Information Security - Understanding the Basics: "Ransomware"

One that has quickly emerged as one of the most common, most publicized, and most dangerous types of attacks that both public and private organizations face today...Ransomware.

What is a Ransomware Attack

Ransomware is a type of malware-based cyber attack that often launches on an enterprises' computer network. The concept behind ransomware is the criminal use of cryptography (a technique that prevents parties from reading data) during a cyber attack to gain access to a victim's files and encrypting them, so the files are then useless until the victim pays the attacker for a key to recover them. Often, the demands to release the corporate information are extremely high financial amounts.

However, it is important to note that paying a ransom does not guarantee that cyber criminals will unlock your data or that they will not expose your data public ally or on the dark web.

For ransomware malware to gain access to an organization's data, the most common infiltration methods include phishing emails, remote access exploitation, web browser or application exploitation, using mobile storage devices and other removable media. Once a computer is infected with malware, it spreads throughout the internal network of an organization, impacting not only the computers of end users but also infecting servers.

How Ransomware Works

  • Malware enters system via spam/web browser or other ways.
  • The malware downloads malicious file onto your system.
  • The malicious code encrypts your file taking over control of data and systems.
  • Users will be sent a ransom notice informing them that their data has been taken over and demanding a payment deadline to regain access.
  • Threats are made to release data publicly, to competitors, or to be sold on the dark web.
  • Organizations must pay extremely high financial amounts in ransom to regain access to their data and re-establish control of their systems.

The Costs of Ransomware

The most obvious type of damage associated with a ransomware attack is the direct financial cost demanded by the cyber criminals to retrieve an organization's data and systems. IT World Canada's website refers to an IBM report that indicates the "average" cost of a ransomware attack at approximately at US$4.54 million. There are many case studies and other reputable international and domestic reports that confirm the increasingly high costs that are demanded for payment in ransomware attacks.

How to Protect your Company from Ransomware

  • Firewalls

A firewall is the first point of entry into an organization. Implementing a tool known as a next-generation firewall (NGFW) with the option of deep packet inspection (DPI) is the recommended approach. This technically advanced firewall provides advantages over older technology by providing multiple ports and IP filtering capabilities along with deep packet inspection capabilities.

  • Data Backup

Maintaining a data backup policy for sensitive or operational critical organizational information is a fundamental technical measure that must be part of your security approach to reduce the risks of ransomware. Storing sensitive organizational information on local computers is a very dangerous practice and a large gap in your security posture.

  • Education/Training

Internal security training is the best way to avoid any type of attack, including ransomware. Teaching end users the risks of a simple click on an email can cause great economic losses for the company. This training does not have to be extensive but should be mandatory for all personnel and should be delivered on a somewhat regular basis to keep up with new threats and trends.

  • Use a VPN When Using Public Wi-Fi

When you are working outside of company security a public Wi-Fi is convenient because it is easy to get onto and often without a password. Unfortunately, it is just as easy for hackers to use public Wi-Fi to spread ransomware. Whenever you are on a public Wi-Fi network, we recommend the use of a virtual private network (VPN). An internal policy requiring the use of a VPN when on any public Wi-Fi network is a very strong approach to combat ransomware and is a sound fundamental security practice.

  • Implement Security Software

Security software can be a powerful tool in ransomware prevention. The minimal protection for you or your business is to use an antivirus tool with ransomware protection including a Web Filter and Intrusion Prevention capabilities.

Castellan Information Security is a Winnipeg-based 'end-to-end' information security company that specializes in information security and have worked with both large and smaller private and public organizations to help them reach their information security objectives. If you have questions about this article or would like to speak to us about how our services can help your company protect its information please feel free to contact us directly at

Ask us about our free preliminary security assessment and our Security Operations Centre (SOC) service that uses special detection technology and cyber experts to monitor your data on a live, 7/24 basis.


View More

Unite Interactive