- Cloud Protection
- Compliance
- Data Leak Prevention
- Bring your own device
- Copy protection
- Data access control
- Data at rest
- Data in transit
- Data in use
- Data leakage
- Data loss prevention
- Data security
- Data security posture management
- Data security breach
- Data theft
- File security
- Incident response
- Indicators of compromise
- Insider threat
- Ransomware attack
- USB blocker
- BadUSB
- USB drop attack
- Data Risk Assessment
- File Analysis
- File Audit
Ransomware attack
What is a ransomware attack?
Ransomware is a malware type that is designed by cybercriminals to hold a victim's data hostage until a ransom is paid. The perpetrators usually encrypt and block legitimate access to the data and threaten to expose the sensitive content online if the ransom is withheld.
During a ransomware attack, the organization is pressurized to make the ransom payment, mostly in the form of cryptocurrency like Bitcoin to gain access to their data. Perpetrators target both individuals and organizations for a ransomware attack.
Types of ransomware
Though ransomware has evolved a lot, most ransomware attacks can be grouped into either one of the below-mentioned categories. They are:
-
Lock screen ransomware
This type of ransomware freezes the user's computer screen, blocks most basic functions, and demands a payment to unlock the screen. This ransomware is mostly used to target individuals and does not go after their critical data. It is deployed at the OS level and makes the device inoperable.
Examples: Reveton
-
Crypto ransomware
This type of ransomware infects and encrypts an organization's business-critical data and turns them into unreadable gibberish. Though all basic device functions are left uninterrupted, crypto-ransomware instigates huge panic as data is the lifeblood of any business. As daily operation comes to a standstill the perpetrators will demand payment be made before a stipulated deadline.
Examples: CryptoWall, CryptoLocker, NotPetya, and WannaCry.
Ransomware attack examples
Find a few examples of ransomware listed below:
| Ransomware variant | Type | Infection vectors |
|---|---|---|
| WannaCry | Crypto | Exploited an unpatched security vulnerability in Windows called External Blue |
| Locky | Crypto | A phishing scheme used to gain unauthorized access |
| BadRabbit | Crypto | Drive-by attacks where users are tricked into installing malware disguised as an Adobe flash installment |
| Petya | Crypto | Uses a corrupted Dropbox link to corrupt the system's harddrive master boot record |
| REvil | Crypto | Software supply chain attack where Kaseya software is used to infiltrate the organization's network |
| Ryuk | Crypto | Download as a service is used to infect the targeted organizations |
How ransomware works
Find the details below on how a ransomware attack happens, the various phases involved, and how it spreads. For more information, check out this infographic.
-
Reconnaissance
Perpetrators probe the target organization's network searching for weak spots they can exploit to deliver the ransomware.
-
Distribution
A myriad of attack vectors like email phishing, malvertisement campaigns, exploit kits, and such are used to deliver ransomware.
-
Infection
The ransomware infection quickly proliferates and distributes itself, taking advantage of inherent security vulnerabilities to infect and encrypt critical data.
How to stop ransomware from spreading
Ransomware attacks have become more sophisticated in recent years, and so should IT teams. Combining ransomware detection best practices along with robust detection and response tools is essential to stop the spread of ransomware within your data stores.
DataSecurity Plus helps meet this need by protecting your organization against ransomware proliferation with real-time file server auditing, and employing personalized and automated scripts to stop the spread of ransomware within your organization's perimeter. Its rapid responses aid in damage mitigation by isolating infected machines, locking out user accounts, and ending user sessions.
When used in combination with the below best practices, organizations can leverage DataSecurity Plus to protect their data from ransomware attacks.
Ransomware cyberattack prevention best practices
Check out our eight best practices to prevent ransomware attacks.
- Patch system vulnerabilities regularly.
- Use an intrusion detection system.
- Conduct security awareness training for end users.
- Run only allow-listed and trusted applications.
- Keep your networks logically separated.
- Employ a strong email filtering solution.
- Ensure the principle of least privilege across your data stores.
- Deploy ransomware detection software.
For more in-depth instructions on how to manage ransomware attacks, check out our ransomware prevention and response checklist.
Ransomware protection using DataSecurity Plus
ManageEngine DataSecurity Plus is a data visibility and security platform that helps detect and quarantine potential ransomware attacks instantly. The below capabilities illustrate how to detect ransomware attacks usingDataSecurity Plus.
- Spot ransomware attacks quickly by keeping a close eye on its indicators like sudden unexplained surge in file rename, deletion, and permission change activities.
- Notify first responders and stakeholders regarding the ransomware attack via email.
- Trigger instant threat responses that can shut down the infected system, kill malicious processes, disconnect rogue users' sessions, reload damaged files from a backup, and more.
- Locate ransomware-corrupted files by comparing them with our up-to-date list of known ransomware extensions.
- Enable quick forensic analysis using our detailed audit trail that captures all file and folder activities 24/7.
Try out the above functionalities and more using our 30-day, fully functional, free trial.
Download your free trialA quick video on how DataSecurity Plus helps detect and protect against ransomware attacks.