Ransomware: How It Works and What You Can Do

February 19, 2016 Advisory

“Ransomware” is making big news, with reports that a California hospital paid $17,000 to regain access to its network after malware locked access to files. This is a case, however, of the news catching up to the facts. Ransomware has been one of the fastest growing forms of cyberattack over the last year. According to media reports, as many as 100,000 computers per day are being infected with ransomware. 

These increasing ransomware incidents serve as the latest warning that companies need to take steps to protect against costly and damaging cyberattacks. 

How Ransomware works 
Without getting too technical, ransomware works by infecting a computer, then using modern cryptography methods to encrypt files. Once encrypted, the files cannot be decrypted without the “key” that the hackers provide when you pay them ransom. Since we are talking about encryption schemes that would take supercomputers years to break, there is (with one increasingly limited exception) no way to regain access to the encrypted files without paying for the key. 

We mentioned an increasingly limited exception. A couple of years ago, when one ransomware ring was taken down by law enforcement, some of the private keys that ring used to decrypt were recovered. Thus, if the ransomware variant that infected your machine happens to be the increasingly outdated version that matches these keys, then you have a shot at getting your files back without paying the ransom. But, the hackers are very aware of this loophole, and more modern ransomware variants do not respond to the captured keys. 

How Ransomware is spread 
The delivery methods keep evolving, but almost all delivery mechanisms have something in common: human help. Common delivery methods include such human-machine interactions as opening infected email attachments, and visiting websites which inject the malware into the user’s machine. While even the most innocent websites can be hijacked to deliver malware, the shadier websites are the most likely to give you an unwanted infection. 

These delivery methods have several implications which help explain ransomware’s rapid proliferation. First, the hacker doesn’t have to put any thought into making you a target. He or she just has to cast the malware about (much like throwing seed into the air), and then wait for you to call once you are infected. Second, ransomware has an extremely high ROI for the hacker’s limited efforts. The hacker has to write (or buy) the ransomware once (and it’s not expensive to acquire), seed it once, and then sit back and watch the profits roll in from thousands of infections. 

What you can do
While nothing provides a bulletproof solution to this growing problem, implementing and strengthening several measures can lower your risk:

  • Because much of this malware infects machines by tricking the user, raising user awareness of this problem is crucial. Users who are more resistant to clicking on suspicious email links and visiting shady  websites are your best means of lessening exposure. You should realize that:
    • Inattentive users run a very real risk of bringing damaging cyber-infections into the company.
    • “Think before you click” on email attachments and imbedded links is an important defense. You are far better off having users who over-report suspicious links to IT than with users who are overly trusting.
    • Web browsing should be limited to those business sites that are necessary for your operations.
    • If your users have the ability to link to company systems from their personal computers or other devices, understand that applying these rules to their personal device use makes them, and the company, safer.
  • Encourage prompt employee reporting of potential problems. Even the most diligent employee may fall prey to a malicious email. Employees who fear discipline or termination will be much less likely to swiftly report potential problems. You will eventually discover you’ve been compromised, but only after the damage has multiplied.
  • Back up frequently. Losing a file to encryption is much less problematic if you have a clean backup copy. Review your backup procedures, and make sure you have a robust backup process.
Contact Us
  • Worldwide
  • Chicago, IL
  • Denver, CO
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
Worldwide
abstract image of world map
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware