Overcoming The False Hope of a Ransomware Attack (Part 1)

By Georg Tichy

stratecta - ransomware security

Every modern business deals with a certain amount of technology. From tech companies that consist internally of nothing but professionals at computers to minimally technical industries that still rely on databases and business software to keep everything running smoothly, the need for a secure network and backups of archived business data is universal. When your data is in danger and it looks like there’s a chance of recovering anything that has been lost, most companies will jump through flaming hoops for any either planned or, worse, unplanned recovery method. That is exactly why ransomware is so terrible. The hope of getting your files back after a disaster is often more powerful than the fear of losing them in the first place.

While you may think that your files are being held hostage, your disaster recovery plan is much more reliable than any hacker’s “promise” that you’ll see your files again.

Malware Has Always Wiped Files

To understand the innovation of ransomware, it may help to have a better grasp on the history of malware as a whole. Ransomware is just one of the most recent innovations in a long chain of malicious, invasive software. In fact, while there has been a significant rise in the ability of malware to actually do something like steal credit card numbers or extortion, malware has traditionally been almost completely pointlessly evil. Worms have roamed the web since before the internet unification seeking out vulnerable systems and often infected websites are simply left up to hurt anyone who comes across them.

When an infection is successful, whether it was targeted or random, the malware’s goal is simply to cause pain. Spamware makes your system unusable with constant pop-ups, spyware steals your login information and uses it for fraud or more spam, and many forms of malware despite the name will simply explore your files, deleting or corrupting them as it goes. Hackers have always deleted files for fun and there’s no reason to assume that they’re going to stop now just because they’ve also figured out how to make a little side cash.

What Ransomware Does

When ransomware gets onto your computer, it’s first act is usually to lurk around for a while. During this time, it may finish installing itself, spread from the first computer into the local network, and map all your files. These processes usually happen quietly using background resources and the delay often masks the true infection point, whether it as a bad website, a phishing email, or an actual hacker security breach in which the ransomware was placed on your computer.

Once the lurking phase is done, the ransomware will encrypt every single file it can find whether that’s just on a single computer or every file in your entire network including servers, databases, and sometimes even router configurations. Once this is done or while it is going, the ransomware will also freeze and shut down every other process on your computer or network and show the ransom UI.

As most of us already know, once your files are fragged, a UI window will appear and will inform you that all your files have been encrypted, that they will be deleted in a certain amount of time, and that you can save your files if you pay up in BitCoin or some other crypto-currency flavor of the week. This is where the actual scam begins.

Do not believe the UI message, it’s all part of the scam. Ransomware is an incredibly underhanded hack, even as malware goes, because it not only wrecks your files and infects your network, it also gives you a false hope that your computer and files are recoverable.  But this isn’t anywhere near the end of our article on the false hope of ransomware. Join us nex time for the second half of this two-part article where we’ll talk about encryption, trust, and disaster recovery. For more news, tips, and trends in cybersecurity, contact us today!

Leave a Reply