Proton
Blog
NewsletterSubscribe by RSS

What is ransomware and how to prevent it

Lydia Pang

Share this page

Ransomware attacks are on the rise. Experts now consider it as one of the biggest threats to businesses and organizations, presenting an evolving and continuous challenge to IT security teams. 

In its 2021 report(new window), IBM Security calculated that the global average cost of a ransomware breach was $4.62 million — a figure that does not include ransom payments, which some experts believe are handed over in at least a third of cases.

Fortunately, the risk of a ransomware attack can be mitigated. Understanding what ransomware is, the risks it poses, and how to prevent ransomware attacks can help you safeguard your business. 

What is ransomware?

Ransomware is a term used to describe a type of malware(new window) designed to block access to a computer or a network until a specific sum of money is paid. Once a system has been infected with ransomware, victims typically receive an on-screen alert informing them that their files have been encrypted or they have been locked out of the system. Access can only be restored after a ransom payment — usually in a hard-to-trace digital currency such as Bitcoin — has been made. 

To motivate payments, ransomware attackers sometimes also leak the victim’s seized data on public platforms. For businesses, this breach of confidential data can cause significant financial losses and erode customer trust. 

Types of ransomware

Ransomware comes in many forms, including: 

  • Crypto or Encryptors: Crypto ransomware, also known as encryptors, is one of the most damaging variants of ransomware. It encrypts files and data in a system, making it impossible to access them without a decryption key.
  • Locker: Locker ransomware blocks access to a computer or network system entirely. A lock screen with a ransom demand and a countdown timer may be displayed to drive victims to act.
  • Scareware: Scareware is a form of ransomware that uses fake security alerts to manipulate victims into buying useless software or paying a ransom to resolve the issue.
  • Doxware or leakware: Doxware or leakware attackers steal sensitive and confidential data and threaten to make it public if the victim does not pay the ransom. 

How does ransomware work?

There are a few ways that ransomware attackers can infiltrate your business, namely through phishing emails, drive-by downloading, direct infiltration, and Remote Desktop Protocol (RDP) attacks.

Phishing emails

Phishing emails(new window) are the most common delivery vehicle for a ransomware attack. By posing as a legitimate or trusted sender, the attacker sends you a fake email and tries to trick you into opening malicious links or downloading dubious attachments. Once you download and open the attachment, the ransomware infects your device and encrypts your files. 

In an advanced attack, the ransomware will also spread across the network and encrypt files throughout your business. 

Drive-by downloads

A drive-by download is any software download that happens without your knowledge and consent. When you visit an infected website, it will force your browser to download and install a hostile script code on your computer. Often, the code for drive-by downloads is written in a manner that allows the software to infect vulnerable computers without the need for you to click on a download link. Instead, the malicious software checks for vulnerabilities in your browser or operating system and exploits them.

Direct infiltration 

Similar to drive-by downloading, a ransomware attack delivered through direct infiltration takes advantage of a business’s existing security vulnerabilities. An attacker looks for loopholes in unpatched systems and bypasses security defenses to deliver ransomware.  

Remote Desktop Protocol attacks

The Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which enables remote access to Windows computers. 

In an RDP attack, the attacker runs a script that searches for a specific computer port left open to the internet. Once the attacker finds an exposed port, they deliver ransomware to the computer after obtaining login credentials through social engineering or brute force attacks.

Who is at risk of being targeted by ransomware?

While anyone could be a target for ransomware, over half of all ransomware attacks target businesses in the banking, utilities, and retail industries(new window). These industries provide vital services to people and companies, making them enticing targets for ransomware gangs. 

In May 2021, gas company Colonial Pipeline experienced a ransomware attack(new window) which forced the company to temporarily shut down operations, causing gas shortages in the northeastern US. Within hours of a blackmail demand, Colonial Pipeline paid close to $5 million to its attackers. 

In November 2021, MediaMarkt, Europe’s largest consumer electronics retailer, suffered a Hive ransomware attack(new window), causing IT systems to shut down and disrupt store operations in Germany and The Netherlands. While online payments were not affected, cash registers were unable to accept credit card payments or print receipts. Its initial ransom demand was set at $240 million.

To maximize profits and speed up payouts, ransomware attackers seek businesses with the financial means and incentive to regain control over their data and operations quickly. And since companies are not required to disclose data breaches that do not compromise privacy laws, they have a better chance of keeping the incident from going public by making the ransom payment. 

How to prevent ransomware

As with any malware threat, prevention is your best defense. Practicing good digital hygiene is crucial in preparing your business against a potential ransomware attack. 

Be vigilant against suspicious emails 

Most ransomware attacks are carried out through phishing emails. If you spot a suspicious email, do not click on any links or attachments and immediately report the email to your email provider. You can also reduce the risk of phishing emails by activating strong spam filters.

Maintain offline, encrypted backups of data

Making regular, encrypted backups of your business’ data can protect it from a range of disasters, including a ransomware attack. Since ransomware most commonly spreads through internet-accessible systems, keeping your backups offline also protects them from getting infected.

Update and patch software regularly 

Software with known vulnerabilities is especially susceptible to ransomware attacks. By keeping your software updated, you’re keeping your business safe from cyber threats. The simplest way to ensure your computer and devices are up-to-date is by enabling automatic updates. 

Install antivirus and anti-malware software 

Comprehensive antivirus and anti-malware software provide a good line of defense against ransomware attacks. They detect and isolate malicious code, preventing malware from infecting your computer. Once installed, most antivirus and anti-malware software run automatically in the background and provide real-time protection against ransomware attacks. 

Proton Mail offers unique ransomware protection

As a privacy-first company, Proton provides your business with the protection needed to combat ransomware. With Proton Mail(new window), Proton Calendar(new window), and Proton Drive(new window), all your emails, calendar events, documents, and files are secured using end-to-end encryption(new window) and zero-access encryption(new window). This means even in the case of a ransomware attack, your data cannot be accessed and used to blackmail you into paying a ransom.

Proton Mail also comes with strong anti-phishing features that help you spot suspicious emails:

  • Link confirmation(new window): Before opening a link, Proton Mail will ask you to confirm that you wish to open an external link in an email, giving you a chance to inspect the legitimacy of a URL.
  • Powerful spam filters(new window): Proton Mail uses a smart spam detection system to automatically filter out unwanted emails. You can also add individual email addresses to your Allow List and create custom filters for granular control. 
  • Address verification(new window): With Proton Mail, you can add a contact as a trusted sender by enabling trusted keys. This prevents encryption keys from being spoofed. 
  • DMARC(new window): DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. When activated, this email security protocol helps businesses fight the threat of domain spoofing.

If you’re looking to protect your business against ransomware attacks, Proton Mail is a great choice. Find out how Proton Mail can provide security and privacy for your business(new window).

Protect your privacy with Proton
Create a free account

Share this page

Lydia Pang

Lydia is a lifelong book-lover and her professional experience spans several industries, including higher education and editorial writing. She's excited to write for Proton and champion privacy as a fundamental right for everyone.

Related articles

With over 33 million registered users and more than 100,000 business customers, LastPass is one of the world’s most popular password managers. After an escalating series of highly-damaging disclosures over the last few months, LastPass has now admitt
Email headers are the hidden part of emails containing vital information to identify and authenticate messages. Learn how to read them to spot spam and stay secure. Have you received an unexpected email from a strange address? Is it actually from so
The United States is notoriously weak on privacy laws. With its secret surveillance courts and all-powerful spy agencies, the US has many tools to collect data on people within its jurisdiction and beyond. Recently, that power has been used to prose
When you encrypt files on your computer, it’s like storing them in a vault: Only someone with the correct key can access them. That’s useful if you’re concerned about hackers stealing your most sensitive documents or companies scanning your data for
Two-factor authentication (2FA) is an extra layer of protection for online accounts that requires you to use more than just your username and password to log in.  With 2FA enabled, you can protect access to your online accounts even if your password
Internet users of a certain age might recall earlier days of personal computing, with stacks of labeled floppy disks or CDs lying around the office. Those have all but disappeared thanks to the widespread availability of cloud storage, which took off