What is a ransomware attack?

Tom Grange
By Tom Grange, Director - Connectivity Business

Whether you’ve just started your business or it's a few years in, you need to keep on top of potential cybersecurity issues. Phishing scams, DDoS attacks and ransomware can threaten the safety of the devices and networks operating throughout your business — and can come with a hefty price tag.

But how can you keep your company and employees safe from ransomware attacks? We’re about to explain it all in this Bionic guide.

A business owner looks concerned as he researches ransomware

What is a ransomware attack?

Ransomware is a type of malicious software — also known as malware — designed to infect a computer system. This malware encrypts files on the impacted device and network, making them unusable until the targeted person or business pays the attacker that has sent the ransom to regain access. 

Attackers will usually always leave a ‘ransom note’ on the targeted computer during the attack, explaining how and where the ransom can be paid. Most attackers usually demand this in cryptocurrency, with Bitcoin accounting for approximately 98% of ransomware payments. 

As well as putting immense pressure on business owners to part with their hard-earned cash, attackers can even take this one step further and threaten to compromise the security of sensitive data or even shut down systems entirely — even after receiving payment.

What's the difference between ransomware and DDoS attacks?

In the world of cyber attacks, ransomware and denial-of-service (DDoS) attacks go hand in hand. 

A DDoS attack is where a hacker attempts to disrupt normal sessions to a website by flooding the intended target with an influx of traffic. This will then overwhelm the system to a point where it comes to a slow crawl or stops entirely. You can find out more in our guide to DDoS attacks.

Hackers use DDoS attacks to temporarily bring down firewalls — a network security system that monitors all incoming and outgoing network traffic — and other security measures to install ransomware on the target's computer or network. Hackers will then threaten to bring a business offline unless a ransom is paid — which can be a big blow to small businesses just trying to make ends meet.

Why are ransomware attacks spreading?

Ransomware attacks are gaining popularity among hackers due to the ever-evolving technology surrounding how to attack. There are also a few other reasons, including:

  • Use of new technologies such as encrypting a disk instead of only selected files
  • It can be quite an inexpensive way to target businesses as it has a large payoff
  • Extremely accessible as malware kits can be created on demand

As ransomware marketplaces have quickly sprouted up online, hackers don’t even need to be as tech-savvy as they would have previously had to have been. 

How does ransomware work?

There are multiple different ways attackers can gain access to your computer or network, including:

  • PIN locker ransomware — This form of ransomware changes the PIN code on the device, rendering it inaccessible. 
  • Screen locker ransomware — This blocks access to the device's screen so whoever's being hacked can’t gain entry. The screen will only be visible on the attacker's interface.
  • Disk coding ransomware — This is when the Master Boot Record (MBR) — the information in the first sector of a hard disk or removable drive that identifies how and where the operating system is — and the critical file system structure becomes encrypted. This then prevents the affected user from accessing the device's operating system.
  • Crypto-ransomware — This form of ransomware encrypts any files that are stored on a disk. 

Once a ransomware attack has been planted, hackers can potentially give you mere hours to respond. If you don’t, your business's data will either be destroyed or published. 

How will a ransomware attack affect your business?

Successful ransomware attacks can be detrimental to small businesses and can, ultimately, be the main reason for their demise.

But what are some other repercussions of your business being involved in an attack?

Business loss

If the attacker encrypts any of your business-critical files, then you may have to shut down your business for a few days to a couple of weeks while you try and recoup this. 

With your business shut, this will obviously lead to loss of revenue as well as impacted customer trust. 

Reputational damage

If news of the attack gets out, your business's reputation could be seriously damaged. This could ring particularly true if the data that has been lost is sensitive and confidential customer information.

This makes it extremely difficult for existing clients and customers to put their trust back into your business, but it could also impact future partners and potential customers.

Ransom payments

Most small businesses have to make the tough financial decision about whether or not to pay the ransom. 

While almost all advice would advise against paying the ransom, many small businesses are left without a choice due to the time constraints of an attack. You may end up losing hundreds or even thousands of pounds in ransom, and there’s always the guarantee that the attacker won’t actually unlock the data they’ve encrypted or stolen.

Regulatory fines

Your business could be subjected to regulatory fines if the attacker leaks sensitive customer information and data.

This is an added financial burden that your small business won’t need, considering it’s just been attacked.

What should I do if my business receives a ransomware email?

A ransomware attack email is an email message that contains, or can possibly lead to malware. 

If your business receives a ransomware email, there are a few steps you can take to help minimise the damage.

Contact your cyber insurance provider

It’s imperative that you contact your cyber insurance provider to notify them of the attack. Depending on your insurance policy type, they can help cover the cost of ransom payments, conduct a GDPR investigation and help with reputation management. 

Find out more a GDPR with our handy Bionic guide

Establish the type of attack it is

You’ll then have to establish which type of attack you’ve been hit by, whether it’s PIN, screen, disk or crypto. 

This distinction is important as it’ll help determine the next steps you’ll need to take. For example, if you can’t get past a ransom pop-up note on the screen, you’ve likely been attacked by screen locker ransomware.

Collect evidence

Then you’ll have to collect evidence of the attack. Make sure to take pictures of the ransomware note: including details of payment instructions and the value of the ransom. 

This way, you’ll be able to show proof to the relevant authorities.

Disconnect your device

Disconnect any infected machines from the network, and unplug any external devices or hard drives. This way, it can help to restrict the impact of the ransomware and how many devices it can/has infected.

Attempt data recovery

In some cases, it may be possible to recover some or all of the data the hacker has encrypted. 

If this is possible, you can use recovery and decryption software — usually accessed through a trusted cybersecurity firm or an IT department if your business has one. 

File a report

While they may not be able to help in all cases, it’s best to try and make a police report of the incident. This is because you’ll need records of this instance if you want to make an insurance claim or file a lawsuit. 

Should my business pay the ransom?

It may seem easier to pay the ransom and get it over with when faced with the possibility of days, weeks or even months of recovery.

But this can be a bad idea because:

  • You may never get the decryption key — When you pay the demand, the deal is that you get the decryption key in return. But how do you know that these attackers will truly keep to their word? After all, you don’t know the integrity of these criminals. Many businesses pay the ransom and receive nothing in return. Then they’re hundreds or even thousands of pounds out of pocket.
  • You could get repeated demands — Once you’ve paid the first ransom, who is to say that these attackers won’t increase the price again? They may give you a working key if you’re willing to pay a little — or a lot — more.  
  • You may have a target painted on your back — Once you pay a ransom, criminals know that you’re a good business to target. If you’ve already paid once, why wouldn’t you pay again? If a company has a proven history of paying ransom attacks, other attackers are more likely to single you out and try for another attack.

Can ransomware be removed?

Ransomware removal is difficult and challenging but not impossible. 

You can delete malicious files automatically and manually using antivirus software. Usually, the manual removal of software is only recommended to be done by someone who is tech-savvy and has extensive experience in the matter. If your computer has become infected, it’s best to let an expert look at it, as they’ll be able to decipher what’s happening and take appropriate action. 

How to prevent a ransomware attack

Protecting your business against a ransomware attack should be relatively simple:

  • Back up your data — Since it isn’t always possible to eliminate a ransom attack and use the device again, it’s a good idea to make sure that your data and files are backed up externally. 
  • Use security software and keep it up to date — Always make sure that all software and operating systems are kept up to date with the latest patches. If this gets a little bit too hard to keep on top of, consider using a managed service provider to help keep your business secure. 
  • Offer cyber awareness training — Cyber awareness training is one of the greatest assets a team can have. It aims to help employees reduce the likelihood of falling prey to a phishing attack by training employees to notice the potential signs. Want to learn more about internet security? Check out our guide
  • Reconsider remote access — While remote access can be a great thing, it can also be detrimental to a business. Unless your business needs remote access software — such as Remote Desktop Protocol — then it can be a good idea to disable it. If it must be used, make sure it’s secure with multi-factor authentication. 
  • Protect your personal information — When ransomware groups attack, they’ll often use personal information — such as passwords and dates of birth — to quickly answer security questions and gain access to accounts. Make sure that everyone in your business uses different passwords that include numbers, lower and uppercase letters and symbols, as this makes it harder for hackers to guess. 

How Bionic can keep your business connected

Wrapping your head around ransomware attacks and what they can mean for your business can sometimes feel like a challenge. The most important thing to know is you need to act fast should your business come under threat. 

If you need more help understanding business connectivity or anything connectivity-related, head over to our connectivity guide page for more information. Or, get in touch today with the Bionic team to discuss your needs or get more information on business connectivity. We can help with business broadband, VoIP, and more.