It can happen to you just like that. An employee of your company clicks on a malicious link in an email that takes him or her to an infected website. Although the result of visiting this link does not seem to have much effect at first, a hacker is already busy behind the scenes. This leads to ransomware.

What is Ransomware?

One step back. What exactly is ransomware? Ransomware is malware and encrypts users' data files with the intention of ultimately decrypting them in exchange for payment. Some of the typical attack techniques used by hackers include:

• An outdated operating system;
• Clicking on a link in a fake email (phishing);
• Using stolen passwords.

Ransomware has the ability to modify, delete, copy and store victims' personal files. The only way to recover your files is to pay a ransom. This mainly uses bitcoin or another cryptocurrency. However, there is no guarantee that you will be able to access your personal files again after this payment. At this point, you can only hope that your company has a backup.

Ransomware: how it works

An attacker can infect a computer or server with ransomware in various ways. In some cases, all you have to do is open a malicious email attachment or go to a malicious website to get infected. This is why many victims unknowingly install ransomware. Attackers often buy a database on the dark web in order to carry out the attacks. This can range from email addresses alone to even medical and credit card information. The more information an attacker has, the better he can send a successful phishing email. With all its consequences.

According to the report by the National Cyber Security Center benefits from ransomware attacks including unpatched system vulnerabilities. Examples include legacy protocols such as SMBv1 and the Remote Desktop Protocol (RDP) and weak web browsers. Trojan horses and other types of malware can also be used to penetrate the ICT network.

Ransomware in the news

According to the Information Security Service (IBD) Report the threat of ransomware attacks is still increasing. Almost every day, we hear and read about companies, agencies and local authorities that have been attacked. Criminals are constantly trying to find inputs into the sometimes outdated software of healthcare institutions, local governments and retail organizations. And the (potential) consequences of an attack are also becoming increasingly serious. For example, the municipality of Buren hit by a ransomware attack this year. The hack stole data from the municipality. Subsequently, a large amount of privacy-sensitive data was published on the dark web.

Consequences of ransomware

But what exactly are the consequences? In many cases, the consequences of an attack have a major and negative effect on the continuity of companies. The ransomware attacks result, among other things, in:

• Temporary or permanent loss of personal files and information;
• Customer data can be stolen;
• Disruption of the continuity of one or more systems;
• Downtime of critical systems from a few hours to several days;
• Image damage;
• Financial losses due to paying the ransom or because the daily operation cannot continue.

Sensitive information leaked by a cybercriminal can damage a company's reputation and give the impression that the organization is untrustworthy. Thousands of people can also be victims of identity theft or other cyber crimes, depending on the type of information released and the size of the company. According to research by the insurer Hiscox 58 percent of the successfully attacked companies pay the ransom, but the exact statistics are not yet known.

So it has turned out that ransomware is a major problem. Almost never a week goes by without hearing about a ransomware attack. Even a small company is susceptible to “this type of cyber attack.” The consequences can be disastrous. However, there is also good news. Every company can do something to protect the organization against ransomware attacks. We'll zoom in on this in the next blog”Ransomware: Now What?”.

And don't forget, according to Sara Ahmadi is “Ransomware the easier, the scarier, the better”.