<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">
Dave Bykowski

By: Dave Bykowski on March 16, 2022

Print/Save as PDF

What Is Ransomware? How Does It Work? How To Avoid It

Cybersecurity

We hear about ransomware on the news all of the time, but you may not understand how it works or the steps your organization can take to avoid it. 

The word ransom implies that a monetary fee is paid, but to whom? How much money is involved? Do small- to medium-sized businesses (SMBs) have to worry about ransomware or is it just something that affects large, multinational companies? 

In my job as manager of information security and compliance, at Kelser Corporation, I work with SMBs every day. I hear these questions a lot, so I decided to write an article that explains what ransomware is, how it works, and what steps you can take to avoid becoming a victim of this kind of malware.

As a managed IT services provider, Kelser believes that providing the information SMBs need to know about IT issues is important. We know that managed services aren’t right for everyone, but everyone definitely needs to be aware of cybersecurity threats so they can make an informed decision about how to combat them. 

After reading this article, you will have a full understanding of ransomware and will be armed with steps you can take to keep your IT infrastructure safe.  

What Is Ransomware? 

Ransomware is a kind of malware or malicious software. It can be spread when users click on a phishing email that contains a malicious attachment or when a user innocently visits a website they don’t know is infected.

First documented as a threat that targeted the health care industry in 1989, ransomware has become a growing threat. 

An article published in Fortune in February 2021, notes that the world saw “an alarming 105% surge in ransomware cyberattacks last year.”

Ransomware attacks have affected individual people as well as large and small organizations ranging from governments to businesses to nonprofits.  

Are There Different Types Of Ransomware?

Yes, there are. The most common (and most frequently mentioned) type is "crypto" ransomware, which encrypts and denies access to files on a victim’s computer. 

But there are other kinds too. 

Some ransomware, called locker ransomware, has other ways of disabling basic computer functions, essentially rendering the computer useless. Other forms of ransomware include "doxware" (which threatens to leak sensitive files or data) and "scareware" (which tries to trick users into paying for software that can fix a fake security issue on their system). 

No matter the type, though, the end goal is the same: find a way to convince users to pay cyber criminals money with the hope of being able to restore their operations back to normal.

How Does Ransomware Work?

The most common way that ransomware infects a device or network is when a user falls victim to a phishing email and clicks on a link that they think is a legitimate link sent by someone they know and trust. 

It can also be installed when a user visits an infected website or it can be spread by social media. Most ransomware is automatically installed, typically without the user’s knowledge. Many times, the ransomware will lie dormant for a time before being activated. 

How Are Ransoms Paid?

The FBI does not recommend paying a ransom in response to a ransomware attack because there are no guarantees that payment will be effective in decrypting or restoring your data. 

In fact, studies have shown that only about 8% of the time has a company that paid a ransom been able to recover all of their affected data, and on average, only about 65% of the data is recovered anytime a ransom is paid. 

Law enforcement officials often say that paying ransom just encourages cybercriminals to continue.

Depending on the cybercriminal and the ransom amount, payment is typically requested through a wire transfer, gift cards, or cryptocurrency.

What Happens If A Ransom Isn’t Paid? 

If a ransom isn’t paid, it’s unlikely that more damage will be done to your system. 

Some ransoms do increase in price after a certain period of time: for example, a ransom may be at one price only for the first 48 hours and then double after that time. If you don't intend to pay the ransom, then this doesn’t really matter.

But the biggest impact is on your business operations. Research has shown that 66% of companies said it would take five or more days to fully recover from a ransomware attack where they have not paid the ransom.

5 Ways To Protect Against Ransomware

The biggest tip I can give is to start preparing now. Don’t wait for ransomware to hit and then react. Be proactive in your planning and in caring for your network. 

1. Data Backups

The best defense is making sure you have sufficient and regularly verified and tested data backups. You can have all of the security tools in place, but something could still happen. If or when it does, you will be in a better position to respond if your data is backed up and readily available. 

Identify your business risks and plan your backups accordingly. 

Every business has information that needs protecting. For your business, what would be annoying data to lose? Which data could cripple your ability to operate? Which data, if jeopardized, could bankrupt or put you out of business?  

Protect things accordingly. Certain things may need daily backups, while other information only needs weekly or monthly backups.

2. Cybersecurity Awareness Training

Help your employees help you. Provide regular cybersecurity awareness training. Only by keeping this issue in front of employees can you educate them about the latest tactics and ensure that they are prepared to avoid risks. 

3. Firewalls

Most firewalls have a lifespan of three to five years. Firewalls are an important line of defense against cybercrime. Make sure your firewall is up to the job. 

4. Monitoring/Patching

Keep all of your systems (servers, network devices, and endpoints) patched and up-to-date. Moving your IT operations to the cloud can sometimes streamline this activity when cloud-based servers are configured for automatic updates by a cloud service provider. 

5. Strong Passwords

I feel like this can’t be overstated. As much as I talk about the importance of strong passwords, you’d be amazed at the number of people I come across who never change the factory-installed passwords on their devices. This is one of the easiest steps you can take to keep all of your devices safe. 

See more tips for protecting against ransomware from The Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security. 

How Can You Get The Protection You Need To Keep Your IT Infrastructure Safe? 

So now you know that ransomware is a type of malware.

You know that there are different kinds of ransomware, including locker, crypto, scareware, and doxware. You know five ways to protect your organization against ransomware: data backups, cybersecurity awareness training, firewalls, monitoring/patching, and strong passwords.

You may be wondering how to get the protection you need to keep your IT infrastructure safe. If you have an in-house IT staff, they may have the skills to implement some of the solutions outlined in this article. Or, you may want to hire an outside IT provider to beef up your protection.

There are two categories that most IT providers fall into:  break/fix and managed services. Break/fix providers take care of things when they break and charge customers per fix. Managed services providers offer a package of proactive services through a monthly subscription that is designed to keep your network safe, efficient, and available. Both have their place

A break/fix provider may be a good solution for a small, one-site business with a limited budget and a simple IT footprint. Managed services may be better for a business that has multiple sites or a more complex IT infrastructure.  

This article, IT Break/Fix Vs. MSP: Cost, Reliability, Security, Productivity, explores the pros and cons of each solution.  

Kelser is an IT provider that focuses on implementing a proactive managed services approach to caring for the IT architecture of clients. We’ve been in business for 40 years and have helped hundreds of companies just like yours enhance their IT safety profile. 

While we know that managed services aren’t the right solution for every organization and that they might not be right for you, we’d be remiss if we didn’t point it out as one of your options. 

Learn more about managed IT services by reading this article: How Much Does Managed IT Cost? What’s Included?

Take the Cybersecurity Quiz

About Dave Bykowski

Dave Bykowski is Kelser's manager of information security and compliance. Dave's multiple certifications and nearly two decades of industry experience help him guide businesses in their journey towards cybersecurity and compliance.

Suggested Posts

Visit Our Learning Center