How Does a Ransomware Attack Work?

Ransomware is one of the various kinds of malware that are used by hackers during malicious attacks of companies and individuals. It is one that is developed through cryptovirology which is the method by which hackers create viruses to hack into systems. Ransomware is different from other malware in that it locks down the user’s access and data, effectively holding it “ransom” until a determinate sum is paid to the deployer of the ransomware.

What is a ransomware attack?

Ransomware attacks are malicious attacks by hackers that lock down your systems and data to get ransoms paid in exchange for release of the data. Some recent examples of these in 2020 include companies like Garmin, which paid the largest ransomware attack to date at $10 million. Also, Software AG, UC San Francisco, ISS World, and Cognizant. The damages incurred by companies such as the ones mentioned ranged from $50 million to $70 million. These attacks originate from a hacker who makes a code, sells it on the “dark web” and then the buyer of the code is set loose on the internet waiting for a victim to trigger it. This malicious chain of attackers remains anonymous while making money from its victims.

Should a business pay a ransomware attack?

In short, no. The Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued guidelines which provide that payment of ransomware may violate federal law. This falls under OFAC’s sanctions provisions that may lead to fines in the millions of US Dollars. In addition to the regulations provided by OFAC, business also have fiduciary duties with their clients and employees, whose information may have been compromised during a ransomware attack. Paying the ransom could potentially lead to legal issues of the breach of the fiduciary duties that are owed to your employees or clients.

What do you do if you suffer from a ransomware attack?

Rather than paying the ransom here are some options that can help strengthen your business’ response to a ransomware attack: Isolate the system; kill off communication channels with the infected areas of the system; block IP addresses; use your IT professionals to find decryption keys; secure backup data; preserve locked files; check for infections; and call law enforcement. Additionally, there are various steps that a business can take to secure its system and hedge against possible ransomware or malware attacks. These include ensuring that your business has backup servers or saved backups of data, prepare a strong incident response plan in the case that an attack occurs, acquire cybersecurity insurance policies, carry out data breach assessments with IT professionals, and routinely seek penetration testing to ensure that all access points to your system are secured.

*Disclaimer: this blog post is not intended to be legal advice. We highly recommend speaking to an attorney if you have any legal concerns. Contacting us through our website does not establish an attorney-client relationship.*