The real-world consequences of a successful cyberattack have been clearly highlighted this week with the closure of one of the US’ largest pipelines due to ransomware.
A 2017 report from Cybersecurity Ventures predicted ransomware damages would cost the world $5 billion in 2017, up from $325 million in 2015 – a 15X increase in just two years. The damages for 2018 were predicted to reach $8 billion, and for 2019 the figure is $11.5 billion.
The latest prediction is that global ransomware damage costs will reach $20 billion by 2021 – which is 57X more than it was in 2015. This makes ransomware the fastest growing type of cybercrime.
Very few companies can afford a loss of multi-millions, let alone months or even weeks of downtime.
Once your computer systems have been attacked, it’s too late for protection.
You need to empower your organization with ways to protect against ransomware today before you become a victim of one of the worst IT security threats in recent history.
Let’s examine in this article what ransomware essentially is and what steps can be taken to mitigate this threat.
What is Ransomware and How Does it Occur?

The definition of ransomware is wrapped up in the name itself – It’s malware that holds a person’s or company’s data hostage until they pay a ransom to gain access to it.
You can become infected in all the usual ways:
- A malicious link in an email message
- Infected websites
- Fake apps
- Malicious ads, or Malvertising
Once your machine is infected, ransomware can encrypt all forms of files, from documents to pictures to videos. It can encrypt your data (with or without a key), lock you out of your operating system, and spread to other PC’s on the network.
To get your data back, the hackers usually request payment in Bitcoin because it’s harder to trace and follow this form of money. Another hallmark of ransomware is you’ll be given a short time-limit to pay the ransom or risk losing your data forever.
It usually starts with a classic phishing email that serves as bait to download an infected file. In most cases, the infection with the ransomware happens by an attempted PDF, DOC or XLS file. By opening the malicious file, the criminal has crossed the most significant hurdle.
The installation on the respective system takes place. It should be mentioned that the installation can run independently of the activation of the ransomware. The ransomware attack can thus be prepared in advance or can be started at a later time.
As soon as the ransomware is activated, the actual damage starts – the encryption process begins. Individual files on one system or even several systems within a company network can be encrypted. From now on, the user no longer has access to certain files or his entire computer. He has completely lost his admin rights. The control is in the hands of the hacker. Once everything is encrypted, a notification appears on the victim’s screen. Here the hacker demands a ransom to remove the ransomware. Once this process is complete, the attackers only have to wait for the victim to pay the ransom.
Five Dangerous Types of Ransomware

Provided below are the five well-known dangerous and active ransomware threats you need to guard against.
WannaCry
WannaCry is the ransomware that rocked the world in May of 2017 by infecting over 200,000 computers in 150 countries. WannaCry uses an exploit in the Microsoft Windows operating system that was developed by the NSA called EternalBlue.
It works the same as most other types of ransomware by encrypting your data, giving you a “ransom note” and a time limit to pay the ransom. While it was successfully blocked, worse versions were developed using a similar Server Message Block (SMB).
UIWIX
UIWIX uses the same SMB vulnerability that WannaCry used (EternalBlue) to infect systems, propagate itself within networks, and scan the internet to infect more victims. The difference between UIWIX and WannaCry is UIWIX is fileless.
Fileless infections are more dangerous than file infections because it reduces the footprint of the malware, making detection extremely difficult. Also, UIWIX is stealthier.
If it detects it’s inside of a virtual machine (VM) or sandbox environment, it will terminate itself to avoid being caught. If it’s not caught, it will add the .uiwix extension to all your infected files and give you a .txt file called _DECODE_FILES.txt with instructions for paying the ransom to retrieve your data.
Petya
Petya is a unique form of ransomware in that it doesn’t encrypt files on a system one by one. Instead, it reboots computers and encrypts the master file table (MFT), rendering the master boot record (MBR) inoperable.
This leaves the computer unable to boot up until the victim pays the ransom note which will be displayed on the screen in place of the computer’s MBR.
Cerber
Cerber had massive market domination in the first quarter of 2017, with almost 90% of market share toward the end of that quarter, according to Cybercrime Tactics and Techniques Q1 2017.
Cerber is notorious for being distributed in malicious links through email. The link leads to a hacker controlled Dropbox account which opens a self-extracting archive that takes over your machine.
CryptoWall
Cryptowall has already advanced from version 3.0 to 4.0, and it’s extremely dangerous. Mainly because its creators run it like a business.
They are continually enhancing their code to make it more effective and profitable. They stay one step ahead of IT security trends. They have developed numerous social engineering tactics to pressure their victims to pay the ransom in most cases.
CryptoWall and the way it’s distributed has proven to law enforcement that there is a bustling black market of ransomware buyers and sellers.
Ways You Can Protect from a Ransomware Attack

There is a clear indication that you need to protect against ransomware in every way possible. Since ransomware is very difficult to detect and fight, different protection mechanisms can be used.
Here are a few ways to keep your company safe from an attack:
Make Sure Your Antivirus Software Is Up To Date
This seems obvious, but is occasionally neglected by smaller organizations. Many antivirus packages now offer ransomware-spotting features or add-ons that try to spot the suspicious behavior that’s common to all ransomware: file encryption.
These apps monitor your files for unexpected behavior – like a strange new piece of software trying to encrypt them all – and aim to prevent it. Some security packages will even make copies of the files that are threatened by ransomware.
Understand What’s Happening across the Network
There’s an array of related security tools – from intrusion prevention and detection systems to security information and event management (SIEM) packages – that can give you an insight into the traffic on your network.
These products can give you an up-to-date view of your network, and should help you spot the sort of traffic anomalies that might suggest you have been breached by hackers, whether they are intent on infecting your systems with ransomware or have something else in mind. If you can’t see what’s happening on the network, there’s no way you can stop an attack.
Scan and Filter Emails Before they reach Your Users
The easiest way to stop staff clicking on a ransomware link in an email is for the email never to arrive in their inbox. This means using content scanning and email filtering, which ought to take care of many phishing and ransomware scams before they actually reach staff.
Have a Plan for How to Respond to a Ransomware Attack, And Test It
A recovery plan that covers all types of tech disaster should be a standard part of business planning, and should include a ransomware response. That’s not just the technical response – cleaning the PCs and reinstalling data from backups – but also the broader business response that might be needed.
Things to consider include how to explain the situation to customers, suppliers and the press. Consider whether regulators need to be notified, or if you should call in police or insurers. Having a document is not enough: you also need to test out the assumptions you have made, because some of them will be wrong.
Think Very Long and Hard Before You Pay a Ransom
Ransomware crooks have found their way through your defenses and now every PC across the business is encrypted. You could restore from backups, but it will take days and the criminals only want a few thousand dollars. Time to pay up?
For some, that may be the obvious conclusion. If the attackers only want a relatively small amount then it might, in the short term, make business sense to pay up because it means the business can be up and running again quickly. However there are reasons why you might not want to pay.
First, there’s no guarantee that the criminals will hand over the encryption key when you pay up — they are crooks, after all. If your organization is seen to be willing to pay, that will probably encourage more attacks, either by the same group or others.
There’s also the broader impact to consider. Paying a ransom, either from your own funds or via cyber insurance, is to reward these gangs for their behavior. It will mean that they are even better funded and able to run even more sophisticated campaigns against you or other organizations. It might save you some pain in the short term, but paying the ransom only fuels the ransomware epidemic.
Understand What Your Most Important Data is and create an Effective Backup Strategy
Having secure and up-to-date backups of all business-critical information is a vital defense, particularly against ransomware. In the event that ransomware does compromise some devices, having a recent backup means you can restore that data and be operational again fast.
But it’s vital to understand where that business-critical data is actually being held. Is the CFO’s vital data in a spreadsheet on their desktop, and not backed up in the cloud as you thought? It’s no good having a backup if you are backing up the wrong stuff, or backing it up so infrequently that it’s useless.
Train Staff to Recognize Suspicious Emails
One of the classic routes for ransomware to enter your organization is via email. That’s because spamming out malware to thousands of email addresses is a cheap and easy way for ransomware gangs to try and spread malware. Despite the basic nature of these tactics, it’s still depressingly effective.
Training staff to recognize suspicious emails can help protect against ransomware and other email-borne risks like phishing. The basic rule: don’t open emails from senders you don’t recognize. And don’t click on the links in an email if you aren’t absolutely sure it is legitimate. Avoid attachments whenever possible and beware of attachments that ask you to enable macros, as this is a classic route to a malware infection. Consider using two-factor authentication as an additional layer of security.
Apply Software Patches to Keep Systems Up To Date
Patching software flaws is a painful, time-consuming and tedious job. It’s also vital to your security. Malware gangs will seize on any software vulnerabilities and attempt to use them as a way into networks before businesses have had time to test and deploy patches.
The classic example of what happens if you don’t patch fast enough is WannaCry. This ransomware caused chaos in the summer of 2017, including significantly disrupting the NHS in the UK. A patch for the underlying Windows Server Message Block protocol exploit that allowed WannaCry to spread so far had actually been released several months before the ransomware hit. But not enough organizations had applied the fix to their infrastructure, and over 300,000 PCs were infected.
How Al Reyami Technologies Can Support You in Your Fight Against Ransomware

If you want to make sure that your disaster recovery plan is correct, that your firewall is top-of-the-line, and that your employees are well-trained to avoid getting phished in the first place, then you should consider working with a proven IT security company.
A successful IT security company will help you find the solutions that match your budget and requirements – ensuring you pay for the correct amount of security you need.
We will persistently perform penetration tests on your systems to identify all the weaknesses and shore up all your defenses. We adhere to industry best practices and always stay on the cutting-edge of antivirus and antimalware strategies and software. From email security to on-premise IT security, we will give you the tools, resources, and expertise necessary to protect against ransomware and all forms of cyberthreats.
Get in touch with us to begin an assessment.
Author