Many businesses are familiar with ‘phishing’ and have taken the measures necessary to protect themselves. However, there are other common cyber-attacks that your business need to be aware of. Most attacks target infecting businesses with ransomware. In this article, we’ll focus on how it works and what businesses can do to keep themselves safe.
Definition of Ransomware
Ransomware is a package of malware that focuses on capturing and locking down files on a computer and network. These files are then encrypted, and the user is denied access until a ransom is paid. Sometimes the data is also sent to the attackers with the threat of publication online. The encryption process generally takes place in two stages.
First, your computer or network would need to be infected with malware. The malware sends important information about your computer or network such as the access permissions and IP addresses to the perpetrator’s control center. In many cases, they are also able to steal passwords for user and admin accounts.
In the second stage, the attacker uses the information from the malware to access your system and encrypt the files. Once the files have been encrypted, it’s virtually impossible to get them back without the criminal’s hidden decryption keys, or a later released decryption tool. That’s why it’s so important to prevent the first stage of the process.
Typical Vectors of Ransomware
1. Emailed Links & File Attachments
These are similar to ‘phishing’ emails. The main difference is that they will contain links or file attachments that prompt you to take further action. They will lead to downloading an executable file (.exe). That’s the malware’s way in. In some cases, the troublesome executable file is hidden in a convoluted series of files. For example, an included link may download a PDF, which then leads to a Word (.doc or .docx) file that prompts you to enable macros or enter your email credentials.
2. Accidental File Download from Websites
Another way criminals sneak malware onto your system is through hidden files on a compromised website. This is known as a ‘drive-by download’ as the file gets downloaded without you having to click anything. Even popular websites can be affected by this technique as long as they are vulnerable, especially if they have running ads.
3. Remote Attacks on Servers
A remote attack or remote exploit is used to get into several computers at once. With this method, the hacker takes advantage of a vulnerability in your security software. With access to your server, the hacker can not only install malware but also steal important company data. They will also make changes to your system that will further compromise your entire technological infrastructure. For instance, they will likely delete backups and disable shadow copies.
4. Misconfigured Public Clouds
Many businesses use cloud storage facilities to complement their internal networks. It’s a convenient and user-friendly tool and file sharing method. Unfortunately, public cloud storage facilities can have issues with access controls. This leaves your information vulnerable and hackers can gain a foothold in your system through your cloud connection. As with a remote attack, the criminal would be able to steal important data as well as infect your system with malware.
5. Remote Desktop Protocol
This increasingly popular type of attack is done remotely and any computer that is open to exploitation can be affected. As businesses build networks, more and more computers are left open to provide valid access to their administrators. Unfortunately, that also leaves the computer open to attack over RDP port 3389. There are many open-source password applications available that allow hackers to launch a brute force attack on a computer with Remote Desktop publicly accessible.
Start Protecting Your Business from Ransomware
Now that you know what ransomware is and how it can affect your business, get started with protecting your business. At Blue Collar Computing (BCC), we specialize in helping businesses by providing customized and relevant tech recommendations. We’re a Managed Services Provider, and we can conduct a free security audit to pinpoint where your business is vulnerable. Contact us today to get started with keeping your business safe from hackers.