Ransomware explained: How it works and how to remove it

Ransomware explained: How it works and how to remove it

Ransomware is one of the most common cyber security threats against Adelaide businesses. In this article, we take a look at what this cyber risk is, and how you can protect yourself against it.

What is ransomware?

In its simplest form, ransomware is a type of malware. These cyber security threats work by tricking the user into downloading and installing a file, or clicking a link, that’s infected with that particular ransomware strain.

Once downloaded, the malware then gets to work. It locks down your system, restricting user access and files, encrypting them. You’ll then typically receive a notification that your system has been infected. This usually takes the form of an on-screen pop-up or an email, informing your that their files have been locked and encrypted. Within this notification the hackers then demand a ransom to restore your files. These days, the ransom is typically in the form of BitCoin.

Then, if you don’t pay the ransom, the hackers simply delete your files.

How ransomware spreads

Ransomware is spread in much the same way that viruses and other cyber security threats do. Hackers will send a phishing email, tricking you into opening and downloading the file, or to click through the link provided.

Occasionally it’s spread through drive-by downloads. That is, when you visit a site where the malware has been implanted. It lurks there, waiting for a user to click on that page. Then it automatically downloads itself to your computer.

Ransomware is one of the more dangerous cyber security threats

There are now more than 1,800 different strains and variants of ransomware out there, and 2021 alone has seen unprecedented levels of ransomware attacks. Attacks that have increased in sophistication, in severity, and in the volume of ransom demanded.

However, any level of cyber risk is unacceptable to a small business.

The average ransom businesses pay is over US$300,000. But that’s just on average. Smaller businesses may expect to pay $60,000, larger businesses a lot more. In March this year, computer manufacturer Acer was held to ransom to the tune of US$50 million.

Do I pay the ransom?

Despite the obvious issue that your sensitive and critical information is no longer available, the problem with ransomware that most businesses will struggle with is whether or not to pay the ransom.

By nature, the group doing the hacking aren’t going to be the most scrupulous of sorts. So will paying the ransom even ensure you receive access to your files?

The Australian Cyber Security Centre has clear guidelines on what to do in the event of a ransomware attack: Don’t pay. After all, there’s no real guarantee that the hackers will return your files or fix the damage they’ve caused.

Paying the ransom once also implies you may do so again in the future, leaving you vulnerable to future attacks.

How to remove ransomware

The best way to deal with the cyber risk of ransomware is to assume that your files and data are already gone. Instead, focus on restoring your data and files from your backups.

But let’s assume that you haven’t done this in a while.

If you were to fall victim to a ransomware attack, time is of the essence. So rather than reverse the situation, you need to focus instead on minimising the damage.

Here’s how to do it.

Step 1. Isolate the infected files or devices from your network to reduce and stop any further spread.
Step 2. Shut down wireless and Bluetooth connectivity to stifle any further spread.
Step 3. This is the hard bit. You need to identify any and all infected files or devices.
Step 4. Lock and restrict sharing access to any infected files or devices.
Step 5. Locate the original infected file. You can check your antivirus software for any alerts, or quiz your teams on any activity that may have led to malware being downloaded.
Step 6. Check your antivirus provider to determine the strain of ransomware you’re dealing with.
Step 7. Report the attack to the Australian Cyber Security Centre.
Step 8. Restore all your business systems from the latest backup.
Step 9. Run your antivirus/antimalware software as often as necessary to ensure all traces of the ransomware have been eliminated from your network.

How to combat ransomware

When it comes to ransomware, removing it yourself is a last resort. The best way to actually combat ransomware is to ensure your business performs regular, secure backups in the first place.

Keep these backups separate to your business system. The more removed they are, the safer they’ll be. Consider using both physical and cloud off-site storage, to provide multiple backup points.

Also, ensure your business practices sensible internet use. Don’t click suspicious emails or links. Only use secure networks. And make sure your antivirus software is up to date.

The best defence against ransomware is to be prepared

Ransomware is one of the most common cyber security threats impacting Adelaide businesses. So it’s crucial that your organisation is prepared.

At GPK Group we take a proactive approach to managing your business’ cyber risk, and provide robust, full-scope IT cyber security for Adelaide businesses. Contact us today to discuss a cyber security solution that stops ransomware in its tracks.