ransomware infection include decrypting files and data encrypted by the attackers and replacing encrypted files and data with backups.

What are the examples of ransomware?

There are two styles of ransomware attacks that have emerged. The first may be the more likely to strike, but it is also potentially less debilitating. This version simply locks the victim's screen. The second style of ransomware is a more targeted attack, and actually encrypts files on the target computer.

  1. In the first type, criminals typically use an official-looking logo to intimidate the victim (such as a local law enforcement agency or a government department) and simply lock their victim's screen so they cannot access their computer until a payment is made. It is a broad-brush approach, distributed en masse with the hope that a portion of victims will pay the 'fine' or ransom demanded on the locked screen. This scenario does not typically encrypt any files on the victim's computer (although early examples may have) and is more often just a form of malware, for which most security vendors have tools to assist.
  2. The second type of ransomware is a more targeted and challenging concern. In this scenario, cyber criminals target a particular victim, typically a business or an organization. The targeted computers are actually hacked and files on the computer encrypted. Without payment, files are inaccessible.
Back to top ↑

How can you protect against ransomware attacks?

To understand how to protect against ransomware attacks, you must first understand how they work and propagate. Attacks like these usually start with a phishing email to users. Once a user clicks on a malicious link in the email or opens a malicious attachment, malware is downloaded to their machines. An example of this is WannaCry, where the malware spread laterally in the network using a Windows vulnerability that was patched two months before WannaCry was released in the wild. After that, the process is simple – the malware infects a computer, locking users out of the system (usually by encrypting the data on the hard drive), and then holds the decryption or other release key ransom until the victim pays a fee, usually in bitcoin.

Back to top ↑

How can you isolate WannaCry ransomware?

Although we can try our best to close every gap in our environment, control every endpoint, and identify every risk, hackers will get in. You need to focus on how you can best protect your data and minimize any impact when the hacker gets in. With Unisys Dynamic Isolation™, you can isolate a suspicious user or device within seconds of detection – stopping a threat before it expands and preventing data exfiltration.

Watch how a threat is isolated in seconds before causing any harm.

Back to top ↑