What Happens if Your Network is Infected with Ransomware
There are a lot of different kinds of malware out there and most of it is relatively harmless. There are the adware types that cause a bunch of unwanted advertisements to pop up on your screen infection occurs, botnets that use some of your resources to send spam emails or contribute to DDOS-ing a targeted website, and the ‘fake tech support’ that, hilariously enough, informs you that your computer has been infected with malware. However, it’s been a long time since malware was a laughing matter. Over time, hackers realized they could make money by stealing credit card numbers banking login information and it occurred to some bright cyber-criminal that they could simply and openly extort their victims. Thus the birth of ransomware.
What Exactly is Ransomware?
The term ransomware has been thrown around a lot lately but for many people not deeply involved in the most recent tech scares, it may seem more like a buzzword than a real threat. Let us assure you, ransomware is a real problem and it has done real damage. Ransomware is a variation of malware, meaning that it’s a malicious program that installs itself on your computer if given the slightest opportunity. The reason it’s called ransomware is because of what it is programmed to do. Once on your computer, the ransomware will take all of your files ‘hostage’ and demand payment through a very questionable route. In theory, once you pay your files will be returned to you as if nothing happened. However, it hardly ever goes this way and you can’t actually trust a hacker to keep promises, even if you pay them.
How Ransomware Infects
When examining the ransomware process, the first step is infection. There is no single unified ransomware ‘product’ so there are, in fact, dozens of different ways ransomware can get on your computer. The good news is that they’re all standard malware invasion methods so you can predict and defend against them. The most common form of infection is ‘phishing’ in which a malicious ransomware installation link is sent to an employee disguised as an important message from a boss, coworker, or customer. When they unwittingly open the link, the ransomware installs itself. You can also get infected by visiting a dangerous website that stealth-downloads itself through the website design (much like a cookie) or through a worm. Worms are malware programs that roam the internet un-targeted and simply infect any network they can reach.
Then It Lurks
Most malware doesn’t actually strike right away. They often take some time to get settled, finish installing, and familiarize with your personal files. The initial malware infection often comes as a small download and only part of the whole program. If you only got a ‘seed file’ for the ransomware, it may spend some time lurking in your system and subtly using your resources to download and install the rest of the malicious program. During this phase, the ransomware may also try to stretch out and reach other systems in your network to cause the most possible damage.
When ransomware decides to strike, it goes directly after your files. Unlike previous generations of malware that would have simply deleted or corrupted the data, this is where ransomware shows it’s signature move: cryptography. Rather than deleting your files, it encrypts them. Every single file on your computer from your music collection right down to the configs is encrypted in a way that you will probably never be able to break because you don’t have the encryption key. This renders them both inaccessible and unreadable even if you manually pulled the files from the computer.
If the ransomware has reached your local network and infected more than one computer, you may lose access to every networked device the program knows how to handle. Mobile devices, IoT, and networked appliances like printers are usually safe but you could lose access to everything from your client databases to your host server depending on how far the ransomware spreads. The problem? Without backups or the encryption key, you really will never see those files again. That’s what makes ransomware so dangerous.
The Ransom Demand
Ransomware strikes like a snake, giving you no time to respond or defend yourself once it’s ready to act. The encryption and the ransom demand happen almost simultaneously. Once all your files are encrypted, or as the process is starting to cover their tracks, the screen of every infected system will go blank and then feature a custom window, often low in graphics quality, featuring a strongly red or black-and-red theme, and with questionable English grammar (go figure). Depending on the specific ransomware program you’ve been infected with, there are three types of message. There’s the ransoming criminal message that openly threatens to delete your files if you don’t pay up, the ‘friendly’ error message that assures your files safety if you pay up, and the advertisement for their decrypt.
No matter what tone the ransomware takes with you, the threat is always the same. Pay them in crypto-currency before the timer runs out or you’ll never see your precious files again. Some assure the return of your files, some don’t, but do not trust them either way. Your local files are most likely gone for good.
Defending Against Ransomware
While firewalls and virus scanning are always a good place to start, there is only one really good answer to ransomware: Comprehensive backups. Ransomware will wipe out every file on a computer and some variations will take out an entire local network and every single file stored on or near it. However, with daily backups of all your active files and monthly backups of your network configuration, you have the best possible response. If the system gets infected, simply wipe everything back to factory settings, then reload first the configuration backup, then the active files backup. Ransomware gone, no money paid, and no files lost. Hackers, eat your hearts out.
For more information about ransomware and how to combat it, contact us today!