Despite being one of the main cyber threats, defending against Ransomware attacks is possible, knowing how they work and the methods they use to spread.

As these attacks have become known and greater awareness of the risks has spread, the efforts of cybercriminals to develop increasingly sophisticated attacks have increased considerably, capable of deceiving even the most attentive users and trying to obtain the most benefits. Just think of the evolution of double extortion, which not only involves encrypting data but exfilters them, threatening their dissemination in the event of non-payment, or Ransomware as-a-service, i.e. the practice of making malicious codes available behind the payment of a sum, a kind of rental that allows you to maximize income. However, defending is still possible, preventing a successful attack from occurring.

How Ransomware Attacks Work.

Ransomware is a malware that aims to induce the payment of a sum of money in order to access data that has previously been encrypted. In some cases, the data is not encrypted but is only prevented from accessing the device through a lock screen. When a PC has been infected, the user sees a request for a payment on the screen, generally to be made in cryptocurrencies.

The phases of an attack can be summarized in 4 steps:
  1. The installation. Once the malicious code has been entered into the system, the Ransomware installs itself on the device and on all those it can reach connected to the same network, at this point the encryption keys are exchanged with the command center controlled by the criminals.
  2. Data encryption. All data that is found is encrypted and made inaccessible.
  3. The ransom. At the end of the encryption procedure, the ransom request is sent, generally shown on the screen, with all the instructions for making the payment.
  4. Data recovery. The victim can decide to pay, but there is no guarantee of recovery of all data, he can look for methods or tools that allow him to intervene by decrypting the data or restore the devices with backup copies previously saved.

It is clear that the best defense against this type of attack is prevention.

How to avoid getting a Ransomware attack.

As we have seen, the installation phase begins when the Ransomware is introduced into the victim's device. To do this, cybercriminals use several methods. The most common is the phishing email, which contains a link to an infected web page or a compromised file attached. This mode owes its success to the lack of attention of users, however as the awareness of risks has increased over time, even phishing emails are becoming more and more sophisticated in order to deceive more and more users. So they are disguised behind a facade that recalls companies or people you know, in which you trust, such as the e-mail address of a friend or colleague, or using the logos and colors of well-known companies and probable providers of services such as electricity or telephone .

Other ways to spread Ransomware can be vulnerabilities in installed programs or operating systems, browsing on already compromised sites where cybercriminals have previously installed the virus or on fake sites, specially created by copying famous sites that do not arouse suspicion.


Methods to spread Ransomware:

  • Links or attachments received via phishing emails;
  • Downloading without your knowledge by browsing already compromised websites or fake websites;
  • Through external media such as USB sticks;
  • Through other downloaded software, usually free ones;
  • Exploiting vulnerabilities in operating systems or programs;
  • Through Remote Desktop attacks, which involve the theft of credentials to gain control of the device.


How to defend against and prevent Ransomware attacks.

The widespread use of this attack mode indicates not only the sophistication of the attacks but also the continued lack of attention from users. Given the ways in which Ransomware spreads, here are the best practices and rules to avoid being a victim of it.

  1. Make a periodic backup of the data on the external disk. It is a good practice to be able to recover data in case you come across a Ransomware.
  2. Beware of phishing emails. Protecting your inbox from junk mail is essential, as well as always paying close attention to the e-mails you receive. Check the sender and always check if such a communication has a prerequisite, avoid being carried away by curiosity but adopt a critical look at everything that comes out of the ordinary.
  3. Pay attention to the websites on which you browse, avoiding those dubious ones from which to download free software at the limit of legality and always check the domains to identify any fake sites. There are also web security gateways that monitor traffic by identifying any malicious sites or ads.
  4. Perform periodic updates of the operating systems, perhaps setting the "automatic" mode to avoid risks associated with vulnerabilities.
  5. Using up-to-date Anti-Spam and Antivirus services do not eliminate the risk but certainly greatly increase protection by identifying and blocking computer viruses. This obviously also applies to mobile devices.

What to do if you have been the victim of a ransomware attack.

If it is not possible to recover the data from the backup, you can contact a company expert in data recovery or check if there are solutions on the network to decrypt the files following the attack of a specific Ransomware. What absolutely must never be done is to pay the ransom!


Why not pay the ransom:

  • many times, despite the payment, the key to decrypt the data is not provided;
  • if this is also provided, the total recovery or recovery of the compromised data is not guaranteed;
  • often these attacks leave other components or codes in the pc, making it vulnerable to future attacks;
  • paying a ransom helps fuel resources used by criminals to develop new attack methods.


newsletter image