Blog

Home / Resources / Blog Post

Anatomy of a Ransomware Attack

Written by Teknita Team

August 10, 2022


Ransomware is Malware that commonly uses encryption to hold a victim’s data for ransom.  An organization’s data in encrypted so that they cannot access.  Ransom is then demanded to unencrypt and make it available again.  Ransomware is usually designed to spread across a network and target database and file servers.

An attacker can gains access to the environment through a targeted attack, via email spam or phishing or an existing vulnerability they discover.  Once access is established, the malware encrypts data using a key pair generated by the attacker.  Once specific goals are met the ransomware prompts the user for a ransom to be paid to decrypt the files.  If the ransom is paid then the attacker would promise to deliver the private key to the organization so they can decrypt their data.  Unfortunately even if the ransom is paid, some organizations never hear from their attacker again and they are not provided the key.

How it Happens?

Ransomware often starts through a phishing email that contains an infected or malicious attachment.  Other attacks can start by someone downloading a file that was infected or unknowingly allowing an application to be installed by a website.  Another possible entry point is through a vulnerability in a particular application or OS.  In many cases these vulnerabilities are identified with patches provided by the software vendor.  WannaCry was an example of a ransomware attack that took advantage of a vulnerability in the Windows OS.  The vulnerability was identified with a patch provided before the attack, but infected computers had not applied the patch or were running a version of the Windows OS that was out of support.

How to Protect Yourself?

Patching

The best and easiest defense is to make sure that all laptops, servers and network devices are kept up to date with the latest patches and firmware.  In many cases, vulnerabilities are identified by the vendor or other Whitehat hackers and reported to the vendor so they can correct the problem.  This usually happens before the vulnerability can be exploited.

Patching has become straightforward with several ways to automate including:

  • OS Settings – Automatic download and installation of patches can be configured within the OS though sometimes reboots are not automatic and require attention.
  • Azure Update Management – Used to manage operating system updates for Windows and Linux VMs in Azure or Physical or virtual machines in on-premises environments.
  • AWS Systems Manager Patch Manager – Similar to Azure Update Management, AWS Patch Manager allows for cloud and on-prem patch application and updates.
  • WSUS/SCCM – Microsoft offerings provided to automate and report on patching of Windows machines.
  • Third party patching tools – Some 3rd party patch automation tools exist that improve on or simplify the features within SCCM.

Network Segmentation

Many malware packages including Ransomware spread to new machines from infected machines on the same network.  If an organizations network is completely open then 1 infected machine can be used to infect everything.  Segmentation improves security by dividing a network into segments to control how traffic flows across the network.  This segmentation limits traffic to where it needs to go and can limit the damage and spread of malware.  A related best practice is to isolate access from third parties via dedicated access portals.

Security

Make sure to keep current on recommendations for updates to protocols and best practices. Organizations should also consider encrypting their data.  This will ensure that even if there is a data breach, the attacker is not able to use the data as part of a ransom threat.  That said, Ransomware can re-encrypt data so this is not a protection against a Ransomware encryption attack.

Another area to review is the organizations authentication practices. If an attack is started due to a password obtained through a 3rd party breach then it is very easy for an attacker to place malware anywhere that the breached account has access.  With 2 factor (or multi-factor) authentication this becomes much less likely as the attacker would also need to be in possession of the account owners’ phone or have access to their secondary email account.

Training

Educate the user community on what Phishing looks like and proper etiquette for content from unknown sources.  The best defense is to make sure that staff are not clicking on unsafe attachments, browsing to unknown website, or downloading unsafe content.

Backups

Every organization should have a backup process in place though most have focused on recovering from equipment failure.  Many backup processes simply make sure that the data is backed up onto a device other than the one being protected.  With ransomware this is not enough as many impacted organizations discover that their backups are also encrypted and useless for a recovery effort.  For proper protection organizations must incorporate multiple copies of data, use different storage media and keep at least 1 copy offline or otherwise inaccessible by the source network. Cloud backup solutions can also achieve this using multi-factor authentication and network segmentation in addition to minimum retention range checks which ensure at least one recovery point in case of attack. 


You can read more about Ransomware Attack here.

Teknita has the Cyber Security experts to support all your technology initiatives.
We are always happy to hear from you.

Click here to connect with our experts!

0 Comments

Related Articles

How ECM Simplifies Public Sector Operations

How ECM Simplifies Public Sector Operations

Government organizations operate under unique challenges—managing vast amounts of information, ensuring regulatory compliance, and delivering timely services to citizens. In an era of digital transformation, traditional systems can no longer keep up with the demand...

Streamlining Compliance for Global Tech Companies with ECM

Streamlining Compliance for Global Tech Companies with ECM

For global tech companies, compliance is more than a regulatory obligation—it’s a cornerstone of building trust with customers and stakeholders. However, navigating the complexities of international regulations, from data privacy laws like GDPR to industry-specific...

How ECM Optimizes Product Lifecycle Management in Consumer Goods

How ECM Optimizes Product Lifecycle Management in Consumer Goods

In the highly competitive world of consumer goods, time-to-market and operational efficiency are critical for success. Managing a product’s lifecycle—from initial concept to retirement—is no small feat, especially when faced with challenges like fragmented data,...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Keep up to date with the latest industry news.

Follow Us

Lets socialize!