What is ransomware and how does it work?

Ransomware is malicious software that infects a computer and restricts the computer’s use until the victim pays a ransom to restore functionality. A ransomware compromise begins with a vulnerable computer or computer with vulnerable third-party software. A user on the vulnerable machine clicks a link in a malicious email, or visits a malicious website for example, which allows the ransomware to exploit a vulnerability and gain complete control of the machine.

At this point, the ransomware silently begins to encrypt critical user files on the local machine and mounted network drives, files like Word documents, PDFs, spreadsheets and more. The ransomware then alerts the user that the files are encrypted and can only be decrypted if a ransom is paid, most often with Bitcoin.

 

Ransomware alert

Ransomware alert
(image via isc.sans.edu)

 

Why is ransomware so successful?

The crime of ransomware is becoming more prevalent because it’s profitable. With relatively little effort, criminals can infect numerous machines and demand ransoms of a few hundred to a few thousand dollars in Bitcoin for each infected machine, and it only takes a percentage of victims to pay for the scam to become profitable.

A new development in ransomware’s growing prevalence was detailed in a recent krebsonsecurity.com article—ransomware targeted at websites. New ransomware found in the wild attempts to compromise websites so it can encrypt critical site files and then place a lone text file on the now non-functioning site with ransom instructions. There are even predictions that ransomware will infect connected medical devices in the near future.

How to prevent ransomware

Protecting critical files from ransomware begins with keeping operating systems and third-party programs up to date. Ransomware begins its malicious journey by exploiting usually well-known vulnerabilities in operating systems and programs. Keeping software up to date is a large impediment to ransomware’s first steps towards exploitation.

Next, make sure all computers have up-to-date antivirus and malware scanners. Similar to keeping software up to date, antivirus and malware scanners are always looking for vulnerabilities to keep ransomware at bay. Backing up critical files is another imperative step in protection. If the worst happens and ransomware successfully encrypts target files, a backup may save the day. Test backups regularly to assure integrity.

Mindfulness of user habits is the final step in preventing ransomware infections: do not click unsolicited or suspicious links in emails and social media messages, only visit reputable websites, and protect sensitive data with benign encryption.

Actions to protect WordPress websites from ransomware include implementing a web application firewall, like SiteLock® TrueShield. SiteLock TrueShield can stop attacks that are the initial vector of ransomware infection, even if a website doesn’t have the latest patches. Also, website scanning for malware externally and at the source level is vital. SiteLock® SMART continuously monitors the source code of a WordPress website, automatically removing malware if it appears and stopping the next step in ransomware’s foothold. Finally, keeping backups of website files off of the hosting server is always important.

For more information on keeping your WordPress website secure, visit the District!