What exactly happens during a ransomware attack?

All too frequently we hear about cyber attacks which are trying to ‘extort money’ from a company or ‘holding a company to ransom’. But what exactly is going on, and why do almost 40% of businesses feel unprepared for such an attack.

A ransomware attack involves an attacker launching a virus which will encrypt, or scramble, all of your data, documents and files. They then post ransom notes on computer screens and within folders (like the one in the image below), demanding that a fee be paid to get your files back. The idea is that if you pay them the ransom, using an anonymous cryptocurrency like Bitcoin, they will provide a program which you can then use to decrypt, or unscramble, your files.

Before all of this happens though, the attacker, who typically gains access to your network via a phishing mail or through a remote desktop terminal which is exposed to the internet, spends time snooping around your network seeing what data you have. If they can download this data, they can use it as leverage to pressure you to pay their ransom, by threatening to release the information publicly, thus damaging your reputation and impacting customers, patients, staff, etc.

And they will, make no mistake. These gangs are out for one thing – to make money. They have published patient records from psychiatric hospitals online, so ethics are not part of their vocabulary.

The average ransom paid by businesses is around $220,000, with about 12 days downtime or severely impacted production.

Many businesses would benefit greatly from taking some small steps, with the first being to recognise that you, yes you, are a target.

Do you have money? Great, then you’re a target. Even households have gotten hit – think about what you would pay if your family photos were encrypted.

So think about how reliant you are on your computer systems and data, and think about the risks to it.

What is the likelihood of an attack?
How robust are your security measures?
What would the impact be if you were hit and your business was unable to function?

So take some time to review your IT and security policies, and consider your disaster recovery plans and how a cyber attack could be handled.

—–
I work with small and medium enterprises to improve their security against online attack. If you are interested in discussing your security or taking steps to reduce your risk, feel free to reach out to me.