Ransomware attack

What is a ransomware attack?

Ransomware is a malware type that is designed by cybercriminals to hold a victim's data hostage until a ransom is paid. The perpetrators usually encrypt and block legitimate access to the data and threaten to expose the sensitive content online if the ransom is withheld.

During a ransomware attack, the organization is pressurized to make the ransom payment, mostly in the form of cryptocurrency like Bitcoin to gain access to their data. Perpetrators target both individuals and organizations for a ransomware attack.

Types of ransomware

Though ransomware has evolved a lot, most ransomware attacks can be grouped into either one of the below-mentioned categories. They are:

  • Lock screen ransomware

    This type of ransomware freezes the user's computer screen, blocks most basic functions, and demands a payment to unlock the screen. This ransomware is mostly used to target individuals and does not go after their critical data. It is deployed at the OS level and makes the device inoperable.

    Examples: Reveton

  • Crypto ransomware

    This type of ransomware infects and encrypts an organization's business-critical data and turns them into unreadable gibberish. Though all basic device functions are left uninterrupted, crypto-ransomware instigates huge panic as data is the lifeblood of any business. As daily operation comes to a standstill the perpetrators will demand payment be made before a stipulated deadline.

    Examples: CryptoWall, CryptoLocker, NotPetya, and WannaCry.

Ransomware attack examples

Find a few examples of ransomware listed below:

Ransomware variant Type Infection vectors
WannaCry Crypto Exploited an unpatched security vulnerability in Windows called External Blue
Locky Crypto A phishing scheme used to gain unauthorized access
BadRabbit Crypto Drive-by attacks where users are tricked into installing malware disguised as an Adobe flash installment
Petya Crypto Uses a corrupted Dropbox link to corrupt the system's harddrive master boot record
REvil Crypto Software supply chain attack where Kaseya software is used to infiltrate the organization's network
Ryuk Crypto Download as a service is used to infect the targeted organizations

How ransomware works

Find the details below on how a ransomware attack happens, the various phases involved, and how it spreads. For more information, check out this infographic.

  • Reconnaissance

    Perpetrators probe the target organization's network searching for weak spots they can exploit to deliver the ransomware.

  • Distribution

    A myriad of attack vectors like email phishing, malvertisement campaigns, exploit kits, and such are used to deliver ransomware.

  • Infection

    The ransomware infection quickly proliferates and distributes itself, taking advantage of inherent security vulnerabilities to infect and encrypt critical data.

How to stop ransomware from spreading

Ransomware attacks have become more sophisticated in recent years, and so should IT teams. Combining ransomware detection best practices along with robust detection and response tools is essential to stop the spread of ransomware within your data stores.

DataSecurity Plus helps meet this need by protecting your organization against ransomware proliferation with real-time file server auditing, and employing personalized and automated scripts to stop the spread of ransomware within your organization's perimeter. Its rapid responses aid in damage mitigation by isolating infected machines, locking out user accounts, and ending user sessions.

When used in combination with the below best practices, organizations can leverage DataSecurity Plus to protect their data from ransomware attacks.

Ransomware cyberattack prevention best practices

Check out our eight best practices to prevent ransomware attacks.

  • Patch system vulnerabilities regularly.
  • Use an intrusion detection system.
  • Conduct security awareness training for end users.
  • Run only allow-listed and trusted applications.
  • Keep your networks logically separated.
  • Employ a strong email filtering solution.
  • Ensure the principle of least privilege across your data stores.
  • Deploy ransomware detection software.

For more in-depth instructions on how to manage ransomware attacks, check out our ransomware prevention and response checklist.

Ransomware protection using DataSecurity Plus

ManageEngine DataSecurity Plus is a data visibility and security platform that helps detect and quarantine potential ransomware attacks instantly. The below capabilities illustrate how to detect ransomware attacks usingDataSecurity Plus.

  • Spot ransomware attacks quickly by keeping a close eye on its indicators like sudden unexplained surge in file rename, deletion, and permission change activities.
  • Notify first responders and stakeholders regarding the ransomware attack via email.
  • Trigger instant threat responses that can shut down the infected system, kill malicious processes, disconnect rogue users' sessions, reload damaged files from a backup, and more.
  • Locate ransomware-corrupted files by comparing them with our up-to-date list of known ransomware extensions.
  • Enable quick forensic analysis using our detailed audit trail that captures all file and folder activities 24/7.

Try out the above functionalities and more using our 30-day, fully functional, free trial.

Download your free trial

A quick video on how DataSecurity Plus helps detect and protect against ransomware attacks.

 Watch the 2-minute video
 
Email Download Link