What is ransomware and how to prevent it

Share this page

Ransomware attacks are on the rise. Experts now consider it as one of the biggest threats to businesses and organizations, presenting an evolving and continuous challenge to IT security teams. 

In its 2021 report, IBM Security calculated that the global average cost of a ransomware breach was $4.62 million — a figure that does not include ransom payments, which some experts believe are handed over in at least a third of cases.

Fortunately, the risk of a ransomware attack can be mitigated. Understanding what ransomware is, the risks it poses, and how to prevent ransomware attacks can help you safeguard your business. 

What is ransomware?

Ransomware is a term used to describe a type of malware designed to block access to a computer or a network until a specific sum of money is paid. Once a system has been infected with ransomware, victims typically receive an on-screen alert informing them that their files have been encrypted or they have been locked out of the system. Access can only be restored after a ransom payment — usually in a hard-to-trace digital currency such as Bitcoin — has been made. 

To motivate payments, ransomware attackers sometimes also leak the victim’s seized data on public platforms. For businesses, this breach of confidential data can cause significant financial losses and erode customer trust. 

Types of ransomware

Ransomware comes in many forms, including: 

  • Crypto or Encryptors: Crypto ransomware, also known as encryptors, is one of the most damaging variants of ransomware. It encrypts files and data in a system, making it impossible to access them without a decryption key.
  • Locker: Locker ransomware blocks access to a computer or network system entirely. A lock screen with a ransom demand and a countdown timer may be displayed to drive victims to act.
  • Scareware: Scareware is a form of ransomware that uses fake security alerts to manipulate victims into buying useless software or paying a ransom to resolve the issue.
  • Doxware or leakware: Doxware or leakware attackers steal sensitive and confidential data and threaten to make it public if the victim does not pay the ransom. 

How does ransomware work?

There are a few ways that ransomware attackers can infiltrate your business, namely through phishing emails, drive-by downloading, direct infiltration, and Remote Desktop Protocol (RDP) attacks.

Phishing emails

Phishing emails are the most common delivery vehicle for a ransomware attack. By posing as a legitimate or trusted sender, the attacker sends you a fake email and tries to trick you into opening malicious links or downloading dubious attachments. Once you download and open the attachment, the ransomware infects your device and encrypts your files. 

In an advanced attack, the ransomware will also spread across the network and encrypt files throughout your business. 

Drive-by downloads

A drive-by download is any software download that happens without your knowledge and consent. When you visit an infected website, it will force your browser to download and install a hostile script code on your computer. Often, the code for drive-by downloads is written in a manner that allows the software to infect vulnerable computers without the need for you to click on a download link. Instead, the malicious software checks for vulnerabilities in your browser or operating system and exploits them.

Direct infiltration 

Similar to drive-by downloading, a ransomware attack delivered through direct infiltration takes advantage of a business’s existing security vulnerabilities. An attacker looks for loopholes in unpatched systems and bypasses security defenses to deliver ransomware.  

Remote Desktop Protocol attacks

The Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which enables remote access to Windows computers. 

In an RDP attack, the attacker runs a script that searches for a specific computer port left open to the internet. Once the attacker finds an exposed port, they deliver ransomware to the computer after obtaining login credentials through social engineering or brute force attacks.

Who is at risk of being targeted by ransomware?

While anyone could be a target for ransomware, over half of all ransomware attacks target businesses in the banking, utilities, and retail industries. These industries provide vital services to people and companies, making them enticing targets for ransomware gangs. 

In May 2021, gas company Colonial Pipeline experienced a ransomware attack which forced the company to temporarily shut down operations, causing gas shortages in the northeastern US. Within hours of a blackmail demand, Colonial Pipeline paid close to $5 million to its attackers. 

In November 2021, MediaMarkt, Europe’s largest consumer electronics retailer, suffered a Hive ransomware attack, causing IT systems to shut down and disrupt store operations in Germany and The Netherlands. While online payments were not affected, cash registers were unable to accept credit card payments or print receipts. Its initial ransom demand was set at $240 million.

To maximize profits and speed up payouts, ransomware attackers seek businesses with the financial means and incentive to regain control over their data and operations quickly. And since companies are not required to disclose data breaches that do not compromise privacy laws, they have a better chance of keeping the incident from going public by making the ransom payment. 

How to prevent ransomware

As with any malware threat, prevention is your best defense. Practicing good digital hygiene is crucial in preparing your business against a potential ransomware attack. 

Be vigilant against suspicious emails 

Most ransomware attacks are carried out through phishing emails. If you spot a suspicious email, do not click on any links or attachments and immediately report the email to your email provider. You can also reduce the risk of phishing emails by activating strong spam filters.

Maintain offline, encrypted backups of data

Making regular, encrypted backups of your business’ data can protect it from a range of disasters, including a ransomware attack. Since ransomware most commonly spreads through internet-accessible systems, keeping your backups offline also protects them from getting infected.

Update and patch software regularly 

Software with known vulnerabilities is especially susceptible to ransomware attacks. By keeping your software updated, you’re keeping your business safe from cyber threats. The simplest way to ensure your computer and devices are up-to-date is by enabling automatic updates. 

Install antivirus and anti-malware software 

Comprehensive antivirus and anti-malware software provide a good line of defense against ransomware attacks. They detect and isolate malicious code, preventing malware from infecting your computer. Once installed, most antivirus and anti-malware software run automatically in the background and provide real-time protection against ransomware attacks. 

Proton Mail offers unique ransomware protection

As a privacy-first company, Proton provides your business with the protection needed to combat ransomware. With Proton Mail, Proton Calendar, and Proton Drive, all your emails, calendar events, documents, and files are secured using end-to-end encryption and zero-access encryption. This means even in the case of a ransomware attack, your data cannot be accessed and used to blackmail you into paying a ransom.

Proton Mail also comes with strong anti-phishing features that help you spot suspicious emails:

  • Link confirmation: Before opening a link, Proton Mail will ask you to confirm that you wish to open an external link in an email, giving you a chance to inspect the legitimacy of a URL.
  • Powerful spam filters: Proton Mail uses a smart spam detection system to automatically filter out unwanted emails. You can also add individual email addresses to your Allow List and create custom filters for granular control. 
  • Address verification: With Proton Mail, you can add a contact as a trusted sender by enabling trusted keys. This prevents encryption keys from being spoofed. 
  • DMARC: DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. When activated, this email security protocol helps businesses fight the threat of domain spoofing.

If you’re looking to protect your business against ransomware attacks, Proton Mail is a great choice. Find out how Proton Mail can provide security and privacy for your business.

Share this page

Related articles

Cryptocurrency scams have cost people over a billion dollars — and they’re only becoming more prevalent. Learn what to look out for to avoid being scammed yourself.  The Washington Post recently reported that over $1 billion was lost to cryptocurren
Today is World Wide Web Day, when the world celebrates all the amazing things that were enabled when Sir Tim Berners-Lee, a member of our advisory board, created the building blocks of the web at the European Organization for Nuclear Research (CERN)
Irina joined Proton in 2017 as the company’s first marketing hire. Throughout her time, she has witnessed Proton’s evolution from an encrypted email service to a privacy-by-default ecosystem. We interviewed Irina to discuss how she advocates for the