Ransomware is a kind of malicious code that uses mechanisms to make the data inaccessible to the user, to demand the payment of an amount of money to restore access to the information.
Users visualize on-screen instructions for how to pay a fee to get the decryption key. The costs vary from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin or any other cryptocurrency.
How do Ransomware Attacks Happen?
Ransomware spreads almost like any other malicious file.
Scam Email Messages
A typical method of a ransomware infection is through a fake email, which usually claims to come from a known company, a bank, or a government agency. These emails deceive the user to get them to download a file, either attached to the mail or through a link to a web page. These malicious files are usually Trojans that appear to be harmless text documents or images, but when opened, they download the ransomware that eventually blocks the user’s computer or files. For this reason, it is always recommended not to open attachments or follow links to unknown sources.
File Downloads in P2P Networks
Another propagation method is file downloads through P2P networks. Many of these sites or files promise free software versions or cracks to evade licensing checks. However, far from being free, they can infect the user’s computer to obtain some economic return, for example, through the payment of a ransom. Also, this type of programs usually request to disable the antivirus protection, so it is even easier for the cybercriminal to infect the computer.
Without User Intervention
There are also many malicious codes that spread by themselves, without the intervention of the user, taking advantage of the vulnerabilities of the systems or applications that are not updated. Many varieties of ransomware bring with them an exploit that benefits from these vulnerabilities to execute the code on the computer. In these cases, it is very common to spread through vulnerable devices connected in the same network. When the malicious code manages to infect one of the devices in systems, it automatically spreads to the other exposed computers. This is why keeping systems updated regularly can prevent infections.
What Is The Risk Of Ransomware For A Company?
Information is a precious asset to the organization. Therefore, if its availability is compromised, it can have devastating consequences. This is the main reason why many ransomware attacks are aimed at infecting files and corporate information. Also, most companies work with shared networks of information, which means the infection can spread quickly through the network, infecting not only workstations but also the servers and databases of the company, where critical and sensitive information is often stored.
Here are some specific risks to consider: First, we have to mention the financial losses, particularly in cases where the information that is lost is made up of private data of clients who must be compensated in some way. In the same sense, if the affected files are patents or formulas of certain products, this could result in the complete or partial interruption of the business. In this same line, there are companies that concentrate their work on servers in the cloud, therefore, if they are infected and there is no continuity plan to work offline, then the correct operation of the business will also be interrupted.
Next, we have to mention a critical issue: the damage to the brand. This is a risk that directly compromises the prestige and even the credibility of a company; and although it is difficult to measure in terms of net money that could be lost, it can be seen in the perception of users or clients. Finally, we highlight the issue of legal liability and the obligations that a company has based on the data protection laws the company has to comply with. Again, in case of losing information, fines and compensation should be paid to those who are victims of the attack.
Although it is not advisable to pay the ransom, the loss of information has to be weighed in. For some companies, they should not only consider the value in itself of the information that was lost or is no longer available but also the indirect costs that involve stopping the operation, not providing a service, delaying the activities or any other consequence that affects the continuity of the business.