Ransomware is a form of malware or malicious software, and the goal of it is to lock and encrypt a victim’s computer or device data, then demand payment or “ransom” to restore access. This can be especially tricky for businesses because computers are often on a local network, which can become infected rapidly without prompt action, and may lead to your website becoming a host to such a malady. Businesses with continuous website application maintenance programs can drastically reduce their risk of ransomware and hacking activities.
ProTip: Frequently back up your site and never pay these cyber criminals because you certainly can’t trust they will restore your files.
What is Ransomware?
Ransomware holds your local files hostage, keeping you from your documents, media, photos, financial information, and other important data. Your files are still on your computer or server, but the ransomware has encrypted your device(s), making your data inaccessible. If your site becomes a host to ransomware, your users could potentially become infected just by interacting with your website.
Ransomware can be classified into two types: Human Attack Vectors and Machine Attacks Vectors.
Human Attack Vectors
Typically, ransomware needs your help to enter your computer or network. Malware is manipulative and will use deception to convince individuals to give up confidential or personal information that may be used with intent to defraud the victim. Some wise advice: If you wouldn’t typically give up the information the malware is asking for, don’t give it up now.
Some common Human Attack Vectors include: Phishing, SMSishing, and Vishing – the types of ‘ishing explained:
Phishing
Uses spoofed (fake) emails to trick people into clicking on a link or opening an attachment that carries malware. The email might be sent to just one person or all of the people within a company. If attackers feel they’ve “got a good one”, they will take the time to research individual targets and businesses, so their email appears completely legitimate.
SMSishing
similar to phishing, SMSishing uses text messages, as opposed to emails, to get users to navigate to a malicious site or enter personal information on their mobile device. Common SMSishing approaches use ‘urgent’ messages that appear to be from a financial institution or other common service providers.
Vishing
Uses voicemail to deceive the victim. The voicemail recipient is instructed to call a number that appears totally legitimate. If the victim calls the number, they are taken through a series of actions to correct some problem that doesn’t actually exist. The instructions will always include having the victim install malware on their computer or device through one or more actions.
Instant Messaging
Instant messaging users can be hacked through just about any IM client (IM software application) by cybercriminals. IM can be used to distribute malware to the victim’s entire contact list once they are infected. This technique is one of the classic methods used to distribute ransomware to unsuspecting recipients.
Ransomware Hidden in Plain Sight on Social Media
Social media, in all of its popularity today, can be used by ransomware organizers to convince a victim to open a downloaded image from a trusted social media site or possibly take other action which opens their machine to vulnerability. The malware carrier could be music, a video, or other types of active content that infects the user’s system once it is opened.
Machine Attack Vectors
Another type of attack vector is machine to machine. All this may take is a simple visit to an infected website. Crazy right? The machine attack process is automated and doesn’t require any human trigger to invade your computer or network. Again, crazy, right? Here are some types of machine ransomware/malware attacks to be aware of:
Software or System Vulnerabilities
Software and System vulnerabilities to ransomware most often happen to software that is not patched with the latest security releases. Cybercriminals make a point to learn the vulnerabilities of specific systems and versions and will exploit those vulnerabilities to sneak in and install ransomware on your site, your network, and/or your individual hard drive.
Drive-by Malware-ing
All it takes for the victim to become infected is to open a webpage with malicious code in an image or active content, and they never saw it coming.
Malvertising (Malware in Advertising, Oof)
Malvertising is similar to the drive-by, but this uses ads to deliver malware. Ads are displayed on search engines and many popular social media sites in order to reach a large audience. An extremely common platform for malvertising is adults-only 18+ sites like casino game sites or sites that may feature – you know – some skin.
Network and Shared Services Propagation
Companies without adequate security might have their company file server and other network shares infected like wildfire. From there, the malware will spread as far as it can until it runs out of accessible systems or meets security barriers, which puts all users at risk.
Online file-sharing or syncing services can be used to propagate ransomware. This can start with a shared folder on a home machine, then can be transferred to an office or other connected machines. If the file sharing service is set to automatically sync when files are added or changed, this can create a widespread infection in mere milliseconds.
How do I know if my site is a host to ransomware?
Malware takes a very keen eye and may not be readily obvious. Malware is so effective because of its ability to remain hidden from the website owner or visitors. Rarely will you see any defacement or change in the appearance of your site due to ransomware. Take swift action if you notice:
- A change in your account login information without consent
- Modified or deleted website files that you didn’t authorize
- Frequent website freezes or crashes
- Blacklisting or harmful content warnings on your site analytics, or a noticeable change to your search engine visibility without content modification on your part
- A rapid drop or increase in traffic to your site
We recommend confirming your suspicion of malware with the use of a URL scanner. There are many websites that will scan any URL for free to see if your URL has been flagged for malware. If your site is flagged for malware and you want to find the source of the infection, you can start by looking at your website’s code. Read code? Me? Can you help me?
Constantly keep an eye out for changes.
First of all, and we can’t stress this enough: Back up your site. Back it up… back it up some more. A best practice is to keep frequent backups of your website. You can even automate this by using services that create backups on a schedule. Backing up will ensure you have a clean copy to restore your site if a cyberattack happens. If you have the time to learn, knowing what the clean, normal code on your website looks like can give you an advantage in identifying potential signs of malware.
How can I prevent ransomware from invading my website?
Be cautious. Always consider the settings you use for systems that automatically sync. Take extreme caution in sharing files with others unless you know exactly where they originated.
There are many precautionary measures you can take to prevent a ransomware attack, and educating yourself about these can go a long way for prevention.
- Always make use of anti-virus and anti-malware software, and make sure it is up to date.
- Back up your files, back up your website and isolate backups from local and open networks. Keep offline backups of data stored in locations that are totally inaccessible from any potentially infected computer, such as disconnected external storage drives or the cloud, which prevents ransomware access.
- Always install the newest security updates issued by your software providers Patch early and patch often to keep known vulnerabilities closed off from operating systems, browsers, and plugins.
- Run endpoint protection software to keep email servers and network systems from infection.
- Always use caution when opening email attachments and links, and know how to identify spoofed email addresses or contact imposters.
- Use network segmenting to keep critical computers isolated and to prevent the spread of malware in case of attack. Disable unnecessary network shares whenever possible.
- Allow users the minimal system permissions possible to prevent accidental administrator changes, and restrict write permissions on file servers.
- Most importantly, educate yourself, your employees, and those close to you in these best practices to keep malware out of your systems and off your website.
Where can I get help if I discover ransomware?
The best way to respond to a ransomware attack is to avoid having one at all, but in the unfortunate event you discover ransomware and need assistance in a hurry, take a breath, don’t panic, and give the team at CommonPlaces a shout to help you out.
