Ransomware: What it is, Who’s at Risk, and How to Stop an Attack

Last year was riddled with ransomware attacks with thousands of systems compromised as a result. With technology evolving at the current rate, hackers are finding more and more ways to attack. For example, ransomware is no longer limited to affecting desktops or laptops — it can also target mobile devices. A report by Kaspersky noted that there was a 250% increase in mobile ransomware attacks just within the first few months of 2017.

Thankfully, the ever-evolving technology also gives us more ways to protect against these attacks.

The first step toward protecting yourself and your business against ransomware is knowledge. Understanding what ransomware is and how it works can help you take the necessary security precautions. Below, we’ll delve into the history of ransomware, the various ways it accesses devices, who is at risk, and some of the technologies and best practices you can follow to prevent an attack or save encrypted data.

Are you prepared for an attack? Click here for our free checklist and learn how to stop ransomware in its tracks.


What exactly is ransomware and where did it come from?

Ransomware is a form of malicious software that blocks and/or locks your computer and prevents you from accessing your data until you pay a ransom. Both the attacks and the ransoms can come in many different forms. Some demand payment, some threaten with harm, and others do both.

According to an article by Heimdal Security, ransomware first appeared in 1989 in the form of the AIDS Trojan; where malware was spread using floppy disks and demanded victims to pay $189 as ransom. More commonly noted instances of ransomware occured in Russia and Eastern Europe between 2005 and 2009. Victims were demanded to pay using SMS messages or by calling a premium rate phone number, since online payment wasn’t as available as it is today.

Since then, ransomware attacks have continued (and continued to evolve) at an alarming rate. In 2013, CryptoLocker — a software that locks and unlocks victims’ files — infected over half a million victims, extorting around $27 million from the percentage of users who paid the ransom. In 2017, victims were hit by WannaCry, one of the most wide-spread malware attacks, which infected Windows users by encrypting files on the hard drive and demanding Bitcoin payment from the victims.

Ransomware today can generally be classified into two types: encrypting and locker. Locker is also known as MBR or Master Boot Record exploit. Encrypting ransomware blocks files using encryption algorithms, and demands payment in order to decrypt the blocked data. Examples of this type are CryptoLocker and CryptoWall. According to Wired, “with the development of ransom cryptware, [it] encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.” Whereas, locker ransomware locks the user out of the operating system, blocking access to the entire desktop without actually encrypting any files, such as police-themed ransomware. There is also a less common type of ransomware known as leakware or doxware, that threatens to release sensitive data from the user’s computer unless the ransom is paid. To read about the different variations of encrypting and locker ransomware, check out this source.

How does ransomware spread?

Understanding exactly what ransomware looks like is crucial because you’ll know how to look out for phishy signs. Heimdal Security goes into detail describing the various characteristics that make ransomware unique from other forms of malware. Keep an eye out for these actions, which may indicate a ransomware attack:

  • Encrypting all kinds of files
  • Scrambling file names
  • Adding extensions to files
  • Displaying an image or message that your data has been encrypted (and asking for a ransom)
  • Requesting payment in Bitcoins
  • Limiting the time available to make a payment (and/or threatening if payment is not met)
  • Spreading to other PCs (within a local or wide area network)

All forms of ransomware can be spread through infected email attachments (phishing scams), software apps, external hard drives (e.g. flash drives), drive-by downloads, SPAM, out-of-date anti-virus, and compromised websites. Not to mention there’s now infected SMS messaging to target mobile devices.

Now that you have a better grasp on what signs to look for, we’ll discuss who are the most likely targets of a ransomware attack and what you can do to protect yourself and your business.

Who is at risk of a ransomware attack?

Unfortunately, basically everyone. Since there are variants of each type of ransomware and new forms are coming out at an ever-increasing pace, it’s nearly impossible to predict who the next victim(s) will be. That being said, we can make some educated guesses.

By analyzing the circumstances and characteristics of past victims, we can figure out why some users were attacked — helping us predict who might be at risk in the future. Presently, we know that some attackers aim for businesses only, while others aim for the average individual user. Here are some of the reasons why:

If users don’t have any kind of data backup, attackers will definitely take notice. And users are less likely to have knowledge about proper IT security, therefore they’re more likely to open phishy emails or click on suspicious links. Attackers also look for users who don’t keep their software up to date and lack of basic cybersecurity knowledge.

As for businesses, they’re targeted often because they’ve proven more lucrative than the individual. If a ransomware attack is causing a major disruption, they’ll likely pay off the ransom quickly, no matter the amount. In addition to all the computers housed within a business’ building, Heimal Security points out that ransomware can infect “servers and cloud-based file-sharing systems, going deep into a business’s core.”
It’s no surprise that large businesses and corporations are targeted because they have the ability to pay off a large ransom if all or some of their computers and data are attacked.

Small businesses also fall prey to ransomware because of IT security negligence. Many — especially new startups —- don’t have security in place and are unprepared to deal with security breaches.

Some businesses and individuals are guilty of thinking a malware attack won’t happen to them. But, according to Wired, “at least $5 million is extorted from ransomware victims each year.” The damage caused by ransomware attacks cannot and should not be ignored. Experts say that a ransomware attack can cost a user between $200 and $10,000, and more than 50% of businesses surveyed have paid anywhere from $10,000 to $40,000.

Thankfully, there is technology available to guard against malware, and some practices you can learn to protect yourself or your business from becoming another victim.

What are some technologies and best practices you can follow?

As we mentioned previously, understanding what ransomware is and how it works can make you less vulnerable to an attack — knowledge is power!

The next step to ensure basic IT security for anyone is to install antivirus protection on your computers/devices, and to keep all your operating system and software up to date. Updating promptly and on a regular basis gives attackers fewer vulnerabilities to exploit.

Then — and we can’t stress this point enough — backup all of your data. This doesn’t stop a ransomware attack, but it will make it a whole lot easier when it comes to recovering from an attack.

Some of the best practices you can follow to prevent falling victim to ransomware are:

  • Never open spam emails or emails from unknown senders;
  • Never download attachments from spam/suspicious emails;
  • Never click links in spam/suspicious emails.

Pro tip: If you receive emails from Microsoft or some other well-known brand name asking for your account information or payment, be sure to check the sender’s email address. If it’s not directly from, or looks suspicious in any other way – don’t open it or click any links within them.

If you’re removing ransomware (on a Windows system) you can follow these steps lined out by CSO Online:

  • Reboot Windows 10 to safe mode
  • Install anti-malware software
  • Scan the system to find the ransomware program
  • Restore the computer to a previous state

As soon as you notice either the ransomware warnings or evidence of encrypted files, unplug you PC from any network! The virus will crawl your network and infect any files or machines it finds — you need to contain the infection.

There are also professional cybersecurity researchers working around the world to break the encryptions on large-scale ransomware attacks. Unfortunately, if you didn’t backup your data, there is no way to get your data back or decyrpted without paying the ransom. Remember, you need to remove any malicious software before you restore from a recent backup. When in doubt, always reach out to your IT department or an IT professional service like ours at Advance2000 as soon as possible. We can help you recover your files and hardware.


There is no reason for anyone to feel helpless when it comes to ransomware. With basically unlimited information about ransomware on the internet and the ever-evolving technologies to keep your computers and data secure, you should be able to safeguard yourself against most malicious ransomware attacks.

To help, we’ve partnered with Sophos to provide you with a comprehensive checklist outlining exactly how to stop malicious ransomware attacks in their tracks. Click below to ensure you’re prepared in the event of an attack:


13 Eye-Opening Cybersecurity Facts

In light of recent global cyberattacks (read: WannaCry), it’s more important than ever to understand the risks of poor cybersecurity.

According to Skyhigh, virtually every organization experiences at least one cloud-based threat per month. In fact, three out of four IT professionals cited their businesses were at risk for cybersecurity (and man-made) disasters.

Many businesses may not have the budget for high-end security, or may consider it an unnecessary expense. Unfortunately, the cost of not having a solid security plan and strategy in place can far outweigh the price of investing in security. According to IBM, the global cost of cybercrime will reach $2 trillion by 2019 and $6 trillion by 2021. And money is not the only aspect of your business you can lose to a security breach. You can lose years of your organization’s and your clients’ data, which can result in loss of trust and even overall business from your clients.

With the recent security breaches and ransomware attacks, we thought it pertinent to remind you of the seriousness of cybersecurity. Below are a collection of staggering facts and statistics about cybercrime and cybersecurity to keep in mind.

Be smart and stay safe!



IT Security Consultation


How to Protect your Company from Cyberattacks

Let me begin with a hard truth: Your company is at risk from cyberattack.

It’s true; every firm is at risk, and most will be attacked in some form, at some point in time. It’s nearly inevitable.  However, there are things you can do to protect your firm from a cyberattack, and ways you can mitigate the damage if you are attacked.

What kind of company data needs to be protected from a cyberattack?

There are three categories of company data you need to protect. They are the company’s intellectual property, employee information, and client data.

Company Intellectual Property

The company’s intellectual property includes processes and procedures, firm standards, templates, and forms.  It also includes firm documentation and how-to information, like patents, formulas, recipes or other proprietary information.  It includes marketing information, client names and client information, the types of projects you are pursuing, and other competitive information.

Client Data and Information

The next thing that must be protected is client data.  Client data includes work product – such as project drawings, designs, and schedules.  It also includes information about move dates and expansion plans.  In addition to protecting client project information, you need to protect client intellectual property.  This includes clients’ employee names, information about projects you’re working on for them, client growth patterns, and departmental or organizational structures.

Employee Information

Finally, you need to protect your employees’ personal information.  Personal information like the names of employees, their addresses, social security numbers, and other personal information like spouse and children’s names.  You also need to guard employees’ financial information, information about direct deposit and bank information, as well as payroll and salary information.  Finally, you must safeguard employee personal health information like doctor’s names, health claims, coverage amounts, and other confidential information.

What do you need to be protected against?


File Corruption / Loss of Data

You need to maintain data integrity.  You could be attacked by malware, ransomware, or viruses. Your data integrity can be compromised by file corruption, backups that fail, or files that cannot be restored.

There might also be data errors caused by a translation.  For example, if you send files to others as part of your work process and you translate those files from one program format to another, there might be errors or changes caused by the translation programs.

Access to your Data

In addition to the integrity of the data, you need to protect data access (who can get into and access your information).  You must guard against a compromised network or security access problems.  Penetration testing can check your vulnerability against an outside attack.  There’s also a type of attack called “denial of service” that can prevent you from accessing your data.

A malicious or disgruntled employee might change passwords or erase or steal files.  A technology disaster can cut off access to your data.  A server or disk drive can fail, or your internet connection can fail or be disrupted.  A building or office disaster can keep you from accessing your data.  If your office is compromised by fire or another building problem, you might not be able to physically reach your office.  If there is a fire or problem in another part of the building, you might be forced to leave and lose access to your data.  Then there are plain-old hackers, people who try to break into your network to either cause damage or steal information.

Hackers often use social engineering to get to your data.  Social engineering takes advantage of peoples’ good nature; they use peoples’ willingness to help to break in.  For example, a hacker might play on someone’s fears by telling them they have a computer virus infection and trick them into loading software, or giving away passwords or user account names.  Unfortunately, people are generally trusting and sometimes naive – we don’t want to believe others are malicious. For this reason it’s important to understand that employees can be tricked very easily into sharing or giving access to confidential information.


The last and most important thing is to protect your company’s reputation and your client’s confidence.  Your clients count on you to keep their data safe.  If there is a security breach or a problem with client data it is very difficult to regain their trust.  You can’t unring the bell.  It is easy to restore a client’s files but it may be very difficult to regain a client’s trust.

How can you protect your firm from a cyberattack?

To protect your firm, it’s important to always be prepared; expect that you will be attacked at some point.  Every firm should prepare for and expect some type of cyberattack.  Firms that work more collaboratively – especially when using BIM – are at higher risk.  Being more collaborative means being more open, which, in turn, increases your risk.


Expect the unexpected by developing a plan to deal with cyberattacks.  You will never eliminate all risk, but you can mitigate most of the risk with a good plan.  Your plan should explain step-by-step what to do in the in the event of a cyberattack and explain to employees how to get help. Your plan should not be overly burdensome or people will find ways to work around your security.  You can spend a lot of time and money on a security plan, so it’s important to decide how much to spend to get the greatest benefit.


Take the time to train your staff.  Your staff needs to understand the risks and know what to do in case of a cyberattack, as well as how they can protect themselves from a cyberattack.  There must be policies and penalties for violating the rules.  Encourage your company to take security seriously.

Backup / Disaster Recovery (DR) Plan

You must have good backups and a disaster recovery plan.  You should have three copies of your data, the original copy, a local onsite backup of the data and an offsite copy of your data.

[Check out our blog post on how to write a disaster recovery plan for your business]

Check your backups and archived files. Having multiple copies of your data is useless if it’s all corrupted. For archived data, keep in mind that certain file types might be discontinued or no longer usable with current software.  For example, does anyone still have old Lotus spreadsheet files? .WKS or .WK1 files?  You can’t open them using current spreadsheet software. You might need to archive a copy of the original software and operating systems used to read and access old files or develop a plan to update old archived data. Test restore your backed-up files and don’t assume everything will just work.

Passwords / Encryption

Consider encryption – at least for laptops and mobile devices.  Laptops are often lost or stolen, or might be left in a hotel, airport, or cab.  If the mobile devices are encrypted, you’ve lost a piece of hardware, but your data is safe.

People must use secure passwords.  I know, I know: employees hate using secure passwords that are hard to remember, but requiring a new password every 90 days is not asking much.  That’s only four times a year! Consider using multi-factor authentication wherever possible.  Multi-factor authentication uses a third party to authenticate access to an account.  Any account that needs to be very secure – whether it’s a bank or legal account, or just a secure website – should be using multi-factor authentication to be safe.  VPN connections to your office network should also use multi-factor authentication.


Monitor your network access.  You need to know who has been on your network and when.  If you see anything strange, question it.  Do employees really need to be on the network at 3 AM?  It might be legitimate, but you should know what they’re doing and why.

Good Policies (with teeth)

Implement written policies that describe and outline what you expect from your employees.  You should have a policy for email usage, a general IT policy, an equipment policy, and an internet usage policy.  You should outline how to protect the firm’s intellectual property and what you expect employees to do to keep it safe.  Your policy should also describe what happens when the rules are not followed and there’s a problem.  As I mentioned before – there should be penalties.  Policies need to have teeth to be effective.  Employees should know that they must follow the rules or bear the consequences.

Anti-virus / Anti-malware / System Patches / Updates

Finally, make sure that your systems are up to date with the latest security.  Check your anti-virus and anti-malware software to make sure it is up to date and scanning properly.  Change the default passwords on all hardware.  Download and install all operating system security patches.  If you are still using old software that is no longer supported or updated, you are at risk. Work with your vendor to get your software up to date.

Get Help

If you don’t have a disaster recovery plan or IT security strategy, now’s the time to make it happen. If you need help protecting your firm from cyberattacks, Advance2000 can help.


IT Security Consultation